pure-ftpd issues (KeepAllFiles and NoRename only for some users)

From: Davide DG (davidedgspam_at_fastwebnet.it)
Date: 06/27/05

  • Next message: Michael Heiming: "Re: Windows network with a Linux server" 
    Date: Mon, 27 Jun 2005 17:52:25 GMT

    hi everybody,

    I'm trying to implement this kind of ftp service:

    a) /srv/ftproot contains the root of the hosted ftp files

    b) subdirs of /srv/ftproot are the home directories of my users.

    c) ordinary users can login and they will be chrooted in their
    respective (/srv/ftproot/<homedir>/)

    d) once a file is uploaded, it can't be renamed/deleted, nor can other
    files.

    d) "Administrators" must be able to login and see all the /srv/ftproot/

    e) "Administrators" must have full privileges (delete, rename, etc.).

    -> I am trying with PureFTPd, and I can satisfy every point, EXCEPT e)

    I set up pureftpd with mysql, the relevant options I'm using are:
    -A (ChrootEveryone)
    -K (KeepAllFiles)
    -G (NoRename (disallow_rename in the code))

    Now I am stuck... because there seem to be no option to differentiate
    one user from another, regarding the -K and the -G switches.

    I think I should try using "-a" instead of "-A", and make administrators
    members of the trusted group.... but I don't know exactly how to cope
    with this.

    Another "quick and dirty" option is to patch the source code (ftpd.c),
    and selectively disable the "disallow_rename" and the "keepallfiles"
    variables (put them to 0), if the user has a (new) flag like
    "userisadmin".

    Other options? Maybe switch to ProFtpd, which seems to support more
    Apache-like ACLs (.ftpaccess files) ?

    Please please please post some hints :) I'm pretty much stuck :(

    Thanks in advance :) 

    -- 
Davide DG.
  • Next message: Michael Heiming: "Re: Windows network with a Linux server"

    Relevant Pages

    • Re: priviledge escalation techniques
      ... you've all the tools you need, and you can install additional ones (to ... If I press that BEFORE login, a CLI as SYSTEM is started, I can launch ... If the network is switched, perhaps you need an ARP poisoning tool. ... switches) in such a way that you can fool an ARP poisoning attempt. ...
      (Pen-Test)
    • RE: Password never set - locked out of Windows XP Home
      ... Ran fixboot last night, and although the system said it had fixed the boot ... I am still stuck in the redundant loop of getting to a pop-up login ... only to not have it shutdown but instead pop back up with the same login box. ... my Windows XP Home system worked great. ...
      (microsoft.public.windowsxp.accessibility)
    • Re: Login to SBS takes 30 minutes - 1 hour
      ... an image of the projects I'd burned in my profile, ... Anyways today on of my clients is attempting to log in and gets stuck at ... login, all logins after that took no time at all. ... Really frustrating with a client that just sits there and there is no way ...
      (microsoft.public.windows.server.sbs)
    • Re: 10 pt relay stuck on need help
      ... and you've checked for points stuck closed on the ... The ten point relay is stuck on ... If I unplug the playfield the 10 pt relay does not ... switches and the slingshot kickers, the pop bumpers and the related switches ...
      (rec.games.pinball)
    • Re: Are there some people who shouldnt touch a pinball machine??
      ... i was seriouslly thinking about it, i had already paypal'd the money ... so i am stuck with it. ... i probablly could sell the boards for a good ... so thick that when the switches did open, there was a film of ...
      (rec.games.pinball)