Package: vsftpd Version: 2.3.5-3 Severity: minor Hallo Daniel, default configuration file /etc/vsftpd.conf allows anonymous access, but it shows nothing when user attach to ftp as anonymous. Searching why I've found note about hardening and number of solutions ... unfortunately no one works for my case. I find informations about hardening between squeeze and wheezy, but I didn't find relevant config line. Now I've found why it works as described in Subject. Anonymous access is permitted by default, but anonymous root is not defined at this config file. Please look to attached diff and save hours of life of new admins starting with default config file. It looks that examples in /usr/share/doc/vsftpd/examples are sick with this disease too, but solution is clear. Thank you for accepting my coin to make this package more friendly.
Pavel
--- vsftpd.conf 2013-12-03 10:10:48.000000000 +0100 +++ vsftpdnew.conf 2013-12-03 10:13:38.000000000 +0100 @@ -21,6 +21,8 @@ # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES +# Where is home for anonymous user? +anon_root=/home/ftp # # Uncomment this to allow local users to log in. #local_enable=YES
pgpPHgVpz6l1M.pgp
Description: PGP signature
