DSM-G600, DNS-3xx and NSA-220 Hack Forum
Unfortunately no one can be told what fun_plug is - you have to see it for yourself.
You are not logged in.
Announcement
IRC Channel #funplug on irc.freenode.org
#1 2008-06-26 17:15:15
- deas
- Member
- Registered: 2008-06-26
- Posts: 5
pure-ftpd and security (move up folder chain)
Hi,
First of all, thanks for a great forum!
I'm a new owner of a DNS-323 and have used the instructions on how to enable FTP behind a router by following the instructions found here:
http://dns323.kood.org/howto:open_ports_ftpd
I have added the following line to my fun_plug (modified with the correct IP-address of course)
pure-ftpd -P <your_public_ip_address> -p 65501:65510 -S ,21 -B -C 3 -I 2 -E -T 100:100
The FTP works fine, but when I add a user via the admin user interface and set that user to for example the path Volume_1/FTP/Users/NewUser, the user can step up from that folder to all other folders (like Volume_1/ReallyPrivateStuff), even up to the root above Volume_1. Have I missed some crucial configuration parameter?
Thanks
Deas
Offline
#2 2008-06-26 22:30:57
- deas
- Member
- Registered: 2008-06-26
- Posts: 5
Re: pure-ftpd and security (move up folder chain)
Found it. -A sets chroot to all users but, root. That is, all users gets their login folder as root folder.
Nothing to see here. Move along.
Offline