This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security with the ftp daemon

On Mon, Jan 21, 2002 at 02:51:29PM +0900, Dylan Cuthbert wrote:
> Hi there,
> I've set up the ftp server with inetutils on win2k, but I get a strange
> security hole.
> I've set permissions so that only "Administrators" can access the cygwin
> directories.  The home directories are only accessible by their respective
> users and /bin is Everyone and read-only.
> However, after setting this up and rebooting the machine once, if I ftp in
> as a regular user I can access all the administrator priviledge directories
> (in read/write mode!) with no problem at all.  Is this a known problem and
> is there a way to get it to work securely?  Surely the ftp daemon should
> switch its user to the id of the person logging in?

Check if your /etc/group is setup correctly.  If the group of
the user doesn't exist,  setgid() falls back to the admins group

Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]