Package: vsftpd
Version: 2.3.5-3
Severity: minor

Hallo Daniel,
  default configuration file /etc/vsftpd.conf allows anonymous access, but it 
shows nothing when user attach to ftp as anonymous. Searching why I've found 
note about hardening and number of solutions ... unfortunately no one works for 
my case. I find informations about hardening between squeeze and wheezy, but I 
didn't find relevant config line.
  Now I've found why it works as described in Subject. Anonymous access is 
permitted by default, but anonymous root is not defined at this config file.
  Please look to attached diff and save hours of life of new admins starting 
with default config file. It looks that examples in 
/usr/share/doc/vsftpd/examples are sick with this disease too, but solution is 
clear.
  Thank you for accepting my coin to make this package more friendly.

  Pavel
--- vsftpd.conf	2013-12-03 10:10:48.000000000 +0100
+++ vsftpdnew.conf	2013-12-03 10:13:38.000000000 +0100
@@ -21,6 +21,8 @@
 #
 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 anonymous_enable=YES
+# Where is home for anonymous user?
+anon_root=/home/ftp
 #
 # Uncomment this to allow local users to log in.
 #local_enable=YES

Attachment: pgpPHgVpz6l1M.pgp
Description: PGP signature

Reply via email to