Date: Thu, 26 Jun 2025 12:11:02 GMT From: Dag-Erling =?utf-8?Q?Sm=C3=B8rgrav?= <des@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 0804e60df19b - main - ftpd: Provide an option to turn off FTP anonymous usage Message-ID: <202506261211.55QCB2o0007197@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by des: URL: https://cgit.FreeBSD.org/src/commit/?id=0804e60df19b393c37238596c9f37a0b8972a7da commit 0804e60df19b393c37238596c9f37a0b8972a7da Author: joyu liaonull <joyul@juniper.netnull> AuthorDate: 2025-06-26 12:07:31 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-06-26 12:10:14 +0000 ftpd: Provide an option to turn off FTP anonymous usage ftpd provides the -n option to disable anonymous FTP access, meaning the username 'ftp' cannot log in to the FTP server without a password stored in the password database. This feature helps prevent users who lack the background knowledge of how this special username 'ftp' conventionally works in FTP from mistakenly creating an account with the username 'ftp,' assuming it behaves like other usernames that require a password to log in to the FTP server, which it does not. Differential Revision: https://reviews.freebsd.org/D46547 --- libexec/ftpd/ftpd.8 | 12 ++++++++++-- libexec/ftpd/ftpd.c | 15 +++++++++++++-- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8 index 3474c379fbc7..96db4753209e 100644 --- a/libexec/ftpd/ftpd.8 +++ b/libexec/ftpd/ftpd.8 @@ -25,7 +25,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 9, 2023 +.Dd June 26, 2025 .Dt FTPD 8 .Os .Sh NAME @@ -33,7 +33,8 @@ .Nd Internet File Transfer Protocol server .Sh SYNOPSIS .Nm -.Op Fl 468ABDdEhMmOoRrSUvW +.Op Fl 468BDdEhMmOoRrSUvW +.Bq Fl A | Fl n .Op Fl l Op Fl l .Op Fl a Ar address .Op Fl P Ar port @@ -147,6 +148,13 @@ Permit anonymous users to overwrite or modify existing files if allowed by file system permissions. By default, anonymous users cannot modify existing files; in particular, files to upload will be created under a unique name. +.It Fl n +Disable anonymous FTP access. +The +.Fl n +option is mutually exclusive with the +.Fl A +option. .It Fl O Put server in write-only mode for anonymous users only. RETR is disabled for anonymous users, preventing anonymous downloads. diff --git a/libexec/ftpd/ftpd.c b/libexec/ftpd/ftpd.c index f3a1105f6437..751d77b218b7 100644 --- a/libexec/ftpd/ftpd.c +++ b/libexec/ftpd/ftpd.c @@ -106,6 +106,7 @@ int logging; int restricted_data_ports = 1; int paranoid = 1; /* be extra careful about security */ int anon_only = 0; /* Only anonymous ftp allowed */ +int noanon = 0; /* disable anonymous ftp */ int assumeutf8 = 0; /* Assume that server file names are in UTF-8 */ int guest; int dochroot; @@ -269,7 +270,7 @@ main(int argc, char *argv[], char **envp) openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); while ((ch = getopt(argc, argv, - "468a:ABdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) { + "468a:ABdDEhlmMnoOp:P:rRSt:T:u:UvW")) != -1) { switch (ch) { case '4': family = (family == AF_INET6) ? AF_UNSPEC : AF_INET; @@ -327,6 +328,10 @@ main(int argc, char *argv[], char **envp) noguestmkd = 1; break; + case 'n': + noanon = 1; + break; + case 'o': noretr = 1; break; @@ -396,6 +401,11 @@ main(int argc, char *argv[], char **envp) } } + if (noanon && anon_only) { + syslog(LOG_ERR, "-n and -A are mutually exclusive"); + exit(1); + } + /* handle filesize limit gracefully */ sa.sa_handler = SIG_IGN; (void)sigaction(SIGXFSZ, &sa, NULL); @@ -995,7 +1005,8 @@ user(char *name) #else pw = sgetpwnam("ftp"); #endif - if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { + if (!noanon && + (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0)) { if (checkuser(_PATH_FTPUSERS, "ftp", 0, NULL, &ecode) || (ecode != 0 && ecode != ENOENT)) reply(530, "User %s access denied.", name);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202506261211.55QCB2o0007197>