From owner-freebsd-security Fri Dec 22 12:52: 8 2000 From owner-freebsd-security@FreeBSD.ORG Fri Dec 22 12:52:04 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from ajax1.sovam.com (ajax1.sovam.com [194.67.1.172]) by hub.freebsd.org (Postfix) with ESMTP id 3512937B400 for ; Fri, 22 Dec 2000 12:51:59 -0800 (PST) Received: from ppp-81-131.dial.sovam.com ([194.154.81.131]:3096 "EHLO ppp-81-131.dial.sovam.com" ident: "NO-IDENT-SERVICE[2]" whoson: "-unregistered-" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax1.sovam.com with ESMTP id ; Fri, 22 Dec 2000 23:39:12 +0300 Date: Fri, 22 Dec 2000 23:38:44 +0300 From: "Vladimir I. Kulakov" X-Mailer: The Bat! (v1.47 Halloween Edition) Reply-To: "Vladimir I. Kulakov" Organization: Kudesniki JSC X-Priority: 3 (Normal) Message-ID: <197131056708.20001222233844@kudesniki.ru> To: "Hudson, Henrik H." Cc: "'security@freebsd.org'" Subject: Re[2]: Directory invisible by FTP? In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Henrik, Friday, December 22, 2000, 6:31:47 PM, you wrote: HHH> Are you using the default BSD ftp daemon? Yes. HHH> I believe the issue is that when HHH> you chroot a user, the daemon roots them before getting the path to a shell. HHH> 3 ways around this: But for all other users the same configuration works fine. I did't change anything ! It seems the problem is in the www directory itself... HHH> 1) Use a FTP daemon which doesn't do this in a rooted environment (ProFTPD HHH> is one) Sorry, I don't trust non standard ports (remember WU-Ftpd?) HHH> 2) Create a root owned /etc and /bin directory inside the users directory. Yes, I have /home/user/bin with 'ls' in it. Moreover, I can see all other dirs in /home/user via FTP exept the dir 'www'. BTW, all these dirs have the same owners and access rights as 'www' ! HHH> Place a copy of 'ls' in the bin and a then copy the passwd and group files HHH> into your new /etc directory. Edit the passwd and group files to only HHH> include root (wheel) and the user you want. Remove any references to HHH> passwords. The passwd and group files are only necessary if you want to be HHH> able to see usernames instead of UID and GIDS when people view their HHH> directory. Ok. I did so, but the problem's still there :( Can it be caused by some kind of sticky bit, which I heard can be applied to directory? I tried to change these bits but with no effect :( HHH> 3) Go home, have a christmas cake and not worry about it ;) Thanks ;) but I can't be happy, if I didn't solve this problem ;) HHH> Hello, HHH> How can you explain the following situation. Some directory in HHH> user's home, let's say /home/user/www is not visible by ftp, HHH> but visible in my root shell... All other files and directories in HHH> /home/user/ with the same access rights visible very vell in both HHH> shell and ftp... When you make cd www in ftp, you can see all HHH> contents of www, but www itself is still invisible :( HHH> The user has 'ftpchroot' for his home directory and /bin/false HHH> if master.passwd. All other users with the same configuration HHH> can see all directories very vell... HHH> I already tryed all possible reasons, but nothing helps :( -- Best regards, Vladimir mailto:kulakov@kudesniki.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message