From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) When in /etc/ftpaccess guestusers are defined with delimiter ',' they are allowed root access when ftp'ing. Reproducible: Always Steps to Reproduce: 1.Create a set of logins, say guest1, guest2, guest3 2.add line to /etc/ftpaccess: guestuser guest1,guest2,guest3 3.login using guest1 from a client workstation onto the server. Actual Results: you get your root access. your directory permissions are not restricted, etc. Expected Results: either parsing of /etc/ftpaccess should ignore the lines or something else but should not give root access
It does NOT give you root access (==access to the root account). It just gives you access to the root directory, which is the correct behavior, since the user is not listed as a guest user. Fixing this would break situations where an admin wants to make an actual user with the login name "guest1,guest2" a guest user. Both situations are a result of not reading the documentation (wrong syntax in /etc/ftpaccess or bad symantics for user names), so I consider both of them to be the same and won't break one to fix the other.