Permissions on home dir and ftpd
Peter Buckley
peter.buckley@cportcorp.com
Fri Oct 19 10:46:00 GMT 2001
Tony Arnold wrote:
>
> I've been playing around with ftp recently trying to solve a problem and I'm seeing some
> strange behaviour that I could do with some help on.
>
> I've setup inetutils and inetd is running under UID 18 and is listening for incoming ftp
> connections. An ftp session starts and will accept my username and password but it fails
> to find my home directory unless that directory has execute access for 'others', i.e., I
> need to do chmod o+x dir for ftp to work properly. Without the o+x permission, I get the
> following:
>
> 230- No directory! Logging in with home=/
>
> Obviously I would rather not have everyone able to cd to my home directory! The curius
> thing is that neither telnet nor ssh requires this for them to work correctly.
This seems to be the curious part. I have looked a little at the source
for ftpd, and
it seems that it behaves the same way as rshd in that it tries to cd to
the user's
home directory (as uid 18, SYSTEM) before it does a setuid. The telnetd
source isn't as
easy for me to follow, but I thought that telnetd did the same thing,
because when I
was having a similar problem, rsh gave me the error "No remote
directory" and telnet
gave me the error "No directory! Logging in with home=/". Both errors
were due to the
"security" "feature" that rshd and ftpd use, which waits till the last
possible moment
to do the setuid. But AFAIK, if that were your problem, telnetd should
behave the same
way as ftpd (and give a simliar error).
You could try changing the user that inetd runs as, adding the
permissions needed found
in /usr/doc/cygwin/inetutils-1.3.2.README.
It might be worth it to reinstall inetutils completely, because it seems
odd to me
that you don't get a similar error in telnetd, but the source wasn't
right
there like ftpd (in ftpd.c), and I didn't have time to follow it
further.
Maybe this should be in the FAQ, this has come up a lot lately. The way
that some of
these inetutils wait till the last moment to do the setuid seems to
result in a
lot of questions. I volunteer to write the entry, but I don't fully
understand how
this is a "security feature". I also don't use SYSTEM to run inetd,
which might not be
recommended and might impair my objectivity to explain this in
accordance with the
intended use/behavior.
> Is this a known problem? I've seen references to problems with chroot in the mail
> archive but since I'm not clear what chroot does, I'm not sure if it's relevant.
I think the chroot is before the if where you get the "No directory!"
error. I didn't
think you were logging on as guest? Here is the relevant code:
if (guest) {
/*
* We MUST do a chdir() after the chroot. Otherwise
* the old current directory will be accessible as "."
* outside the new root!
*/
if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
reply(550, "Can't set guest privileges.");
goto bad;
}
}
else if (chdir(pw->pw_dir) < 0) {
if (chdir("/") < 0) {
reply(530, "User %s: can't change directory to %s.",
pw->pw_name, pw->pw_dir);
goto bad;
} else
lreply(230, "No directory! Logging in with home=/");
}
if (seteuid((uid_t)pw->pw_uid) < 0) {
reply(550, "Can't set uid.");
goto bad;
}
> For info, I'm running Cygwin 1.3.3 on Windows 2000 SP2 with the latest version of
> inetutils.
>
> If anyone can shed some light on this I would much appreciate it.
>
> Regards,
> Tony.
> --
> Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,
> University of Manchester, Oxford Road, Manchester M13 9PL.
> T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> E-mail: tony.arnold@man.ac.uk, Home: http://www.man.ac.uk/Tony.Arnold
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
HTH,
Peter
--
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now? [OK]
--
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list