Bug 15742 - blank guestserver in ftpaccess has unintended behavior
Summary: blank guestserver in ftpaccess has unintended behavior
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2000-08-08 16:54 UTC by tom
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-03-12 20:11:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description tom 2000-08-08 16:54:13 UTC
This is somewhat related to bug 15657, which involves blocking anonymous users 
in /etc/ftpaccess.

After finding that 'deny-uid ftp' didn't work to block anonymous access, I tried using 
the 'guestserver' command.  From the man page:

       guestserver [<hostname>]

            Controls which hosts may be  used  for  anonymous  or
            guest access.  If used without <hostname>, denies all
            guest or anonymous access to this  site.   More  than
            one <hostname> may be specified.  Guest and anonymous
            access will only be allowed on  the  named  machines.
            If  access  is  denied, the user will be asked to use
            the first <hostname> listed.

Using guestserver with a blank hostname did NOT deny access to anonymous 
users.  Either the code or documentation needs to be updated.

I would also suggest, for security reasons, that RedHat consider turning 
anonymous access OFF as default behavior on future wu-ftpd releases.  It might be 
useful to include comments in ftpaccess with instructions on the 'best' way to 
enable/disable anonymous access to the server.

Comment 1 Bernhard Rosenkraenzer 2000-08-09 09:51:21 UTC
Anonymous access *IS* turned off by default, unless you install the anonftp

Comment 2 Derek Tattersall 2000-08-19 15:29:41 UTC
Verified the above with wu-ftpd-2.6.1-6 from pinstripe.

Comment 3 WU-FTPD Development Group 2001-03-12 20:11:13 UTC
guestserver only applies to anonymous users.

man page for ftpaccess has been updated for next release.

close this ticket

Note You need to log in before you can comment on or make changes to this bug.