VSFTPD allows anonymous login regardless

Knute Johnson knute at frazmtn.com
Sat Sep 29 16:46:22 UTC 2007


>>> Hi all
>>>
>>> I have VSFTPD setup to allow only local user authentication, but it
>>> still allows anonymous connections and displays the contents of / 
>>> home/
>>> ftp, what am I doing wrong?
>>>
>>> I've included pertinent information from my vsftpd.conf file. Many
>>> thanks.
>>>
>>>
>>> listen=YES
>>> anonymous_enable=NO
>>> local_enable=YES
>>> write_enable=YES
>>> local_umask=022
>>> xferlog_enable=YES
>>> connect_from_port_20=YES
>>> nopriv_user=ftpsecure
>>> rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
>>
>> Did you get a answer to this yet?
>>
>> I hate to suggest this (because I got caught the other day with the
>> ports closed when I thought they were open) but did you restart it
>> after you changed vsftpd.conf?
>
>Hi Knute
>
>No answer apart from yours. Thanks for the tip but I restarted VSFTPD  
>after eveery config change, and then restarted it more when it didn't  
>work as I expected :(

Unless you specify chroot_local_user a local user can see the whole 
file system.

Do you have tcp_wrappers set to yes?  You can use that to limit where 
connections come from.

Is it possible that the ftp client you are using is really sending a 
local user name?

There are a lot of subtle things that interact with vsftpd and it 
doesn't report anything, ever, as far as I can tell.

Until you figure out the problem, tcp_wrappers is a simple solution 
to keep out the unwanted.

-- 
Knute Johnson
Molon Labe...






More information about the ubuntu-users mailing list