Date: Wed, 06 Aug 2008 13:20:14 -0400 From: Greg Larkin <glarkin@FreeBSD.org> To: John Almberg <jalmberg@identry.com> Cc: freebsd-questions@freebsd.org Subject: Re: Controlling read access Message-ID: <4899DD4E.2080005@FreeBSD.org> In-Reply-To: <578DE0D9-C68B-4D57-93E8-9D517166EA9D@identry.com> References: <26259A11-0CE7-43FB-878C-1A989C1EB006@identry.com> <3A0AA7018522134597ED63B3B794C92A0284D829@STA-HQ-S001.starcomms.local> <E8A4465F-0D48-46F9-A5ED-B56E65BF05EB@identry.com> <3A0AA7018522134597ED63B3B794C92A028ECB61@STA-HQ-S001.starcomms.local> <8722E123-56D1-4CA0-8F57-DB0FB299EBD3@identry.com> <4899CEA9.6030209@FreeBSD.org> <578DE0D9-C68B-4D57-93E8-9D517166EA9D@identry.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Almberg wrote: |> | Now I have just one major league problem: when I logged in as one of |> the |> | users, to test the connections, I discovered that I had SUPER POWERS. I |> | was able to delete any file that I could see, including ones that were |> | owned by root. Digging uncovered the fact that pure-ftpd runs with root |> | privileges... not so good for my situation. |> | |> | My guess is I need to compile with the --with-privsep switch turned |> on... |> | |> | So, finally I have a real FreeBSD question! |> | |> | What is the proper way, in ports, to set a configuration flag? The only |> | way I could figure out was to add it to the Makefile. |> | PRIVSEP "Enable privilege separation" on \ |> | |> | If this is the correct way to turn this compile switch on, it doesn't |> | seem to work. After running: |> | |> | make deinstall |> | make config # checking the privilage separation box |> | make reinstall |> | |> | The logged in user can still delete any file, regardless of permissions |> | or ownership. This is clearly a problem... I don't want my users to be |> | able to blow away their own websites while they are uploading some |> | images. I am still digging for info on this problem. Any thoughts, much |> | appreciated! |> | |> | -- John |> | |> |> Hi John, |> |> Try this sequence instead, and you should be all set: |> |> |> make deinstall |> make clean |> make config (skip this if you've already chosen the options you want) |> make install |> |> The clean target will make sure that your environment is reset back to a |> known state. The install target will then perform a fresh build and |> install with the privsep option enabled. If you already had binaries in |> your port directory, then the reinstall target installs them without |> rebuilding, as far as I can tell from reading /usr/ports/Mk/bsd.port.mk. |> | | Hi Greg, | | I tried your sequence, but it didn't seem to work. Or, perhaps it worked | and the PRIVSEP option doesn't do what I expect it to. Logging in as a | normal user gives that user root privileges. | | This seems pretty scary to me. Not so bad, since the user is locked into | his own directory, but enough power to hurt themselves, which is too | much power, IMHO. My users aren't experts. I can definitely see them | clicking the delete key by accident. | | Back to digging for info... | | Thanks: John | Hi John, After logging into pure-ftpd, even if I type "cd /", I cannot break out of my home directory. Because of the way UNIX permissions work, if root ~ (or any other user) owns a file in my home directory, I can still delete it. If you want to prevent that, you'll have to also use the chflags command to protect file that you don't want to be removed by anyone. On the server (as root): fbsd70# pwd /usr/home/glarkin fbsd70# touch testfile fbsd70# ls -l testfile - -rw-r--r-- 1 root glarkin 0 Aug 6 13:12 testfile fbsd70# ls -lo testfile - -rw-r--r-- 1 root glarkin - 0 Aug 6 13:12 testfile fbsd70# chflags uchg testfile fbsd70# ls -lo testfile - -rw-r--r-- 1 root glarkin uchg 0 Aug 6 13:12 testfile fbsd70# Logged in to FTP as glarkin: ftp> dir testfile 200 PORT command successful 150 Connecting to port 5003 - -rw-r--r-- 1 0 glarkin 0 Aug 6 13:12 testfile 226-Options: -a -l 226 1 matches total ftp> del testfile 550 Could not delete testfile: Operation not permitted ftp> Hope that helps, Greg - -- Greg Larkin http://www.sourcehosting.net/ http://www.FreeBSD.org/ - The Power To Serve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFImd1O0sRouByUApARAhznAJ9/Wy8oued949Z+Zwyhh0n50kFkRACeIlFy suubRJy34OswwZslB4MPPjM= =v+no -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4899DD4E.2080005>