|
Titel: CHMOD Beitrag von: timtak am 11. Februar 2004, 13:03:56 Dear Proftpd users I have Proftpd running on inetd on Redhat 9. I am sorry I do not know the version of Proftpd that I am using.
I am trying to chmod on my system but it always says Zitat >SITE CHMOD 646 info.cgi 550 filename.cgi: Operation not permitted I have tried various methonds of allowing chmod such as Zitat <Limit SITE_CHMOD> Order allow,deny Allow from all </Limit> http://staff.ichihime.jp/~tana/doc/proftpd.html Zitat <Limit SITE_CHMOD> AllowUser myusername DenyAll </Limit> Zitat <Limit SITE_CHMOD> AllowAll </Limit> and I also tried putting the above inside <GLOBAL></GLOBAL> I also tried the below, which prevented me from logging in. Zitat <Global> AllowChmod on </Global> Because, I presume, my version of FTPD is too new to support it. My guess is that perhaps the user that I am logging in as does not have permission to chmod as a result of a linux setting. I do not have command line access so I cannot change things now. Okay, so how about if I log in as root? I have tried to do that, using Zitat <GLOBAL> RootLogin on </GLOBAL> But I cannot log in using root. I am always told that the password is incorrect. Has someone H4cked my server and changed the root password? I hope not. That does not seem to be the case since I can still log into webmin over the internet now, and to my redhat box when I am sitting in front of it. Titel: Re: CHMOD Beitrag von: stonki am 11. Februar 2004, 13:45:03 would you please post your config ?
Titel: here it is Beitrag von: timtak am 11. Februar 2004, 15:41:12 Thanks!
Here it is. And very poor it is too. Zitat ServerName "arf" ServerType inetd DefaultServer on Port 21 ServerIdent on "Welcome to my web server. Now that you have hacked me, I beg you please do not crack me. I am just an poor English teacher. This server holds the courses and homework of my students. Please send me a mail to my portable phone if you have reached here and perhaps we can come to some arrangement. My mobile phone mail address is foo@bar.com." <Limit SITE_CHMOD> # AllowUser myusername >> This did not seem to work. Very strange AllowAll # DenyAll </Limit> # tried this too. No go. # <Limit SITE_CHMOD> # Order allow,deny # Allow from all # </Limit> <Global> # This did not work # AllowChmod is depreciated and I should use SITE_CHMOD # AllowChmod on >> This should be correct I guess this command is dead. RootLogin off </Global> UseReverseDNS off IdentLookups off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 Maxinstances 4 # Set the user and group that the server normally runs at. User nobody Group nobody ExtendedLog /var/log/foo.log <Directory /*> AllowOverwrite on </Directory> <Anonymous ~ftp> <Limit LOGIN> DenyAll </Limit LOGIN> </Anonymous> By the way, if you have any suggestions about the above config, to make it more secure, please please tell me. Tim Titel: Re: here it is Beitrag von: stonki am 11. Februar 2004, 16:55:28 Please try:
Code: ServerType inetd DefaultServer on Port 21 ServerIdent on "Welcome to my web server. Now that you have hacked me, I beg you please do not crack me. I am just an poor English teacher. This server holds the courses and homework of my students. Please send me a mail to my portable phone if you have reached here and perhaps we can come to some arrangement. My mobile phone mail address is foo@bar.com." RootLogin off UseReverseDNS off IdentLookups off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 Maxinstances 4 # Set the user and group that the server normally runs at. User nobody Group nobody ExtendedLog /var/log/foo.log <Directory /*> <Limit SITE_CHMOD> AllowAll </Limit> AllowOverwrite on </Directory> Titel: Sadly not. Could this be a LINUX settign problem? Beitrag von: timtak am 12. Februar 2004, 08:27:11 Thanks, but I tried that and it did not work. If you look at the entry for "limit" in the
documentation (http://proftpd.linux.co.uk/docs/directives/linked/config_ref_Limit.html), it says that the context can be "server config, <VirtualHost>, <Directory>, <Anonymous>, <Global>, .ftpaccess." Since there is "server config" then I think that means that <Limit></Limit> does not need to be inside anything. Perhaps this is a linux setting problem, in that "myuser" cannot chmod because it is not "root"? It seems I must be doing something at a higher level to prevent CHMOD. To test this idea I try to login as root but I cannot. Any idea why I can't log in as root, even when I do "Rootlogin on"? It keeps asking for the password, as if I have the password wrong. Have I been hacked already? |