[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Watch out! vsftpd anonymous access always enabled!

> > I was working on a newly-installed machine for a customer who requires an
> > ftp server. After installing vsftpd (which i *had* good experience with),
> > I noticed that the 'anonymous_enable' switch in /etc/vsftpd.conf, when
> > set to 'NO' *does* allow anonymous access.
> > Logging in using the 'anonymous' user does not work, logging in using the
> > 'ftp' user *does* work.
> > The 'ftp' user is listed in /etc/passwd and /etc/shadow, and has a
> > disabled password on all machines where I tried this and saw it working.
> > I was only able to test this with 1.2.0-2 .


What are you talking about?
This is my box running fbsd 4-stable, vsftpd-1.2.0, anonymous access disabled:
(take no look at the banner string, this is just kidding :)

22:36:32:toxa $ ftp toxa.lan
Trying 192.168.2.1...
Connected to toxa.lan.
220  toxadomain Microsoft FTP Service (Version 5.0) 
Name (toxa.lan:toxa): ftp
530 Permission denied.
ftp: Login failed.
ftp> quit
221 Goodbye.
22:36:39:toxa $

I use vsftpd.user_list with users allowed to acces to my box, ofcourse there's 
no 'ftp' user in it.
Reply to: