First, i want to say thanks to all who develope ISPConfig and make it free for all! Second: Sorry for my english! Hi all, i have next problem: After installed on my server ISPConfig (for information i'am not newbie) i'am detect that any user entered to it directory through ftp can delete any files even those whose owner of the root. To resolve this problem i reconfigure and recompile my ProFTPD with next options: - ./configure --sysconfdir=/etc --enable-shadow --enable-auth-pam --enable-facl --disable-ipv6. But it not solve my problem! I was followed this instruction: http://www.howtoforge.com/perfect-server-centos-5.4-x86_64-ispconfig-2. Used next version of software: 1. OS CentOS v5.4 2. ProFTPD v1.3.3 3. ISPConfig v2.2.35 Please who can help, what can i must doing to solve my problem? Thank you in advance
Make sure that you installed your server exactly as decsribed in the tutorial, its not nescessary to recompile proftpd with any other options. Then make sure that you use the exact proftpd configuration that is described in the tutorial, this will ensure that the ftp user can not access files outside of its home directory. On a linux system, a user who owns a directory can always delet all files that are inside this directory, even if this file is owned by the root user. Thats the case on all systems and has nothing to do with ispconfig. You can test this on the shell: 1) create a new linux system user called john 2) craete a directory owned by john. 3) add a file owned by root into this directory. 4) try to delete this file when you are logged in as john, you will see that its possible to delete the file. The reason is that the file is in a directory owned by john. If the directory would be owned by root, john would not be able to delete the file owned by root.
Thank you for answer! I'am exactly follow manual mentioned above. So that's OK, but what worked before, in previous installations, a simple user can't delete files that the owner of root. For example after connect to FTP user in "/var/www/web2/", in the previous installations user can't delete files whose owner is root, but now it can. I thought that may be i doing something wrong ? If you say such behavior is normal, what can you say about my previous installations. Why in the previous installations any user can't delete files in its folder whose owner root ? As i understand that if any user can delete files of root, even in it's directory, this is violates the principle of Discretionary Access Control! Sorry for my english, I hope you understand me Best regards
I'am creat a files of new users with root UID ... I'am create a file in the new user directory with root UID, than login as new user and delete it. Yes any user can delete files of root in the own home directory! Thank you for you time! Thats all ( But my previu.... )
