From owner-freebsd-current@freebsd.org Fri Aug 14 13:06:56 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 787639B874F for ; Fri, 14 Aug 2015 13:06:56 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 107DE187D for ; Fri, 14 Aug 2015 13:06:55 +0000 (UTC) (envelope-from matthew@freebsd.org) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id t7ED6RFd063985 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 14 Aug 2015 14:06:42 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk t7ED6RFd063985 Authentication-Results: smtp.infracaninophile.co.uk/t7ED6RFd063985; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Subject: Re: r286615: /usr/libexec/ftpd broken! To: freebsd-current@freebsd.org References: <20150811074041.6700e943@freyja.zeit4.iv.bundesimmobilien.de> <20150811104451.2031fff2@freyja.zeit4.iv.bundesimmobilien.de> <20150814134533.690e2091@freyja.zeit4.iv.bundesimmobilien.de> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <55CDE7D1.10607@freebsd.org> Date: Fri, 14 Aug 2015 14:06:25 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <20150814134533.690e2091@freyja.zeit4.iv.bundesimmobilien.de> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mnXQAhBdbikvGBtuANNpjTHxLOLAAWVfa" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Aug 2015 13:06:56 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --mnXQAhBdbikvGBtuANNpjTHxLOLAAWVfa Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/14/15 12:45, O. Hartmann wrote: > Man page "ftpusers(5)" states, that an entry "username allow" will allo= w access > to ftpd. But every user listed in /etc/ftpusers is denied access, no ma= tter > whether there is "allow" appended to the entry or not! This is strange.= > Whenever I delete a user's name from that file I wish to have access to= the > ftpd service, that user can login - but addig the users even as "userna= me > allow" (no * in the file, nothing else but the initial users names) acc= ess is > denied. If you've got a ftpusers(5) that presumably comes from some ported software -- doesn't exist in the base system. There is pam_ftpusers(8) in base, although that doesn't seem to be in use by default. Traditionally 'ftpusers' was just a plain list of usernames or groups (indicated by a leading '@' character). According to ftpd(8) it lists the people *not* allowed access via FTP. However, other implementations of FTP servers have adopted the ftpusers file and expanded its capabilities in various ways, by adding some additional flag fields for each username. It depends on what ftpd you're using exactly what syntax is used there. Properly ported software should really be using /usr/local/etc/ftpusers though. Cheers, Matthew --mnXQAhBdbikvGBtuANNpjTHxLOLAAWVfa Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVzefRAAoJEABRPxDgqeTnTJgP/jIiEAaOrj7c4zk/CSkAwRIR J8eOnD7UVVU+Zu7Niu8aRwRdVZRRQaozjvlIcUKNNIcj4//x78WlBSER6+xVnUAp dCW3jAtNLxwpAHy5srpxW3JxXuJSEFY7yozgHPTQ7Ovzoj/jRm/7/ijO4wB0NWMV NmjzvIyZK/EcvKIiTOf6RVEHt6g1nrmnrriI+wJOtQgWLG/IOhP8Ki4ocvxvpRaQ pqfJtO/QUAXNiRwdmI4yEoOQJAicRGRxLwrqN9yeOT5cFH4lVw2D2u5ehaXaiP5r TDZvkRlLJCh/Glgn4veI08xchohq07elpO2ptd7PGRtgZe/rloKL9ZeXZAsbkzis BJX1HgatQtuaswo60v6gwFQnsriAevErW0ZTHJuWySR5+e6Bdcat7yw2STxS2BXU /12hwpxrHO24cWM0FOkraUeD4pIcgLwi1ganoVcO6StOGwLYQYMFGZ2RsVKlwHs9 AwvezqQVOMhjyLw/85MrochN+O5bxQjOLIm7DiL9WNkjjKrVP0IBA3/C+N3+MRjG EUrSUcKYgkREgI6S1eIGEOgYgqrlXH08lGclHURvNeBIOkltnrwoL24pzdelbpvl D7OXugqY4sJsow4calZjQhU3+2XEc9QagmLmerqREWCX6JT98Jyea1moFlMFQlWP Dft8ggFm/V1vf7aQtD9c =IV5N -----END PGP SIGNATURE----- --mnXQAhBdbikvGBtuANNpjTHxLOLAAWVfa--