Greetings! On Sat, 20 Sep 2003 12:47:21 +0200 Robert van der Meulen <[EMAIL PROTECTED]> wrote:
> I was working on a newly-installed machine for a customer who requires > an ftp server. After installing vsftpd (which i *had* good experience > with), I noticed that the 'anonymous_enable' switch in > /etc/vsftpd.conf, when set to'NO' *does* allow anonymous access. > Logging in using the 'anonymous' user does not work, logging in using > the'ftp' user *does* work. > The 'ftp' user is listed in /etc/passwd and /etc/shadow, and has a > disabled password on all machines where I tried this and saw it > working. I was only able to test this with 1.2.0-2 . > > If anyone here is running vsftpd on a non-anonymous box, I'd make sure > to check this too. In the case of this customer (who has pretty > sensitive data on his box), this could have been quite a disaster. On Woody/stable I have version 1.0.0-2 and everythin is fine here: Sep 22 10:03:24 login vsftpd: PAM-listfile: Refused user anonymous for service ftp Sep 22 10:03:24 login PAM_unix[30725]: auth could not identify password for [ftp] Sep 22 10:03:43 login vsftpd: PAM-listfile: Refused user ftp for service ftp Sep 22 10:03:43 login PAM_unix[30875]: auth could not identify password for [ftp] --------------------------- /etc/vsftpd.conf - excerpt --------------------------- # Allow anonymous FTP? anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES Bye Volker Tanger
