The Problem

When i first discovered this, my world shattered for a couple of hours. Ive been working with Unix & Linux for more than 15 years and my brain was firmly wired with the notion that “A file owned by root, cannot be touched by any other user” (unless, of course, the user is giving explicit permissions to do so via chmod 777 or the likes).

So when i discovered that a file, owned by root, with nothing but read permissions, had been deleted by an FTP user, i started hunting for exploits in the FTP daemon. In this case it was vsftpd.

I quickly saw in the source code of vsftpd, that all it did was leave the permission decision up to the filesystem/linux kernel. So i started googling. Apparently i wasn’t the only one with this issue and i found posts relating to ProFTPD as well. And the answer was almost always “thats just the way it is, get used to it” without the actual explanation.

So is this an FTP server issue? A lot of answers i found on the net would suggest yes. But actually this is not true. And actually its not even a bug.

Heres a test that may surprise a lot of people (it sure surprised me):

As root:

$ touch /home/user/testfile $ chmod 000 /home/user/testfile $ exit

(back as normal user)

$ rm /home/user/testfile rm: remove write-protected regular empty file `testfile'? y $ ls /home/user/testfile ls: /home/user/testfile : No such file or directory

The file is successfully deleted. Whoa.. Brainfreeze!.

Let me explain in detail and then give you a “fix”.

Read the rest of this entry »

  - Dan