www.ProFTPD.de
13. März 2007, 18:32:15 *
Willkommen Gast. Bitte einloggen oder registrieren.
Haben Sie Ihre Aktivierungs E-Mail übersehen?

Einloggen mit Benutzername, Passwort und Sitzungslänge
News: SMF - Neu installiert!
 
   Übersicht   Hilfe Suche Login Registrieren  
Seiten: [1]   Nach unten
  Drucken  
Autor Thema: CHMOD  (Gelesen 1635 mal)
0 Mitglieder und 1 Gast betrachten dieses Thema.
timtak
ProFTPD
*
Offline Offline

Beiträge: 3



Profil anzeigen
« am: 11. Februar 2004, 13:03:56 »

Dear Proftpd users I have Proftpd running on inetd on Redhat 9. I am sorry I do not know the version of Proftpd that I am using.

I am trying to chmod on my system but it always says

Zitat
>SITE CHMOD 646 info.cgi
550 filename.cgi: Operation not permitted


I have tried various methonds of allowing chmod such as

Zitat
<Limit SITE_CHMOD>
Order allow,deny
Allow from all
</Limit>

http://staff.ichihime.jp/~tana/doc/proftpd.html

Zitat
<Limit SITE_CHMOD>
AllowUser myusername
DenyAll
</Limit>


Zitat
<Limit SITE_CHMOD>
AllowAll
</Limit>


and I also tried putting the above inside <GLOBAL></GLOBAL>

I also tried the below, which prevented me from logging in.
Zitat
<Global>
AllowChmod  on
</Global>

Because, I presume, my version of FTPD is too new to support it.

My guess is that perhaps the user that I am logging in as does not have permission to chmod as a result of a linux setting. I do not have command line access so I cannot change things now.

Okay, so how about if I log in as root? I have tried to do that, using

Zitat
<GLOBAL>
RootLogin on
</GLOBAL>


But I cannot log in using root. I am always told that the password is incorrect.

Has someone H4cked my server and changed the root password? I hope not. That does not seem to be the case since I can still log into webmin over the internet now, and to my redhat box when I am sitting in front of it.
Gespeichert
stonki
Administrator
ProFTPD
*****
Offline Offline

Beiträge: 1853


15318939
Profil anzeigen WWW E-Mail
« Antwort #1 am: 11. Februar 2004, 13:45:03 »

would you please post your config ?
Gespeichert

www.stonki.de:    the more I see, the more I know.......
www.proftpd.de:   Deutsche ProFTPD Dokumentation
www.krename.net:  Der Batch Renamer für KDE
www.kbarcode.net: Die Barcode Solution für KDE
timtak
ProFTPD
*
Offline Offline

Beiträge: 3



Profil anzeigen
« Antwort #2 am: 11. Februar 2004, 15:41:12 »

Thanks!

Here it is. And very poor it is too.

Zitat
ServerName "arf"
ServerType inetd
DefaultServer on
Port 21
ServerIdent on "Welcome to my web server. Now that you have hacked me, I beg you please do not crack me. I am just an poor English teacher. This server holds the courses and homework of my students. Please send me a mail to my portable phone if you have reached here and perhaps we can come to some arrangement. My mobile phone mail address is foo@bar.com."

<Limit SITE_CHMOD>
   # AllowUser myusername >> This did not seem to work. Very strange
      AllowAll
   # DenyAll
</Limit>

   # tried this too. No go.
   # <Limit SITE_CHMOD>
   # Order allow,deny
   # Allow from all
   # </Limit>

<Global>
# This did not work
# AllowChmod is depreciated and I should use SITE_CHMOD
# AllowChmod  on >> This should be correct I guess this command is dead.
RootLogin off
</Global>


UseReverseDNS off
IdentLookups off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

Maxinstances 4

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nobody


ExtendedLog /var/log/foo.log

<Directory /*>
AllowOverwrite on
</Directory>

<Anonymous ~ftp>
 <Limit LOGIN>
  DenyAll
 </Limit LOGIN>
</Anonymous>


By the way, if you have any suggestions about the above config, to make it more secure, please please tell me.
Tim
Gespeichert
stonki
Administrator
ProFTPD
*****
Offline Offline

Beiträge: 1853


15318939
Profil anzeigen WWW E-Mail
« Antwort #3 am: 11. Februar 2004, 16:55:28 »

Please try:
Code:

ServerType inetd
DefaultServer on
Port 21
ServerIdent on "Welcome to my web server. Now that you have hacked me, I beg you please do not crack me. I am just an poor English teacher. This server holds the courses and homework of my students. Please send me a mail to my portable phone if you have reached here and perhaps we can come to some arrangement. My mobile phone mail address is foo@bar.com."

RootLogin off
UseReverseDNS off
IdentLookups off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

Maxinstances 4

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nobody


ExtendedLog /var/log/foo.log

<Directory /*>
  <Limit SITE_CHMOD>
   AllowAll
   </Limit>
AllowOverwrite on
</Directory>

Gespeichert

www.stonki.de:    the more I see, the more I know.......
www.proftpd.de:   Deutsche ProFTPD Dokumentation
www.krename.net:  Der Batch Renamer für KDE
www.kbarcode.net: Die Barcode Solution für KDE
timtak
ProFTPD
*
Offline Offline

Beiträge: 3



Profil anzeigen
« Antwort #4 am: 12. Februar 2004, 08:27:11 »

Thanks, but I tried that and it did not work. If you look at the entry for "limit" in the
documentation, it says that the context can be
"server config, <VirtualHost>, <Directory>, <Anonymous>, <Global>, .ftpaccess."

Since there is "server config" then I think that means that <Limit></Limit> does not need to be inside anything.  


Perhaps this is a linux setting problem, in that "myuser" cannot chmod because it is not "root"?

It seems I must be doing something at a higher level to prevent CHMOD.

To test this idea I try to login as root but I cannot. Any idea why I can't log in as root, even when I do "Rootlogin on"? It keeps asking for the password, as if I have the password wrong.

Have I been hacked already?
Gespeichert
Seiten: [1]   Nach oben
  Drucken  
 
Gehe zu:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Prüfe XHTML 1.0 Prüfe CSS
Seite erstellt in 0.057 Sekunden mit 18 Zugriffen.