From owner-freebsd-ports  Thu Jun 18 11:31:13 1998
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA21950
          for freebsd-ports-outgoing; Thu, 18 Jun 1998 11:31:13 -0700 (PDT)
          (envelope-from owner-freebsd-ports@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA21943
          for <freebsd-ports@FreeBSD.org>; Thu, 18 Jun 1998 11:31:11 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id LAA13326;
	Thu, 18 Jun 1998 11:30:01 -0700 (PDT)
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA21081;
          Thu, 18 Jun 1998 11:27:39 -0700 (PDT)
          (envelope-from nobody)
Message-Id: <199806181827.LAA21081@hub.freebsd.org>
Date: Thu, 18 Jun 1998 11:27:39 -0700 (PDT)
From: billf@chc-chimes.com
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: ports/6982: Enabling anonymous ftp in proftpd can be confusing with the average setup
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6982
>Category:       ports
>Synopsis:       Enabling anonymous ftp in proftpd can be confusing with the average setup
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jun 18 11:30:00 PDT 1998
>Last-Modified:
>Originator:     Bill Fumerola
>Organization:
computer horizons corp
>Release:        2.2.6-RELEASE
>Environment:
FreeBSD firewall.chc-chimes.com 2.2.6-RELEASE FreeBSD 2.2.6-RELEASE #0: Mon May 18 13:11:19 EDT 1998     
billf@firewall.chc-chimes.com:/usr/src/sys/compile/HORIZONS  i386
>Description:
most administrators when they create an ftp user give it a shell that is
/bin/date or some other nonusable shell.

proftpd will not let anonymous logins occur unless a directive is in the proftpd.conf file

this fix is not a critical patch but will make the lives of sysadmins everywhere easier.

>How-To-Repeat:
add an ftp user with a shell of /bin/date
cd /usr/ports/net/proftpd; make; make install
edit /etc/inetd.conf and change ftpd to proftpd and kill -SIGHUP it
uncomment the anonymous section of /usr/local/etc/proftpd.conf
try to login anonymous to your new ftp server
>Fix:
--- basic.conf.old      Thu Jun 18 14:01:15 1998
+++ basic.conf  Thu Jun 18 14:08:39 1998
@@ -45,6 +45,13 @@
   ### Limit the maximum number of anonymous logins
   # MaxClients                 10
 
+  ### It is wise when making an 'ftp' user that you either block its
+  ### ability to login either via /etc/login.access or by giving it
+  ### an invalid shell.
+  ### Uncomment this if the 'ftp' user you made has an invalid shell
+  
+  # RequireValidShell          off
+
   ### We want 'welcome.msg' displayed at login, and '.message' displayed
   ### in each newly chdired directory.
   # DisplayLogin                       welcome.msg
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message