Vesta Control Panel - Forum

Community Forum
http://forum.vestacp.com/

Secure bug: ProFTPD every FTP user see / (root) directory

http://forum.vestacp.com/viewtopic.php?f=11&t=7406

Page 1 of 1

Secure bug: ProFTPD every FTP user see / (root) directory

Posted: Wed Mar 25, 2015 8:16 am
by krzysztofek
Hello,
I found an issue. I replaced default FTP server with ProFTPD. I done everything like in Vesta online documentation. Now after login with admin account via ftp client (i have only admin account in my vesta) I am logged into / directory of server and I can see /etc and others directories, not as always to /home/admin. Also when I create another FTP account with specified path, it have access to / directory... For me it's very unsecure. Where I can change it? Or back to Vsftpd?
Best regards, Chris.

Re: Secure bug: ProFTPD every FTP user see / (root) director

Posted: Wed Mar 25, 2015 10:15 am
by skurudo
Hello, Chris.
We talked about this before.

viewtopic.php?f=10&t=7231&p=22959&hilit=sftp#p22959
Temporaly fix is disabling SFTP
In file /etc/rssh.conf disable sftp
#allowsftp

then restart ssh
/etc/init.d/ssh restart

Re: Secure bug: ProFTPD every FTP user see / (root) director

Posted: Wed Mar 25, 2015 1:52 pm
by krzysztofek
I done the changes but admin still have access to / directory. Nothing change. How safely back to Vsftpd? Install it and reverse commands from documentations?

Re: Secure bug: ProFTPD every FTP user see / (root) director

Posted: Wed Mar 25, 2015 2:41 pm
by skurudo
krzysztofek wrote:I done the changes but admin still have access to / directory. Nothing change. How safely back to Vsftpd? Install it and reverse commands from documentations?
Yep, it should work.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/