News:

Buffalo provides Data Recovery services. Read about it here.

Main Menu

[BUG]: Folder can be moved (and removed) using FTP client

Started by JamesAng, June 02, 2013, 11:18:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

JamesAng

June 02, 2013, 11:18:26 PM

Hi,

 

I just got a LS-QVL and set it up as a FTP server only.

 

Using the admin portal,

I created 2 user accounts and each account has 2 folders to hold private and public data.

ie. (priv_userA, pub_userA, priv_userB, pub_userB).

 

UserA & UserB: default profile for new user setup.

 

The folder for pub_userA (pub_userB) are set as follows,

- Shared Folder Attributes: Read & Write

- Recycle Bin: Disable

- Shared Folder Support: FTP only

- "Access Restrictions"

-- "Local Users"

--- User A (User B): Read & Write

--- User B (User A): Read only

 

The folder for priv_userA (priv_userB) are set as follows,

- Shared Folder Attributes: Read & Write

- Recycle Bin: Disable

- Shared Folder Support: FTP only

- "Access Restrictions"

-- "Local Users"

--- User A (User B): Read & Write

 

The structure (directory listing) is

/

|

+array1/ (auto-created by LS)

             |

             +priv_userA (only can be seen by UserA, read & write permission)

             +priv_userB (only can be seen by UserB, read & write permission)

             +pub_userA (can be seen by UserA & UserB, read & write permission for UserA, read-only permission for UserB)

             +pub_userB (can be seen by UserA & UserB, read-only permission for UserA, read & write permission for UserB)

 

The pub_ folder is to publish shared data while the priv_ folder is hidden from other users.

 

Using Filezilla, the permission to create (write) to the folders are adhered properly. User A cannot write or delete from User B's public folder.

 

But when a user drag a file/folder from a pub_ folder to another which he has write permission, the entire folder is moved using the RENAME FTP command! and the original folder no longer exists. Permission on pub_userA is violated by userB!

 

Below is the command log,

 

Status:                      Directory listing successful

Status:                      Renaming '/array1/pub_userA/iso-images' to '/array1/pub_userB/iso-images'

Command:               RNFR iso-images

Response:               350 File or directory exists, ready for destination name

Command:               RNTO /array1/pub_userB/iso-images

Response:               250 Rename successful

 

Please advise if I made any mistake in setting up the machine or is it a BUG on LS-QVL on the FTP rename command.

 

Firmware: v1.64 (DTCP-IP:1.64-20121203)

Print
Go Up Pages1
User actions
Browser ID: smf (is_webkit)
Templates: 4: index (default), Display (default), GenericControls (default), GenericControls (default).
Sub templates: 6: init, html_above, body_above, main, body_below, html_below.
Language files: 5: index+Modifications.english (default), Post.english (default), Editor.english (default), Drafts.english (default), StopForumSpam.english (default).
Style sheets: 4: index.css, attachments.css, jquery.sceditor.css, responsive.css.
Hooks called: 109 (show)
Files included: 35 - 1354KB. (show)
Memory used: 935KB.
Tokens: post-login.
Queries used: 16.

[Show Queries]