[vox-tech] WU-FTPd question

Ryan vox-tech@lists.lugod.org
Wed, 26 Feb 2003 00:45:23 -0800 

I started using vsftp(http://freshmeat.net/projects/vsftpd/?topic_id=89), quick,
small, clean, secure,  easy to set up. ditch wu-ftp


----- Original Message -----
From: "Troy Arnold" <troy-vox@zenux.net>
To: <vox-tech@lists.lugod.org>
Sent: Tuesday, February 25, 2003 10:10 PM
Subject: Re: [vox-tech] WU-FTPd question


> On Tue, Feb 25, 2003 at 07:33:40PM -0800, Thomas Wieglenda wrote:
> > Thanks for the answer on having the devel tools loaded.  As soon as I got
> > those, it worked like a champ.  Now on to a new question...
> >
> > I am trying to setup guest user accounts with wu-ftpd, and I completed all
> > of the steps outlined in the wu-ftpd FAQ area.  I've added my user, made the
> > password, chrooted them, chmoded their user area and adjusted the ftpaccess
> > file accordingly.  But, when I try to logon to the FTP using the <username>
> > and <password>  I get an error saying that the password isn't correct.  Now,
> > I know that I'm typing in the correct password and I've verified that many
> > times, but it still won't work.  I CAN logon to the account via  a real user
> > account, but I can't logon with a guest user.  Any ideas?
> >
>
> Yeah, don't waste any more time configuring/learning Wu-Ftpd.  If at all
> possible, you should be using scp or sftp.  If you *must* run an ftpd,
> don't use wu-ftpd.  It has a history of nasties (exploits) and many
> knowledgeable people seem to think there are more waiting.
> Read this:
> http://linuxmafia.com/pub/linux/security/ftp-daemons
>
> I'm not sure if Rick keeps it up to date, but at one time it was a nice
> appraisal of the various ftpd's.
>
> To try and answer your question:
> 1) Do you need to tell ftpd to re-read its config files?  The easiest
>    way is to restart the service.
> 2) Check the log files.
> 3) You should be getting a generic login failure which should not give
>    you enough info to determine whether the "password is wrong" or the
>    "user is wrong" (that would let bad people guess valid usernames)
>    So, rather than a bad password, your failed login probably indicates
>    that ftpd does not know about your new user.  Does your new user need
>    a valid shell?  Is her shell listed in /etc/shells?
>
> I probably should have waited for someone with more wu-ftpd experience
> to answer, but I'm avoiding work. :)
>
> -troy
>
>
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>