[Bug 999869] [NEW] vsftpd allows local users to log in even if "local_enable" in not set
AC
999869 at bugs.launchpad.net
Tue May 15 18:44:14 UTC 2012
Public bug reported:
I use almost vanilla /etc/vsftpd.conf file. I am not able to log-in with
a system user "tuser" from Debian Squeeze as expected. But if I use
psftp from Putty in Windows, vsftpd will allow me to log-in, even if
local_enable is commented out.
>From Debian Squeeze:
$ ftp 106.187.*.*
Connected to 106.187.*.*.
220 (vsFTPd 2.3.5)
Name (106.187.*.*:root): tuser
530 Please login with USER and PASS.
530 Please login with USER and PASS.
SSL not available
530 This FTP server is anonymous only.
Login failed.
ftp>
>From Windows7+Putty:
Putty>psftp 106.187.*.*
login as: tuser
tuser at 106.187.*.*'s password:
Remote working directory is /home/tuser
psftp> ls
Listing directory /home/tuser
drwxr-xr-x 3 tuser tuser 4096 May 15 18:32 .
drwxr-xr-x 4 root root 4096 May 15 17:59 ..
-rw-r--r-- 1 tuser tuser 220 May 15 17:59 .bash_logout
-rw-r--r-- 1 tuser tuser 3486 May 15 17:59 .bashrc
drwx------ 2 tuser tuser 4096 May 15 18:32 .cache
-rw-r--r-- 1 tuser tuser 675 May 15 17:59 .profile
psftp>
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: vsftpd 2.3.5-1ubuntu2
Uname: Linux 3.0.18-linode43 i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 15 18:34:10 2012
InstallationMedia:
ProcEnviron:
TERM=xterm
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: vsftpd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.vsftpd.conf: 2012-05-15T18:30:38
** Affects: vsftpd (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 precise
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/999869
Title:
vsftpd allows local users to log in even if "local_enable" in not set
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/999869/+subscriptions
More information about the Ubuntu-server-bugs
mailing list