In article <[EMAIL PROTECTED]> you wrote: > On Sat, Sep 20, 2003 at 12:47:21PM +0200, Robert van der Meulen wrote: >> Hi, >> >> I was working on a newly-installed machine for a customer who requires an >> ftp server. After installing vsftpd (which i *had* good experience with), I >> noticed that the 'anonymous_enable' switch in /etc/vsftpd.conf, when set to >> 'NO' *does* allow anonymous access. >> Logging in using the 'anonymous' user does not work, logging in using the >> 'ftp' user *does* work. >> The 'ftp' user is listed in /etc/passwd and /etc/shadow, and has a disabled >> password on all machines where I tried this and saw it working. >> I was only able to test this with 1.2.0-2 . >> >> If anyone here is running vsftpd on a non-anonymous box, I'd make sure to >> check this too. In the case of this customer (who has pretty sensitive data >> on his box), this could have been quite a disaster. >> >> 'funny': >> |Description: The Very Secure FTP Daemon >> | A lightweight, efficient FTP server written from the ground up with >> | security in mind. >> >> Ahem. > > 1.2.0-3 is in incoming, or remove the pam_ftp line. > > If you're running something in situations that could be "quite a > disaster", I suggest you immediately rething using the version of > vsftpd from _unstable_. >
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
