Hi,

This is a followup to my earlier post about vsftpd.

It looks like the default settings for vsftpd.conf have anonymous access enabled. 

I was able to change those settings by editing vsftpd.conf, killing the running vsftpd processes, and then starting vsftpd again using 'nohup vsftpd &', but I think that when I reboot the SMCWAPS-G (with Schufti's firmware), that the vsftpd.conf will be reloaded from ROM or something, and set back to allow anonymous access.

The reason I'm asking is that I had an incident yesterday/last night, when I was getting a bunch of login attempts to the SMCWAPS-G vsftpd. 

Luckily I had disabled anonymous FTP per the above before that, but now, I'm really worried about even rebooting the SMCWAPS-G, because that'll enable anonymous again, and it's a real pain having to modify vsftpd.conf everytime I power up the SMCWAPS-G.

BTW, I have an autoexec on my C drive, and I have some scripting in there to setup the LPD, so maybe I can overwrite the /etc/vsftpd.conf from the autoexec?

Jim

Hi,

I found this:

http://www.macsat.com/macsat/component/option,com_smf/Itemid,50/topic,717.0/

Unfortunately, I tried adding a "sleep 5" before the cp of the vsftpd.conf, but it's still not using the 'safer' vsftpd.conf ...

Here's my autoexec now:

# cat /mnt/C/autoexec
#!/bin/sh
sleep 5
cp /mnt/C/boot-safe-vsftpd.conf /var/config/vsftpd.conf

mkdir /etc/mini-lpd/lp
cd /etc/mini-lpd/lp
ln -s /dev/usblp0 device
cd /tmp
nohup mini-lpd &

Jim

Ernst,

Thanks, but that means that, like my putting the copying of the 'safer' vsftpd.conf in the autoexec, what you're suggesting means that, if I just want to ALWAYS use the safer vsftpd.conf, I have to telnet into the SMCWAPS-G everytime I start it to kill vsftpd and restart it.

That (having to do this manually) is what I was trying to avoid.  I'd like to have the safer vsftpd.conf all the time, automatically.

What puzzles me also is on the Airlive webgui, the "guest" is UNCHECKED.  I'd think that that should have disabled anonymous and ftp users from logging into FTP?

Jim

Hi,

I think that this works in autoexec:


I think that the above copies the safe vsftpd.conf to /var/config/vsftpd.conf, then it does a kill 'HUP' on the PID of the vsftpd process, which causes vsftpd to re-read the current (safer) /var/config/vsftpd.conf.

One ODDITY that MUST be noted is that it appears that when you use the Airlive webgui to make any changes in the FTP configuration (e.g., adding users, adding directories, etc.), it looks like the vsftpd daemon/process is restarted, and when it's restarted, THE ORIGINAL VSFTPD.CONF is COPIED INTO /var/config/vsftpd.conf, and the vsftpd process appears to pick up the ORIGINAL 'UNSAFE' vsftpd.conf!!

Jim

P.P.S.  The characters around the pidof are backwards apostrophes...

Jim