Am Fri, 14 Aug 2015 14:06:25 +0100 Matthew Seaman <matt...@freebsd.org> schrieb:
> On 08/14/15 12:45, O. Hartmann wrote: > > Man page "ftpusers(5)" states, that an entry "username allow" will allow > > access > > to ftpd. But every user listed in /etc/ftpusers is denied access, no matter > > whether there is "allow" appended to the entry or not! This is strange. > > Whenever I delete a user's name from that file I wish to have access to the > > ftpd service, that user can login - but addig the users even as "username > > allow" (no * in the file, nothing else but the initial users names) access > > is > > denied. > > If you've got a ftpusers(5) that presumably comes from some ported > software -- doesn't exist in the base system. There is pam_ftpusers(8) > in base, although that doesn't seem to be in use by default. After you mentioned this, I checked and you're correct!The manpage was installed by package heimdal-1.5.3_4 according with another ftpd located under /usr/local/libexec. > > Traditionally 'ftpusers' was just a plain list of usernames or groups > (indicated by a leading '@' character). According to ftpd(8) it lists > the people *not* allowed access via FTP. I got this. > > However, other implementations of FTP servers have adopted the ftpusers > file and expanded its capabilities in various ways, by adding some > additional flag fields for each username. It depends on what ftpd > you're using exactly what syntax is used there. Properly ported > software should really be using /usr/local/etc/ftpusers though. I use NanoBSD for some very small appliance/server system and use the FreeBSD base system to start with - avoiding unncessary package installation. Reading the heimdal man page, configuring then according to heimdal's /usr/local/etc/ftpusers's explanations and then running the FreeBSD ftpd from its natural starting point with the misconfigured /etc/ftpusers will end in a mess. So it is my fault. But anyway, cleaning up the mess doesn't resolve the weird issues with FreeBSD's own ftpd. > > Cheers, > > Matthew > > > > Thank you for that hint. Regards, Oliver
pgplTNtEFYTUh.pgp
Description: OpenPGP digital signature
