KpyM Telnet/SSH Server - Forum
Username/password being ignored?
Andy Username/password being ignored?
 
I have configured a directory (say c:\temp) to be my sftp_root. I am connecting using coreftp lite version 2.1 build 1575 (downloaded today). It appears that the username/password that I am using to log in is basically being ignored. I created a temporary user that has access to only a single directory (c:\temp) and is not a member of any group (such as users). When I log in to the sftp server, it shows me the directory correctly. However, it will also let me go up a directory where the temporary user should not have access. In fact I can go to any directory and have full read/write access. I also tested ssh with the same results.

Obviously this is not good. Any ideas?

Thanks!


Andy
 
One more thing I forgot to mention...the daemon does not seem to honor the sftp_root directory option. It starts there, but allows browsing to higher level directories. I'd expect that to be an absolute root as far as the sftp server is concerned.


Kroum Grigorov
 
sftp_root is just a hint that tells KTS the user home folder. It does not restrict the user in any way

> it will also let me go up a directory where the temporary user should not have access
Could you verify this by logging in your windows box with this temp user and verify that the user really does not have access to this folder.
KpyM will use the windows NTFS permissions, it does not apply restrictions on the user access the restrictions should come from Windows itself

Kroum


 

© 2007 - 2008 Kroum Grigorov
Powered by phpBB © 2001, 2005 phpBB Group