Bug 15742 - blank guestserver in ftpaccess has unintended behavior
Summary: blank guestserver in ftpaccess has unintended behavior
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-08 16:54 UTC by tom
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-03-12 20:11:17 UTC
Embargoed:


Attachments (Terms of Use)

Description tom 2000-08-08 16:54:13 UTC
This is somewhat related to bug 15657, which involves blocking anonymous users 
in /etc/ftpaccess.

After finding that 'deny-uid ftp' didn't work to block anonymous access, I tried using 
the 'guestserver' command.  From the man page:

       guestserver [<hostname>]

            Controls which hosts may be  used  for  anonymous  or
            guest access.  If used without <hostname>, denies all
            guest or anonymous access to this  site.   More  than
            one <hostname> may be specified.  Guest and anonymous
            access will only be allowed on  the  named  machines.
            If  access  is  denied, the user will be asked to use
            the first <hostname> listed.

Using guestserver with a blank hostname did NOT deny access to anonymous 
users.  Either the code or documentation needs to be updated.

I would also suggest, for security reasons, that RedHat consider turning 
anonymous access OFF as default behavior on future wu-ftpd releases.  It might be 
useful to include comments in ftpaccess with instructions on the 'best' way to 
enable/disable anonymous access to the server.

Comment 1 Bernhard Rosenkraenzer 2000-08-09 09:51:21 UTC
Anonymous access *IS* turned off by default, unless you install the anonftp
package.

Comment 2 Derek Tattersall 2000-08-19 15:29:41 UTC
Verified the above with wu-ftpd-2.6.1-6 from pinstripe.

Comment 3 WU-FTPD Development Group 2001-03-12 20:11:13 UTC
guestserver only applies to anonymous users.

man page for ftpaccess has been updated for next release.

close this ticket


Note You need to log in before you can comment on or make changes to this bug.