Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

forgot password?



Reply


Old
  Post #1 (permalink)   05-24-2012, 08:33 PM
Account Disabled
 
Join Date: Aug 2010
Posts: 377

Status: vegas is offline
Is it possible to su or sudo to my root from a ftp user?
eg
su kamira@mynoughtydomain.com

Last edited by vegas : 05-24-2012 at 08:35 PM.
 
 
 


Old
  Post #2 (permalink)   05-24-2012, 10:34 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Why would you want to do that?

The less access through "root" the better. Even when accessing a server via Shell, ROOT should be locked down so that a user must shell in with a username, then SU to root. But on an FTP level, why would you want to do something like that?
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #3 (permalink)   05-24-2012, 10:52 PM
Account Disabled
 
Join Date: Aug 2010
Posts: 377

Status: vegas is offline
nope just finding out the harm a ftp user can do,or the things he/she can find out about my server with a simple ftp account thank you men

but I already know you cant su with a ftp account only with a user account
 
 
 


Old
  Post #4 (permalink)   05-25-2012, 12:15 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Yeah, not really possible with FTP, and not possible with sFTP either. That's not to say that they can't gain root access if your system is not secure. They could potentilaly use FTP to access the /etc/passwd files, download that, then they can extract and use toot passwords to access the machine later - or enable shell access to then allow an SU command.
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 


Old
  Post #5 (permalink)   05-26-2012, 12:27 AM
Account Disabled
 
Join Date: Aug 2010
Posts: 377

Status: vegas is offline
Ye maybe well you are saying accesin etc dir since passwords are not stored in passwd but in shadow but still you got some point there,so what type of hardening do you think would help so they wouldnt gain access thru ftp?
thank you,hows about ur smoking how many cigars do you smoke daily? would bet 20 ,and thirty on weekends just like a freaking teenager jojoj
 
 
 


Old
  Post #6 (permalink)   05-27-2012, 06:44 PM
Account Disabled
 
Join Date: Aug 2010
Posts: 377

Status: vegas is offline
anybody can tell me how to protect my server from a ftp installation made by an assigned ftp user into x dir?
 
 
 


Old
  Post #7 (permalink)   05-28-2012, 05:55 PM
HD Wizard
 
Join Date: Mar 2005
Location: Atlanta, GA
Posts: 2,264

Status: handsonhosting is offline
Need to clarify the question a little better. What is it that you're looking to do?
__________________
Emerson Nogueira
http://www.HandsOnWebHosting.com
cPanel Web Hosting, Domain Registration, Managed VPS Servers
 
 
 


Old
  Post #8 (permalink)   06-07-2012, 05:13 PM
HD Amateur
 
Join Date: May 2012
Posts: 91

Status: GridVirt is offline
Kernel hardening is one way to lock your OS down and make sure users are completely isolated. Have a look here if your interested on Kernel hardening with grsecurity >> http://blog.gridvirt.com/advanced-centos-security-6-2/
__________________
▀▄ GridVirt Inc. Beyond The Cloud Linux VPSWindows VPS
▀▄ High Performance SSD KVM Virtual Grid Servers (VPS)
 
 
 


Old
  Post #9 (permalink)   08-29-2012, 03:45 PM
HD Newbie
 
Join Date: Jul 2012
Posts: 9

Status: gmotech003 is offline
Hello,

To sudo ftp then hit return. You will then be prompted for the superuser password. Type it in, hit return, and you're FTPing as the superuser (as long as your FTP daemon is configured to accept the superuser as a remote login; sometimes they're default configured not to for security reasons).

Hope this helps.


MOD NOTE: Signatures must be setup in your profile and not manually added to posts.
 
 
 


Old
  Post #10 (permalink)   08-30-2012, 05:43 AM
HD Amateur
 
Join Date: Aug 2012
Posts: 78

Status: ReadyMakers is offline
Try not to use root user unless necessary or be ready for hackers
 
 
 


Old
  Post #11 (permalink)   08-30-2012, 07:15 AM
HD Guru
 
HostLeet's Avatar
 
Join Date: May 2009
Location: Florida, USA
Posts: 874

Status: HostLeet is online now
Quote:
Originally Posted by GridVirt View Post
Kernel hardening is one way to lock your OS down and make sure users are completely isolated. Have a look here if your interested on Kernel hardening with grsecurity >> http://blog.gridvirt.com/advanced-centos-security-6-2/
Link doesn't work?
__________________
HOSTLEET.COM, LLC - Elite Website Hosting Since 2008!
Fast Reliable Affordable Secure Friendly & Courteous
RISK-FREE Money Back Guarantee PCI-Compliant Checkout
 
 
 


Old
  Post #12 (permalink)   08-30-2012, 08:42 AM
HD Newbie
 
Join Date: Aug 2012
Posts: 17

Status: linux7802 is offline
Quote:
Originally Posted by vegas View Post
Is it possible to su or sudo to my root from a ftp user?
eg
su kamira@mynoughtydomain.com
You are inviting the hackers to hack your server, why you want su option for FTP user.....
 
 
 


Old
  Post #13 (permalink)   08-31-2012, 03:12 AM
Account Disabled
 
Join Date: May 2010
Location: USA
Posts: 10
Send a message via AIM to m2hdiana Send a message via MSN to m2hdiana Send a message via Yahoo to m2hdiana

Status: m2hdiana is offline
yes, it is possible but not the secure way to login to root user.
 
 
 


Old
  Post #14 (permalink)   11-01-2012, 12:07 PM
HD Addict
 
Join Date: Oct 2012
Posts: 175

Status: CanSpace is offline
You can su to root from any user generally speaking - but NOT from within an FTP session.
__________________
█ CanSpace Solutions - www.canspace.ca - Canada's leading domain registrar and web hosting provider
Premium Canadian Web Hosting and .ca domains. Trusted by Canada's largest corporations
 
 
 


Old
  Post #15 (permalink)   01-25-2013, 03:33 AM
HD Newbie
 
Join Date: Jan 2013
Location: Cyprus
Posts: 6

Status: postcyhosting is offline
Hello friend,

this issues include in Dealing with O.S.
Harden you kernel of O.S and make sure to stipulate separate internet accessibility with user friendly functions.

Thank you
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: