Ubuntu Server Guide

vsftpd *is* configured to allow anon by default

Bug #1016148 reported by Donovan Brooke
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Server Guide
Invalid
Undecided
Unassigned
vsftpd (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Problem file:
https://help.ubuntu.com/12.04/serverguide/ftp-server.html

Applies to:
Ubuntu 12.04 Server
package: vsftpd (vsftpd_2.3.5-1ubuntu2_amd64.deb)

Expected from Snippet:
"Anonymous FTP Configuration

By default vsftpd is not configured to allow anonymous download..."

What Happened:

A fresh install of vsftp shows this in the conf:

vi /etc/vsftpd.conf---------------------------------------------------------------------------------------------
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
------------------------------------------------------------------------------------------------------------------------

Donovan

Revision history for this message
Gernot Sander (dc4on) wrote :

https://help.ubuntu.com/10.04/serverguide/ftp-server.html

The written command:
sudo apt-get install vsftpd
does not create the file: /etc/init.d/vsftpd
and the daemon is not started

Gunnar Hjalmarsson (gunnarhj)
affects: ubuntu-docs (Ubuntu) → serverguide
Revision history for this message
Doug Smythies (dsmythies) wrote :

It is the configuration file that is incorrect, not the serverguide, so I am setting this one to invalid for the serverguide.
However, I also checked the trusty and utoptic master files, and they are O.K.

References:
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/trusty/vsftpd/trusty/view/head:/vsftpd.conf
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/vsftpd/precise/view/head:/vsftpd.conf
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/utopic/vsftpd/utopic/view/head:/vsftpd.conf

Changed in serverguide:
status: New → Invalid
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

We cannot change the default behaviour in existing releases. This would regress tested redeployments that depend on the default, so in my opinion this change would be unacceptable.

For the latest development release, there is no issue, since as Doug found, the default does have anonymous login disabled. So I'm marking the task for vsftpd in Ubuntu as Invalid, as there is no issue in the development release, and we cannot SRU a fix.

The only possible fix I see here is for a version of the server guide corresponding to the older release to be amended (effectively an SRU for the server guide) if that is possible, since the default behaviour does seem to have changed between releases.

Changed in vsftpd (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.