Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Anonymous ftp can't delete or rename - 5.0.6a

0 views
Skip to first unread message

Flemming Haurum

unread,
Jan 21, 2003, 8:31:26 AM1/21/03
to
Hi group,

I have a problem with an OpenServer 5.0.6a where the anonymous user are able
to dir, put and get but can't delete or rename files.

The ftp server reports code 553: Permission denied on server.

I strongly believe that I have followed the instructions in 'man ftpd' on
how to configure anonymous ftp access. Furthermore I have a server running
5.0.6 (no A) and with that one there is no problems with anonymous ftp. So
in my mind the ftp server has been changed in version 5.0.6a and not to the
better.

Even though 'delete yes all' in /etc/ftpaccess should be default behaviour I
have added that line, but that did not change anything.

I have put a snip to show exactly what is happening.

Just to make sure that the file I am going to upload is non existing:
ftp> dir errorlog.txt
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.

Upload file to the ftp server, Success:
ftp> put errorlog.txt
200 PORT command successful.
150 Opening BINARY mode data connection for errorlog.txt.
226 Transfer complete.
ftp: 436 bytes sent in 0,00Seconds 436000,00Kbytes/sec.

Download file from ftp server, Success:
ftp> get errorlog.txt
200 PORT command successful.
150 Opening BINARY mode data connection for errorlog.txt (436 bytes).
226 Transfer complete.
ftp: 436 bytes received in 0,00Seconds 436000,00Kbytes/sec.

Delete file that I previously has uploaded, Failure:
ftp> del errorlog.txt
553 errorlog.txt: Permission denied on server. (Delete)

Rename file that I previously has uploaded, Failure:
ftp> ren errorlog.txt help.txt
350 File exists, ready for destination name
553 errorlog.txt: Permission denied on server. (rename)

I can list the file via ftp:
ftp> dir errorlog.txt
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
-rw-r--r-- 1 ftp 436 Jan 21 14:15 errorlog.txt
226 Transfer complete.
ftp: 59 bytes received in 0,00Seconds 59000,00Kbytes/sec.

When I type ls -al errorlog.txt the file should have sufficient rights:
-rw-r--r-- 1 ftp ftp 436 Jan 21 14:15 errorlog.txt

Hmm, what is wrong?

Look forward to hear from you
Best regards
Flemming


Flemming Haurum

unread,
Jan 21, 2003, 9:52:51 AM1/21/03
to
Hi group,

I have found the cure.

I would say one error and one changed behaviour. SCO should be informed
about this.

The ftpd line in /etc/inetd.conf must have the option -a appended. Even
though the man page for ftpd says that -a is default behaviour, it is not
true.

The /etc/ftpaccess file must have an entry specifying the users that can
delete files. Syntax: "delete yes class=all". This syntax is not obvious as
the sample /etc/ftpaccess file contains lines saying, "tar yes all" and
"compress yes all". A consistent syntax should be that all class references
should be prefixed by "class=" or none should be prefixed. But not a mix of
syntax.

Best regards
Flemming

"Flemming Haurum" <f...@lyngso-industri.dk> wrote in message
news:3e2d4baf$0$221$4d4e...@news.dk.uu.net...

Bill Campbell

unread,
Jan 21, 2003, 4:33:17 PM1/21/03
to Sco Mailing List
On Tue, Jan 21, 2003 at 03:52:51PM +0100, Flemming Haurum wrote:
>Hi group,
>
>I have found the cure.
>
>I would say one error and one changed behaviour. SCO should be informed
>about this.
>
>The ftpd line in /etc/inetd.conf must have the option -a appended. Even
>though the man page for ftpd says that -a is default behaviour, it is not
>true.
>
>The /etc/ftpaccess file must have an entry specifying the users that can
>delete files. Syntax: "delete yes class=all". This syntax is not obvious as
>the sample /etc/ftpaccess file contains lines saying, "tar yes all" and
>"compress yes all". A consistent syntax should be that all class references
>should be prefixed by "class=" or none should be prefixed. But not a mix of
>syntax.

Be _VERY_ careful what you do here. Turning off these features leaves your
anonymous ftp server open to abuse by people who will find it and use it as
a drop point for copyrighted or illegal software. Don't think this won't
happen to you! We see several hundred probes every day at our servers
here, and at our customer's sites where people are looking for open sites.

A properly configured anonymous ftp server will automatically make any
uploaded files unreadable and unchangeable by anonymous ftp users, sending
an e-mail message to the administrator so they can move the files to an
appropriate place with appropriate permissions.

Bill
--
INTERNET: bi...@Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

The pinnacle of open systems is: when moving from vendor to vendor, the
design flaws stay the same.

Scott McMillan

unread,
Jan 22, 2003, 11:11:30 PM1/22/03
to

Actually, SCO is already aware of alot of this:
http://stage.caldera.com/cgi-bin/ssl_reference?117657

I agree, and I don't have any release notes in front of me to verify
whether they alerted us to this or not, that the major changes in the
ftpd processing should be well documented. Particularly the -a option
in the inetd.conf file.

I remember in 5.0.0 SCO changed the default behavior of tar's
traversing of directories/links. We poured over the release notes, and
could find nothing in them to let us know of these changes. We got
the information when we called the support folks.

Sometimes I actually miss the old 3.2v4.2 days.

Scott McMillan

0 new messages