Secure bug: ProFTPD every FTP user see / (root) directory

krzysztofek · Post by **krzysztofek** » Wed Mar 25, 2015 8:16 am

Hello,
I found an issue. I replaced default FTP server with ProFTPD. I done everything like in Vesta online documentation. Now after login with admin account via ftp client (i have only admin account in my vesta) I am logged into / directory of server and I can see /etc and others directories, not as always to /home/admin. Also when I create another FTP account with specified path, it have access to / directory... For me it's very unsecure. Where I can change it? Or back to Vsftpd?
Best regards, Chris.

Post by **skurudo** » Wed Mar 25, 2015 10:15 am

Hello, Chris.
We talked about this before.

viewtopic.php?f=10&t=7231&p=22959&hilit=sftp#p22959

Temporaly fix is disabling SFTP
In file /etc/rssh.conf disable sftp
#allowsftp

then restart ssh
/etc/init.d/ssh restart

krzysztofek · Post by **krzysztofek** » Wed Mar 25, 2015 1:52 pm

I done the changes but admin still have access to / directory. Nothing change. How safely back to Vsftpd? Install it and reverse commands from documentations?

Post by **skurudo** » Wed Mar 25, 2015 2:41 pm

krzysztofek wrote:I done the changes but admin still have access to / directory. Nothing change. How safely back to Vsftpd? Install it and reverse commands from documentations?

Yep, it should work.

Vesta Control Panel - Forum