Red Hat Bugzilla – Bug 52930
All passwords are denied
Last modified: 2007-04-18 12:36:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
Description of problem:
When upgrading to 7.1, the included uw-ftpd package will
not accept any valid passwords. It insists they are all
incorrect. Worked fine in 6.0.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.Configure firewall to permit FTP
3.Establish a known working user/password combination.
4.Verify /etc/ftpusers and /etc/shells OK.
5.FTP to the server.
Actual Results: Password is denied as incorrect.
Expected Results: Password should be accepted.
Note: I had the same problem with my 6.0 imapd binary.
I got the latest source from UW and rebuilt it - that
solved my problem. You probably need a rebuild of wu-ftpd
for 7.1 as well.
I'm using shadow passwords.
Works perfectly here...
What explanations do you get in syslog?
Thanks for the tip on the log file! It says:
Aug 31 07:49:41 mhorton ftpd: FTP LOGIN REFUSED (username in denied-uid)
FROM mrhsun [188.8.131.52], mark
This led me to the ftpaccess file, which is apparently much more strict in
7.1 than in 6.0. The 7.1 ftpaccess contains the line
deny-gid %-99 %65534-
which denies practically everybody on my system. Apparently you now
have a convention that the gid=uid.
Do you have release notes documenting the areas where 7.x isn't upward
compatible with 6.x and pointers to documentation to address them?
That would be very helpful. This should be added to them, along with
firewall notes, kernel incompatibilities, aic7xxx problems, etc.
I've resolved this problem by deleting the deny-gid line from ftpaccess.
Go ahead and close this bug.
In normal use, UIDs < 99 and > 65534 are reserved for system users, so this is
As for release-notes, no, we don't keep a log of those changes at the moment.
This problem, however, was not about UIDs, but about GIDs.
GIDs have normally (historically) been in the 1-100 range.
If you're going to expect users, including admins, to be
only in groups larger than 100, this is a change.
If you're going to expect GID to match UID, this is also
It has been that way forever, at the very least since 5.0.