Am Fri, 14 Aug 2015 14:06:25 +0100
Matthew Seaman <> schrieb:

> On 08/14/15 12:45, O. Hartmann wrote:
> > Man page "ftpusers(5)" states, that an entry "username allow" will allow 
> > access
> > to ftpd. But every user listed in /etc/ftpusers is denied access, no matter
> > whether there is "allow" appended to the entry or not! This is strange.
> > Whenever I delete a user's name from that file I wish to have access to the
> > ftpd service, that user can login - but addig the users even as "username
> > allow" (no * in the file, nothing else but the initial users names) access 
> > is
> > denied.
> If you've got a ftpusers(5) that presumably comes from some ported
> software -- doesn't exist in the base system.  There is pam_ftpusers(8)
> in base, although that doesn't seem to be in use by default.

After you mentioned this, I checked and you're correct!The manpage was 
installed by
package heimdal-1.5.3_4 according with another ftpd located under 

> Traditionally 'ftpusers' was just a plain list of usernames or groups
> (indicated by a leading '@' character).  According to ftpd(8) it lists
> the people *not* allowed access via FTP.

I got this.

> However, other implementations of FTP servers have adopted the ftpusers
> file and expanded its capabilities in various ways, by adding some
> additional flag fields for each username.  It depends on what ftpd
> you're using exactly what syntax is used there.  Properly ported
> software should really be using /usr/local/etc/ftpusers though.

I use NanoBSD for some very small appliance/server system and use the FreeBSD 
base system
to start with - avoiding unncessary package installation. Reading the heimdal 
man page,
configuring then according to heimdal's /usr/local/etc/ftpusers's explanations 
and then
running the FreeBSD ftpd from its natural starting point with the
misconfigured /etc/ftpusers will end in a mess. So it is my fault.

But anyway, cleaning up the mess doesn't resolve the weird issues with 
FreeBSD's own ftpd.

>       Cheers,
>       Matthew

Thank you for that hint.


Attachment: pgplTNtEFYTUh.pgp
Description: OpenPGP digital signature

Reply via email to