[OpenAFS] anon FTP upload directory ACL
Derek Atkins
warlord@MIT.EDU
01 Jun 2002 14:27:34 -0400
Turbo Fredriksson <turbo@bayour.com> writes:
> ----- s n i p -----
> [papadoc.pts/1]$ fs listacl /afs/bayour.com/public/ftp/incoming
> Access list for /afs/bayour.com/public/ftp/incoming is
> Normal rights:
> system:administrators rlidwka
> system:anyuser iw
> ----- s n i p -----
>
> Then 'anonymous' can DELETE files in incoming! And it's still possible
> to VIEW files (and the directory itself)...
"iw" perms should not permit anyone to delete files. Are you sure
that the ftpd is running without any tokens?
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available