FTP directory perms

Rich West Rich.West@divatv.com
Tue, 05 Mar 2002 12:33:24 -0500

Previous message: [gollem] Gollem from latest CVS and blank page
Next message: [gollem] FTP directory perms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've tinkered with gollem in the past and I really like the idea behind 
it.  The only reason I have not deployed it is because of the general 
security problems with FTP.

I have noticed that gollem, and I am guessing this is an artifact of PHP 
--with-ftp compiled in, allows all users to browse the entire system (if 
the ftp server is the same as the web server).  I mean, if you change 
the "dir" variable within the URL, you can get anywhere on the system 
(kinda scary), and this bypasses the normal FTP 'root-jail' setups for 
accounts.

Is there a way to configure it to observe the FTP server permissions 
even if the FTP server resides on the same host as the web server for 
the Horde system?

Thanks!
-Rich

-- 
Richard West				mailto:richard.west@divatv.com
Sr. Systems Administrator
Diva - Princeton, NJ			http://www.divatv.com

Previous message: [gollem] Gollem from latest CVS and blank page
Next message: [gollem] FTP directory perms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]