Kai Schaetzl wrote:
> FTP users can delete files in their home directory they don't possess
> (including files belonging to root:root!) with vsftpd. I have reproduced
> that with vsftpd 1.1 on Suse and 2.0 on CentOS.
> I don't think this should happen at all. I can't see that the
> documentation at http://vsftpd.beasts.org/vsftpd_conf.html mentions this
> problem at all.
> How can I stop this?
This sounds like a Unix feature, not a bug. If the user has write
rights to the directory, he can delete anything in the directory no
matter who owns the file.
# cd /home/myuser
# touch test
# chmod 400 test
# su - myuser
$ ll test
-r-------- 1 root root 0 May 16 16:58 test
$ rm test
rm: remove write-protected regular empty file `test'? y
$ ll test
ls: test: No such file or directory
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.centos.org/pipermail/centos/attachments/20060516/e991c848/smime.bin
