FTP ro/wo/full access

[StefanMNS]

HI,

Testing ftp user modes ( ro, wo, full access ) on Sentora ( Centos7 ) created within my resellers "admin" account.
Proftpd is accepting connections with process started as nobody user, when connection is established seems that he fork with apache user, that seems little strange i guess -->

nobody 8545 0.0 0.4 197000 2264 ? Ss 00:05 0:00 proftpd: (accepting connections)
apache 8558 0.0 0.9 275404 4736 ? S 00:06 0:00 proftpd: novi2 - X.X.X.X IDLE

Then we come to this part, dirs are acctualy created with 777 permissions -->

drwxrwxrwx 2 apache apache 4096 Mar 6 00:07 novi2

Then ro, wo, and full access set through panel are acctualy full access.

I check database and there is a set uid i gid for apache -->

| 4 | novi2 | xxxxxxxxxx | 48 | 48 | /var/sentora/hostdata/admin/novi2

Well this could be the way proftpd handle user permmissions, changing effective uid of forked process into one set in the database. Still 777 permisions on created dirs overrun this.

Can someone comment this observation, i do not exclude the possibility that something is not configured well on my side ?

Regards,
Stefan

[Me.B]

Hi,

1. all user accounts are created under apache and so apache need that permission to run the files, this why mainly proftp will run such permissions.

2. Permission & UID currently don't matter as we jail users in php with openbase_dir mainly.

M B

[StefanMNS]

Dear M B,

if you create new FTP Account let say "testaccount" and set Access type to read-only, you will still get full-access i can use put get and del command as well through ftp client.

What i really need to know what does "Access type" in "Create a new FTP Account" means ?

Regards,
Stefan

[StefanMNS]

Sorry i overlooked this in docs.

- Select access type : Full access (!WARNING! for Linux versions, until it will be handled, full access is used regardless of choice made here)

Regards,
Stefan

[Me.B]

ok fine