Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT sources DOT redhat DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT sources DOT redhat DOT com>
List-Help: <mailto:cygwin-help AT sources DOT redhat DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT sources DOT redhat DOT com
Delivered-To: mailing list cygwin AT sources DOT redhat DOT com
Message-ID: <3BD066EF.A82D0AD5@cportcorp.com>
Date: Fri, 19 Oct 2001 13:46:23 -0400
From: Peter Buckley <peter DOT buckley AT cportcorp DOT com>
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Tony Arnold <tony DOT arnold AT man DOT ac DOT uk>
CC: cygwin AT cygwin DOT com
Subject: Re: Permissions on home dir and ftpd
References: <PNELKPPGPINOHNHFGBKNAELJCDAA DOT tony DOT arnold AT man DOT ac DOT uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Tony Arnold wrote:
> 
> I've been playing around with ftp recently trying to solve a problem and I'm seeing some
> strange behaviour that I could do with some help on.
> 
> I've setup inetutils and inetd is running under UID 18 and is listening for incoming ftp
> connections. An ftp session starts and will accept my username and password but it fails
> to find my home directory unless that directory has execute access for 'others', i.e., I
> need to do chmod o+x dir for ftp to work properly. Without the o+x permission, I get the
> following:
> 
> 230- No directory! Logging in with home=/
> 
> Obviously I would rather not have everyone able to cd to my home directory! The curius
> thing is that neither telnet nor ssh requires this for them to work correctly.

This seems to be the curious part. I have looked a little at the source
for ftpd, and 
it seems that it behaves the same way as rshd in that it tries to cd to
the user's 
home directory (as uid 18, SYSTEM) before it does a setuid. The telnetd
source isn't as 
easy for me to follow, but I thought that telnetd did the same thing,
because when I 
was having a similar problem, rsh gave me the error "No remote
directory" and telnet 
gave me the error "No directory! Logging in with home=/". Both errors
were due to the 
"security" "feature" that rshd and ftpd use, which waits till the last
possible moment 
to do the setuid. But AFAIK, if that were your problem, telnetd should
behave the same 
way as ftpd (and give a simliar error). 

You could try changing the user that inetd runs as, adding the
permissions needed found 
in /usr/doc/cygwin/inetutils-1.3.2.README. 

It might be worth it to reinstall inetutils completely, because it seems
odd to me 
that you don't get a similar error in telnetd, but the source wasn't
right 
there like ftpd (in ftpd.c), and I didn't have time to follow it
further. 

Maybe this should be in the FAQ, this has come up a lot lately. The way
that some of 
these inetutils wait till the last moment to do the setuid seems to
result in a 
lot of questions. I volunteer to write the entry, but I don't fully
understand how 
this is a "security feature". I also don't use SYSTEM to run inetd,
which might not be 
recommended and might impair my objectivity to explain this in
accordance with the 
intended use/behavior.

 
> Is this a known problem? I've seen references to problems with chroot in the mail
> archive but since I'm not clear what chroot does, I'm not sure if it's relevant.

I think the chroot is before the if where you get the "No directory!"
error. I didn't 
think you were logging on as guest? Here is the relevant code:


if (guest) {
/*
 * We MUST do a chdir() after the chroot. Otherwise
 * the old current directory will be accessible as "."
 * outside the new root!
 */
  if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) {
  reply(550, "Can't set guest privileges.");
  goto bad;
  }
} 

else if (chdir(pw->pw_dir) < 0) {
    if (chdir("/") < 0) {
    reply(530, "User %s: can't change directory to %s.",
       pw->pw_name, pw->pw_dir);
       goto bad;
    } else
        lreply(230, "No directory! Logging in with home=/");
  }

if (seteuid((uid_t)pw->pw_uid) < 0) {
reply(550, "Can't set uid.");
goto bad;
}

> For info, I'm running Cygwin 1.3.3 on Windows 2000 SP2 with the latest version of
> inetutils.
> 
> If anyone can shed some light on this I would much appreciate it.
> 
> Regards,
> Tony.
> --
> Tony Arnold, Deputy to the Head of COS Division, Manchester Computing,
> University of Manchester, Oxford Road, Manchester M13 9PL.
> T: +44 (0)161 275 6093, F: +44 (0)870 136 1004, M: +44 (0)773 330 0039
> E-mail: tony DOT arnold AT man DOT ac DOT uk, Home: http://www.man.ac.uk/Tony.Arnold
> 
> --
> Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting:         http://cygwin.com/bugs.html
> Documentation:         http://cygwin.com/docs.html
> FAQ:                   http://cygwin.com/faq/


HTH,
Peter

-- 
Your mouse has moved.
Windows NT must be restarted for the change to take effect.
Reboot now?  [OK]

--

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/