Bug 111555 - Dueling user blacklists sucks
Summary: Dueling user blacklists sucks
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: vsftpd   
(Show other bugs)
Version: 1
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Radek Vokal
QA Contact: Mike McLean
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-12-05 13:49 UTC by Chris Ricker
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-16 08:49:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Chris Ricker 2003-12-05 13:49:56 UTC
Is there any logical reason for having both /etc/vsftpd.ftpusers and
/etc/vsftpd.user_list, and requiring both to be edited by default to
allow access?

I think vsftpd.user_list should be killed, and go back to the RHL <=9
behavior of just one blacklist by default

Comment 1 Bill Nottingham 2003-12-05 16:03:23 UTC
Hm, well, the issue is that the semantics of vsftpd.user_list change
depending on the config, so it sometimes needs to be separate.

Comment 2 Chris Ricker 2003-12-08 15:40:49 UTC
But in the current default cocnfiguration, vsftpd.ftpusers and
vsftpd.user_list are completely redundant. vsftpd.user_list should be
disabled by default, since it only gets interesting when configured
differently than the current default (and in which case, it should
have different contents)....

I agree that both can be useful if one's a whitelist and the other's a
blacklist. Currently they're just duplicate blacklists, which is pointless

Comment 3 Radek Vokal 2004-09-16 08:49:47 UTC
vsftpd.ftpusers is black list only, OTOH vsftpd.user_list can be used
as a white list or black list according to configuration. But it can't
serve both list in one file, that's why ftpusers file is still needed. 


Note You need to log in before you can comment on or make changes to this bug.