This content has been marked as final. Show 7 replies
I'm assuming that you don't want to disable all FTP access (i.e. shutdown FTP service).
That is correct, I would like to keep ftp running, just disable anonymous ftp
As stated above I have tried the method outlined in the link above, it has not worked.
Edited by: FalconAdmin on Jan 15, 2009 4:35 PM
First silly question - do you have a normal user account called "anonymous" in your /etc/passwd /NIS/whatever does your login credentials? BTW, if you want to use ftpaccess, you must pass a "-a" on the in.ftpd line. Do a "man in.ftpd" for more info.
I don't have an anonymous account in the /etc/passwd file.
If i add a -a to the line exactly where do i add it?
Should it be 'ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -a'
OR 'ftp stream tcp nowait root /usr/sbin/in.ftpd -a in.ftpd'
The former. (the last field corresponds to argv, argv...)
Though I find it odd that if you don't have an anonymous account, you think that anonymous ftp is active. If you ftp the host, and use anonymous and a password, it lets you in? It seems that the normal behavior is that is says
331 Guest login ok, send your complete e-mail address as password.
REGARDLESS of whether anonymous ftp is active or not (it's just that you can't log in without an allowed password). One can argue whether or not this is a desired behavior....
Thanks for your help,
I was hoping that I could make it give the message
"530 Guest login not allowed on this machine." as in solaris 9
when people try to ftp as anonymous, but as long as they can't login as anonymous that will do.
Yeah... I guess it was determined to be a security leak, since you would know if there was an anonymous account there or not. If you want to be certain, look where syslog is logging LOG_INFO and you'll see the log messages of what it is doing.