[Bug 999869] [NEW] vsftpd allows local users to log in even if "local_enable" in not set

AC 999869 at bugs.launchpad.net
Tue May 15 18:44:14 UTC 2012 

Public bug reported:

I use almost vanilla /etc/vsftpd.conf file. I am not able to log-in with
a system user "tuser" from Debian Squeeze as expected. But if I use
psftp from Putty in Windows, vsftpd will allow me to log-in, even if
local_enable is commented out.

>From Debian Squeeze:

$ ftp 106.187.*.*
Connected to 106.187.*.*.
220 (vsFTPd 2.3.5)
Name (106.187.*.*:root): tuser
530 Please login with USER and PASS.
530 Please login with USER and PASS.
SSL not available
530 This FTP server is anonymous only.
Login failed.
ftp>

>From Windows7+Putty:

Putty>psftp 106.187.*.*
login as: tuser
tuser at 106.187.*.*'s password:
Remote working directory is /home/tuser
psftp> ls
Listing directory /home/tuser
drwxr-xr-x    3 tuser    tuser        4096 May 15 18:32 .
drwxr-xr-x    4 root     root         4096 May 15 17:59 ..
-rw-r--r--    1 tuser    tuser         220 May 15 17:59 .bash_logout
-rw-r--r--    1 tuser    tuser        3486 May 15 17:59 .bashrc
drwx------    2 tuser    tuser        4096 May 15 18:32 .cache
-rw-r--r--    1 tuser    tuser         675 May 15 17:59 .profile
psftp>

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: vsftpd 2.3.5-1ubuntu2
Uname: Linux 3.0.18-linode43 i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 15 18:34:10 2012
InstallationMedia:
 
ProcEnviron:
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: vsftpd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.vsftpd.conf: 2012-05-15T18:30:38

** Affects: vsftpd (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/999869

Title:
  vsftpd allows local users to log in even if "local_enable" in not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/999869/+subscriptions

More information about the Ubuntu-server-bugs mailing list