Bug 23745

Summary: denying delete and overwrite on guest users has no usefull use IMHO
Product: [Retired] Red Hat Linux Reporter: Arenas Belon, Carlo Marcelo <carenas>
Component: wu-ftpdAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: low    
Version: 7.1Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-10 22:26:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Arenas Belon, Carlo Marcelo 2001-01-10 22:26:14 UTC 
after setting /etc/ftpaccess for guest use i found that the defaults are
really disturbing, because there is no way to delete or overwrite any file
even if owned for the guest users id as explained on :

  delete     no guest,anonymous
  overwrite no guest,anonymous

i think that setting a chroot home for a user explicitally changing its
home with something like /home/foo/./ should make it to delete and
overwrite files on its own directory (great for virtualhosts)

it should be just :
 
   delete     no anonymous
   overwrite no anonymous

IMHO and seems secure enough
Comment 1 Bernhard Rosenkraenzer 2001-01-12 13:05:10 UTC 
The use of this is for situations like ibiblio.org was a couple of years ago,
where you could log in as anonymous for download, or as "upload" (=guest user)
for getting write access to /pub/Incoming, where all files are automatically
chowned to ftp:ftp.

I agree that the other use is *far* more common and useful though, changed.