[Bug 999869] [NEW] vsftpd allows local users to log in even if local_enable in not set

2012-05-15 Thread AC
Public bug reported:

I use almost vanilla /etc/vsftpd.conf file. I am not able to log-in with
a system user tuser from Debian Squeeze as expected. But if I use
psftp from Putty in Windows, vsftpd will allow me to log-in, even if
local_enable is commented out.

From Debian Squeeze:

$ ftp 106.187.*.*
Connected to 106.187.*.*.
220 (vsFTPd 2.3.5)
Name (106.187.*.*:root): tuser
530 Please login with USER and PASS.
530 Please login with USER and PASS.
SSL not available
530 This FTP server is anonymous only.
Login failed.
ftp

From Windows7+Putty:

Puttypsftp 106.187.*.*
login as: tuser
tuser@106.187.*.*'s password:
Remote working directory is /home/tuser
psftp ls
Listing directory /home/tuser
drwxr-xr-x3 tusertuser4096 May 15 18:32 .
drwxr-xr-x4 root root 4096 May 15 17:59 ..
-rw-r--r--1 tusertuser 220 May 15 17:59 .bash_logout
-rw-r--r--1 tusertuser3486 May 15 17:59 .bashrc
drwx--2 tusertuser4096 May 15 18:32 .cache
-rw-r--r--1 tusertuser 675 May 15 17:59 .profile
psftp

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: vsftpd 2.3.5-1ubuntu2
Uname: Linux 3.0.18-linode43 i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 15 18:34:10 2012
InstallationMedia:
 
ProcEnviron:
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: vsftpd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.vsftpd.conf: 2012-05-15T18:30:38

** Affects: vsftpd (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug i386 precise

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vsftpd in Ubuntu.
https://bugs.launchpad.net/bugs/999869

Title:
  vsftpd allows local users to log in even if local_enable in not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/999869/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs


[Bug 999869] [NEW] vsftpd allows local users to log in even if local_enable in not set

2012-05-15 Thread AC
Public bug reported:

I use almost vanilla /etc/vsftpd.conf file. I am not able to log-in with
a system user tuser from Debian Squeeze as expected. But if I use
psftp from Putty in Windows, vsftpd will allow me to log-in, even if
local_enable is commented out.

From Debian Squeeze:

$ ftp 106.187.*.*
Connected to 106.187.*.*.
220 (vsFTPd 2.3.5)
Name (106.187.*.*:root): tuser
530 Please login with USER and PASS.
530 Please login with USER and PASS.
SSL not available
530 This FTP server is anonymous only.
Login failed.
ftp

From Windows7+Putty:

Puttypsftp 106.187.*.*
login as: tuser
tuser@106.187.*.*'s password:
Remote working directory is /home/tuser
psftp ls
Listing directory /home/tuser
drwxr-xr-x3 tusertuser4096 May 15 18:32 .
drwxr-xr-x4 root root 4096 May 15 17:59 ..
-rw-r--r--1 tusertuser 220 May 15 17:59 .bash_logout
-rw-r--r--1 tusertuser3486 May 15 17:59 .bashrc
drwx--2 tusertuser4096 May 15 18:32 .cache
-rw-r--r--1 tusertuser 675 May 15 17:59 .profile
psftp

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: vsftpd 2.3.5-1ubuntu2
Uname: Linux 3.0.18-linode43 i686
ApportVersion: 2.0.1-0ubuntu7
Architecture: i386
Date: Tue May 15 18:34:10 2012
InstallationMedia:
 
ProcEnviron:
 TERM=xterm
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: vsftpd
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.vsftpd.conf: 2012-05-15T18:30:38

** Affects: vsftpd (Ubuntu)
 Importance: Undecided
 Status: New


** Tags: apport-bug i386 precise

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/999869

Title:
  vsftpd allows local users to log in even if local_enable in not set

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/999869/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs