[medusa] FTP permissions

[rushing@n...]

Robin Becker writes:

> whilst playing with medusa's ftp server I noticed that even though I
> wasn't allowed to use the STOR command I was allowed to create
> remove/directories. Is this normal for FTP servers?

No, this is major oops. There is a list of 'write' commands, and a
comment to the affect that the list is checked against, but
unfortunately the code that should reference it doesn't.

It's a one-line fix, and I just checked it in:

def check_command_authorization (self, command):
if command in self.write_commands and self.read_only:
return 0
else:
return 1

Many thanks for pointing this out, Robin!

-Sam


------------------------------------------------------------------------
eGroup home: http://www.eGroups.com/list/medusa
Free Web-based e-mail groups by eGroups.com