1

If the access is secured; users are chrooted in their home directory, and other security basics, how difficult is it for users to access other data on the server?

  • Dedicated server
  • Linux CentOS
  • ftp server software : Pureftpd
  • TLS enabled
  • FTP users are virtual users with no access to OS shell
  • Each users are in the same group 'ftpgroup'

Each user is the owner of his own directory :

chown –R <ftpuser_login>.ftpgroup /ftp/<user_directory>

In directory /ftp/ there are all ftp users directories.

But outsite /ftp directory, there are also for instance one directory /directory_with_sensitive_data

Nico
  • 121
  • 4
  • 1
    I don't think that the fact that the company is a potential business competitor matters. What you are really asking is simply: Does my FTP server actually keep my users out of other people's files? That's a question that is impossible to answer without information about what FTP server you are actually using, since whether or not your server can keep data properly siloed depends on what application you are using, and any potential vulnerabilities in it. – Conor Mancone Nov 12 '19 at 14:30
  • 1
    It also depends on how you configure security, what data is stored, what data is exposed, and many other factors. – schroeder Nov 12 '19 at 14:32
  • It's impossible to answer. Even with a full configuration posted, it's impossible. Someone, somewhere, may know a vulnerability in Pureftpd that noone else knows. Someone may find a flaw in the Linux kernel. Or your configuration may be subtlety in-secure in some manner. – vidarlo Nov 12 '19 at 16:52

0 Answers0