This is somewhat related to bug 15657, which involves blocking anonymous users in /etc/ftpaccess. After finding that 'deny-uid ftp' didn't work to block anonymous access, I tried using the 'guestserver' command. From the man page: guestserver [<hostname>] Controls which hosts may be used for anonymous or guest access. If used without <hostname>, denies all guest or anonymous access to this site. More than one <hostname> may be specified. Guest and anonymous access will only be allowed on the named machines. If access is denied, the user will be asked to use the first <hostname> listed. Using guestserver with a blank hostname did NOT deny access to anonymous users. Either the code or documentation needs to be updated. I would also suggest, for security reasons, that RedHat consider turning anonymous access OFF as default behavior on future wu-ftpd releases. It might be useful to include comments in ftpaccess with instructions on the 'best' way to enable/disable anonymous access to the server.
Anonymous access *IS* turned off by default, unless you install the anonftp package.
Verified the above with wu-ftpd-2.6.1-6 from pinstripe.
guestserver only applies to anonymous users. man page for ftpaccess has been updated for next release. close this ticket