Bug 23745 - denying delete and overwrite on guest users has no usefull use IMHO
denying delete and overwrite on guest users has no usefull use IMHO
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
7.1
All Linux
low Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-10 17:26 EST by Arenas Belon, Carlo Marcelo
Modified: 2007-03-26 23:39 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-10 17:26:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Arenas Belon, Carlo Marcelo 2001-01-10 17:26:14 EST
after setting /etc/ftpaccess for guest use i found that the defaults are
really disturbing, because there is no way to delete or overwrite any file
even if owned for the guest users id as explained on :

  delete     no guest,anonymous
  overwrite no guest,anonymous

i think that setting a chroot home for a user explicitally changing its
home with something like /home/foo/./ should make it to delete and
overwrite files on its own directory (great for virtualhosts)

it should be just :
 
   delete     no anonymous
   overwrite no anonymous

IMHO and seems secure enough
Comment 1 Bernhard Rosenkraenzer 2001-01-12 08:05:10 EST
The use of this is for situations like ibiblio.org was a couple of years ago,
where you could log in as anonymous for download, or as "upload" (=guest user)
for getting write access to /pub/Incoming, where all files are automatically
chowned to ftp:ftp.

I agree that the other use is *far* more common and useful though, changed.

Note You need to log in before you can comment on or make changes to this bug.