[vox-tech] Re: vox-tech digest, Vol 1 #630 - 12 msgs
Thomas Wieglenda
vox-tech@lists.lugod.org
Thu, 27 Feb 2003 08:44:56 -0800
> Yeah, don't waste any more time configuring/learning Wu-Ftpd. If at all
> possible, you should be using scp or sftp. If you *must* run an ftpd,
> don't use wu-ftpd. It has a history of nasties (exploits) and many
> knowledgeable people seem to think there are more waiting.
> Read this:
> http://linuxmafia.com/pub/linux/security/ftp-daemons
>
> I'm not sure if Rick keeps it up to date, but at one time it was a nice
> appraisal of the various ftpd's.
>
> To try and answer your question:
> 1) Do you need to tell ftpd to re-read its config files? The easiest
> way is to restart the service.
> 2) Check the log files.
> 3) You should be getting a generic login failure which should not give
> you enough info to determine whether the "password is wrong" or the
> "user is wrong" (that would let bad people guess valid usernames)
> So, rather than a bad password, your failed login probably indicates
> that ftpd does not know about your new user. Does your new user need
> a valid shell? Is her shell listed in /etc/shells?
>
> I probably should have waited for someone with more wu-ftpd experience
> to answer, but I'm avoiding work. :)
>
> -troy
>
>
Well, you're right, I am getting a generic login error. You see the problem
in using another service is that I need a FTP service that will allow
multiple guest account logins and that will Chroot each guest user into
his/her directory. So far the only FTP service that I've found that will do
this properly is WU-FTPD. VSFTPD does allow virtual users but it sticks
them all into one directory, which isn't what I want. I don't know if
ProFTPD works very well, because each time I've used it, it's been a bad
experience.
I have do have the proper shell listed in the /etc/shells file also and of
course I've started WU-FTPD many times :)
Thomas