Bug 1616

Summary: root owned empty subdirs are deletable by chroot users
Product: Portable OpenSSH Reporter: Giulio Di Giuliomaria <giulius>
Component: sftp-serverAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: normal CC: t8m
Priority: P2    
Version: 5.2p1   
Hardware: Other   
OS: Linux   

Description Giulio Di Giuliomaria 2009-07-01 06:46:06 AEST
Successfully created a chroot sftp user and his structure:

nomad:~# grep prova /etc/passwd
prova:x:1000:107:,,,:/:/bin/false

nomad:~# grep ftponly /etc/group
sftponly:x:107:

nomad:~# less /usr/local/test_openssh/etc/sshd_config
...
Subsystem sftp internal-sftp
Match User prova
  ForceCommand internal-sftp
  ChrootDirectory /siuvar/chroots/prova/
  AllowTcpForwarding no
  X11Forwarding no
...

I already know it is not possible for the user prova to write directly into the chroot dir "prova" :-( in which I've created a subdir "www":

drwxr-xr-x 9 root  root     4096 2009-06-30 22:31 .
drwxr-xr-x 3 root  root     4096 2009-06-30 21:34 ..
drwxr-xr-x 2 prova sftponly 4096 2009-06-30 22:07 www

The bug: is always possible by prova user via FileZilla client to delete any "www" subdir if empty and owned by users other than prova. If the subdir contains root files (or files owned by users other than prova) the subdir is not deletable.
Comment 1 Giulio Di Giuliomaria 2009-07-01 19:15:08 AEST
Ops! May not be a bug but a standard beheviour on ext3 fs!

Solved changing:

drwxr-xr-x 2 prova sftponly 4096 2009-06-30 22:07 www

to:

drwxrwxr-x 2 root  sftponly 4096 2009-06-30 22:07 www
Comment 2 Giulio Di Giuliomaria 2009-07-01 19:42:39 AEST
No. Also with this permissions

drwxrwxr-x 2 root  sftponly 4096 2009-06-30 22:07 www

a root owned empty subdir of "www" may be erased by user "prova"
Comment 3 Tomas Mraz 2009-07-01 20:26:28 AEST
Huh, please learn more about UNIX/Linux DAC permissions.

You need sticky bit set on the www directory if you don't want users delete each other's files.
Comment 4 Giulio Di Giuliomaria 2009-07-01 21:11:57 AEST
(In reply to comment #3)
> Huh, please learn more about UNIX/Linux DAC permissions.
> 
> You need sticky bit set on the www directory if you don't want users
> delete each other's files.

Yes, I did the correct permission

drwxrwxr-t 2 root  sftponly 4096 2009-06-30 22:07 www

and worked as in comment #1 but for some reason I checked later an old config and posted again. My apologise :-), thanx.
Comment 5 Damien Miller 2009-10-06 15:02:08 AEDT
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.