by maruka Banned
10 replies
Is it possible to su or sudo to my root from a ftp user?
#ftp #user
  • Profile picture of the author Unomateo
    no, you can only su with a server user account.... You trying to hack a system?
    {{ DiscussionBoard.errors[6308406].message }}
  • Profile picture of the author maruka
    nope just finding out the harm a ftp user can do,or the things he/she can find out about my server with a simple ftp account thank you men
    {{ DiscussionBoard.errors[6308813].message }}
  • Profile picture of the author abdurrahman
    su is used to connect with server user from root or to root
    {{ DiscussionBoard.errors[6312617].message }}
  • Profile picture of the author porcupine73
    Normally you have to be logged in to a shell to do su or sudo. I would highly doubt any FTP servers would accept su or sudo commands. One exception might be if you are using something such as WinSCP in SCP mode which actually is connecting using a shell, but allows uploading and downloading files - then it will typically also allow shell commands.
    {{ DiscussionBoard.errors[6314094].message }}
  • Profile picture of the author maruka
    I use winscp and have thrown shell commands too so if I do it so will other guy that I give a ftp user for my true thank you then how I do if I require an install on my server performed by a company ?,it aint that safe to trust them in order to grant them ftp access or is it?
    {{ DiscussionBoard.errors[6322583].message }}
  • Profile picture of the author porcupine73
    Most FTP servers you declare the home directory and permissions for a user. Then they cannot get to a directory higher than their root directory.

    If you are using SCP protocol when using WinSCP it can do shell commands. If you are using FTP protocol I don't think most FTP servers allow executing files, etc.
    {{ DiscussionBoard.errors[6322650].message }}
    • Profile picture of the author maruka
      So if they get a ftp user account for home dir with permissions 777 ,still you dont think they can harm me even if they use winscp?

      thank you hon
      {{ DiscussionBoard.errors[6323061].message }}
  • Profile picture of the author maruka
    I dont think is good to underestimate the damage anybody can do to ur server with a ftp account,I just entered some shell command on winscp and got all this code just like if I was on putty:
    PHP 5.2.17 (cli) (built: Feb 16 2012 23:29:39)
    Copyright (c) 1997-2010 The PHP Group
    Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
    with the ionCube PHP Loader v4.0.14, Copyright (c) 2002-2011, by ionCube Ltd., and
    with Zend Extension Manager v1.2.0, Copyright (c) 2003-2007, by Zend Technologies
    with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

    imagine hon what they could fetch with the right command
    {{ DiscussionBoard.errors[6323190].message }}
  • Profile picture of the author porcupine73
    What protocol are you using in WinSCP for it to connect? If it is using SCP then yes you can execute shell commands, because that is how it is actually connecting, using the shell. See if you can do anything with the protocol set to FTP.
    {{ DiscussionBoard.errors[6325777].message }}
  • Profile picture of the author maruka
    I usually login with winscp using my root,trying to access to it with my root with ftp 'protocol' is impossible,something that might lead me to think that a ftp created user the same way wont be able to connect via sftp or other protocol thereforely he/she wont be able to perform any shell commands,do you agree porcupine73?
    {{ DiscussionBoard.errors[6326162].message }}

Trending Topics