This is the mail archive of the
mailing list for the Cygwin project.
Re: security with the ftp daemon
Thanks, you were right, I regenerated the groups file and it returned to
being secure again - it seems a bit dangerous to default to admins group,
maybe better if it defaults to guest or something along those lines?
Q-Games, Dylan Cuthbert.
----- Original Message -----
From: "Corinna Vinschen" <firstname.lastname@example.org>
Sent: Monday, January 21, 2002 6:39 PM
Subject: Re: security with the ftp daemon
> On Mon, Jan 21, 2002 at 02:51:29PM +0900, Dylan Cuthbert wrote:
> > Hi there,
> > I've set up the ftp server with inetutils on win2k, but I get a strange
> > security hole.
> > I've set permissions so that only "Administrators" can access the cygwin
> > directories. The home directories are only accessible by their
> > users and /bin is Everyone and read-only.
> > However, after setting this up and rebooting the machine once, if I ftp
> > as a regular user I can access all the administrator priviledge
> > (in read/write mode!) with no problem at all. Is this a known problem
> > is there a way to get it to work securely? Surely the ftp daemon should
> > switch its user to the id of the person logging in?
> Check if your /etc/group is setup correctly. If the group of
> the user doesn't exist, setgid() falls back to the admins group
> Corinna Vinschen Please, send mails regarding Cygwin to
> Cygwin Developer mailto:email@example.com
> Red Hat, Inc.
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html