This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: security with the ftp daemon

Thanks, you were right, I regenerated the groups file and it returned to
being secure again - it seems a bit dangerous to default to admins group,
maybe better if it defaults to guest or something along those lines?


Q-Games, Dylan Cuthbert.

----- Original Message -----
From: "Corinna Vinschen" <>
To: <>
Sent: Monday, January 21, 2002 6:39 PM
Subject: Re: security with the ftp daemon

> On Mon, Jan 21, 2002 at 02:51:29PM +0900, Dylan Cuthbert wrote:
> > Hi there,
> >
> > I've set up the ftp server with inetutils on win2k, but I get a strange
> > security hole.
> >
> > I've set permissions so that only "Administrators" can access the cygwin
> > directories.  The home directories are only accessible by their
> > users and /bin is Everyone and read-only.
> >
> > However, after setting this up and rebooting the machine once, if I ftp
> > as a regular user I can access all the administrator priviledge
> > (in read/write mode!) with no problem at all.  Is this a known problem
> > is there a way to get it to work securely?  Surely the ftp daemon should
> > switch its user to the id of the person logging in?
> Check if your /etc/group is setup correctly.  If the group of
> the user doesn't exist,  setgid() falls back to the admins group
> currently.
> --
> Corinna Vinschen                  Please, send mails regarding Cygwin to
> Cygwin Developer                      
> Red Hat, Inc.
> --
> Unsubscribe info:
> Bug reporting:
> Documentation:
> FAQ:         

Unsubscribe info:
Bug reporting:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]