From owner-freebsd-current@freebsd.org Fri Aug 14 19:47:34 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36BFB9BA324 for ; Fri, 14 Aug 2015 19:47:34 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E2F3B17F6; Fri, 14 Aug 2015 19:47:33 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtp (envelope-from ) id <1ZQKwt-002AhK-HH>; Fri, 14 Aug 2015 21:47:31 +0200 Received: from x5ce13924.dyn.telefonica.de ([92.225.57.36] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (envelope-from ) id <1ZQKwt-001Kv8-9C>; Fri, 14 Aug 2015 21:47:31 +0200 Date: Fri, 14 Aug 2015 21:47:25 +0200 From: "O. Hartmann" To: Matthew Seaman Cc: freebsd-current@freebsd.org Subject: Re: r286615: /usr/libexec/ftpd broken! Message-ID: <20150814214725.18947fe8.ohartman@zedat.fu-berlin.de> In-Reply-To: <55CDE7D1.10607@freebsd.org> References: <20150811074041.6700e943@freyja.zeit4.iv.bundesimmobilien.de> <20150811104451.2031fff2@freyja.zeit4.iv.bundesimmobilien.de> <20150814134533.690e2091@freyja.zeit4.iv.bundesimmobilien.de> <55CDE7D1.10607@freebsd.org> Organization: FU Berlin X-Mailer: Claws Mail 3.12.0 (GTK+ 2.24.28; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/AhkoB87TBX1zo=e9msbgt/W"; protocol="application/pgp-signature" X-Originating-IP: 92.225.57.36 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2015 19:47:34 -0000 --Sig_/AhkoB87TBX1zo=e9msbgt/W Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Fri, 14 Aug 2015 14:06:25 +0100 Matthew Seaman schrieb: > On 08/14/15 12:45, O. Hartmann wrote: > > Man page "ftpusers(5)" states, that an entry "username allow" will allo= w access > > to ftpd. But every user listed in /etc/ftpusers is denied access, no ma= tter > > whether there is "allow" appended to the entry or not! This is strange. > > Whenever I delete a user's name from that file I wish to have access to= the > > ftpd service, that user can login - but addig the users even as "userna= me > > allow" (no * in the file, nothing else but the initial users names) acc= ess is > > denied. >=20 > If you've got a ftpusers(5) that presumably comes from some ported > software -- doesn't exist in the base system. There is pam_ftpusers(8) > in base, although that doesn't seem to be in use by default. After you mentioned this, I checked and you're correct!The manpage was inst= alled by package heimdal-1.5.3_4 according with another ftpd located under /usr/loca= l/libexec. >=20 > Traditionally 'ftpusers' was just a plain list of usernames or groups > (indicated by a leading '@' character). According to ftpd(8) it lists > the people *not* allowed access via FTP. I got this. >=20 > However, other implementations of FTP servers have adopted the ftpusers > file and expanded its capabilities in various ways, by adding some > additional flag fields for each username. It depends on what ftpd > you're using exactly what syntax is used there. Properly ported > software should really be using /usr/local/etc/ftpusers though. I use NanoBSD for some very small appliance/server system and use the FreeB= SD base system to start with - avoiding unncessary package installation. Reading the heimd= al man page, configuring then according to heimdal's /usr/local/etc/ftpusers's explanati= ons and then running the FreeBSD ftpd from its natural starting point with the misconfigured /etc/ftpusers will end in a mess. So it is my fault. But anyway, cleaning up the mess doesn't resolve the weird issues with Free= BSD's own ftpd. >=20 > Cheers, >=20 > Matthew >=20 >=20 >=20 >=20 Thank you for that hint. Regards, Oliver --Sig_/AhkoB87TBX1zo=e9msbgt/W Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVzkXNAAoJEOgBcD7A/5N8uV8IAOQYYgYpD87lSRA+Zts3Gvzp CmP5r7gKrnzXSrMtiZDwfzVrEmHdlBbcNwdjAG1dUMh4RI/bDNaJ6afckFS7EWCT 4xYSPKj7yYAg7M9Sq5Gtjp4nlKgp3jE8NsyZ+CIcG9M3ypFQ6ZNuNEvcVGT4g+Z9 qQ+yIKw6ljPMo5hK2y//WtrYV6m6VTqdNdyHTL1cEY/bj+BNkMVJ8HO3WN3TFu1z oUI6gTw8teipDyWce/80N9f5eNJypEqL5BDvHdgWpBHuBJr1YDztqxDpEeS+i3KI tDxFNTnQN75394lp2MfG2BfrXHwsK6OWLVHE+L3LkVfCcY2HpQ0zoM7TPd1h7pE= =J6qq -----END PGP SIGNATURE----- --Sig_/AhkoB87TBX1zo=e9msbgt/W--