Bug 15742 - blank guestserver in ftpaccess has unintended behavior
blank guestserver in ftpaccess has unintended behavior
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-08-08 12:54 EDT by tom
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-12 15:11:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description tom 2000-08-08 12:54:13 EDT
This is somewhat related to bug 15657, which involves blocking anonymous users 
in /etc/ftpaccess.

After finding that 'deny-uid ftp' didn't work to block anonymous access, I tried using 
the 'guestserver' command.  From the man page:

       guestserver [<hostname>]

            Controls which hosts may be  used  for  anonymous  or
            guest access.  If used without <hostname>, denies all
            guest or anonymous access to this  site.   More  than
            one <hostname> may be specified.  Guest and anonymous
            access will only be allowed on  the  named  machines.
            If  access  is  denied, the user will be asked to use
            the first <hostname> listed.

Using guestserver with a blank hostname did NOT deny access to anonymous 
users.  Either the code or documentation needs to be updated.

I would also suggest, for security reasons, that RedHat consider turning 
anonymous access OFF as default behavior on future wu-ftpd releases.  It might be 
useful to include comments in ftpaccess with instructions on the 'best' way to 
enable/disable anonymous access to the server.
Comment 1 Bernhard Rosenkraenzer 2000-08-09 05:51:21 EDT
Anonymous access *IS* turned off by default, unless you install the anonftp
Comment 2 Derek Tattersall 2000-08-19 11:29:41 EDT
Verified the above with wu-ftpd-2.6.1-6 from pinstripe.
Comment 3 WU-FTPD Development Group 2001-03-12 15:11:13 EST
guestserver only applies to anonymous users.

man page for ftpaccess has been updated for next release.

close this ticket

Note You need to log in before you can comment on or make changes to this bug.