Thanks.
Everything in the web directory is owned by siteadmin:site, including subdirectories and their contents. Above the web directory in the site home directory, it's different, not sure if this is a problem. The logs directory owned by SITE22-logs:site19 seems strange. I know the most common problem that web designers have with FTP and BlueOnyx is that the web directory isn't / it's /web. But supposedly this CMS was already configured and working for a couple years, so it should have been configured right. BTW, that php.d directory is empty. drwxrwsr-x 8 nobody site19 4096 Sep 20 2017 . drwxrwxr-x 3 root root 4096 Nov 17 2014 .. drwxr-s--x 9 SITE22-logs site19 4096 Jan 27 2019 logs drw-r-Sr-- 2 root site19 4096 Sep 20 2017 php.d drwxrwsr-x 2 nobody site19 4096 Nov 17 2014 users drwxr-sr-x 3 root site19 4096 Nov 17 2014 .users drwxrwsr-x 7 nobody site19 4096 Oct 11 2016 web drwxr-xr-x 2 apache site19 20480 Jul 30 04:59 webalizer -----Original Message----- From: Blueonyx <blueonyx-boun...@mail.blueonyx.it> On Behalf Of Michael Stauber Sent: Tuesday, July 30, 2019 6:31 PM To: blueonyx@mail.blueonyx.it Subject: [BlueOnyx:23046] Re: CushyCMS and ProFTPD Hi Ken, > I looked in var/log/messages and I see a bunch of lines like this, not > sure what they mean or why the are occurring now and not previously. > Customer would be using site admin credentials, wouldn't even know root login. > > Jul 30 14:31:06 blueonyx proftpd[5435]: 69.49.197.254 > (198.74.49.153[198.74.49.153 > ]) - ROOT PRIVS: unable to seteuid(): Operation not permitted Jul 30 > 14:31:06 blueonyx proftpd[5435]: 69.49.197.254 Yeah, ProFTPd doesn't allow user "root" and never has. A seteuid() call happens when a program drops privileges to do something as a lesser user and when it's done it tries to regain the same UID/GID as before via seteuid(). It's something I'm sort of sure ProFTPd doesn't allow without full reauthentication, because from a security point of view it's *very* tricky to get right. In the nooks and crannies of such code usually there often is room for exploits and that's why sensible people don't implement it - unless they really *have* to. And then it's usually the best audited and most well tested part of the code, because one false step and it can get exploited. The last ProFTPd update only changed two things: mod_ban and mod_geoip got activated by default. Other than that it's just ProFTPd 1.3.6-RC1 vs ProFTPd-1.3.5. Are the files in the webspace owned by that siteAdmin or by someone else? This could be where the seteuid() call comes from. Say the files are owned by nobody:siteX or apache:siteX and not by the siteAdmin:siteX. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list <mailto:Blueonyx@mail.blueonyx.it> Blueonyx@mail.blueonyx.it <http://mail.blueonyx.it/mailman/listinfo/blueonyx> http://mail.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx