| delorie.com/archives/browse.cgi | search |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sources.redhat.com/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Message-ID: | <002c01c1a23f$ac0f2e80$2801a8c0@DCUTHBERT2K> |
| From: | "Dylan Cuthbert" <dylan AT q-games DOT com> |
| To: | <cygwin AT cygwin DOT com> |
| Subject: | security with the ftp daemon |
| Date: | Mon, 21 Jan 2002 14:51:29 +0900 |
| MIME-Version: | 1.0 |
| X-Priority: | 3 |
| X-MSMail-Priority: | Normal |
| X-Mailer: | Microsoft Outlook Express 6.00.2600.0000 |
| X-MimeOLE: | Produced By Microsoft MimeOLE V6.00.2600.0000 |
Hi there, I've set up the ftp server with inetutils on win2k, but I get a strange security hole. I've set permissions so that only "Administrators" can access the cygwin directories. The home directories are only accessible by their respective users and /bin is Everyone and read-only. However, after setting this up and rebooting the machine once, if I ftp in as a regular user I can access all the administrator priviledge directories (in read/write mode!) with no problem at all. Is this a known problem and is there a way to get it to work securely? Surely the ftp daemon should switch its user to the id of the person logging in? Regards --------------------------------- Q-Games, Dylan Cuthbert. http://www.q-games.com -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |