HPE Community
Operating System - Linux
1820475 Members
2921 Online
109624 Solutions
New Discussion юеВ

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

 
george_114
Advisor

тАО10-23-2003 01:52 PM

тАО10-23-2003 01:52 PM

How I can not ftp using root user on Redhat 8.0 Wu-Ftp

I have configured my ftp server and adding ftp's user include root user.When i try to ftp my redhat server using root, it returns login incorrect when i try using another user, it runs successfully.Why does this happen ??
0 Kudos
Reply
8 REPLIES 8
Stuart Browne
Honored Contributor

тАО10-23-2003 01:57 PM

тАО10-23-2003 01:57 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

Security. If you can FTP in as root, you have the ability to over-write some very important files.

wuFTPd under RedHat uses PAM for security. If you take a look at '/etc/pam.d/ftp', you'll see the first 'auth' line is a 'deny' for people listed in '/etc/ftpusers'.

'root' is the first entry in this file. If you really want to be able to ftp in as the root user, then remove 'root' from this file.
One long-haired git at your service...
0 Kudos
Reply
george_114
Advisor

тАО10-23-2003 02:11 PM

тАО10-23-2003 02:11 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

I have remark user root in file /etc/ftpusers but still i can not login using root. Why can this happen ??
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО10-23-2003 02:50 PM

тАО10-23-2003 02:50 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

Remove it, don't comment it out.
One long-haired git at your service...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-23-2003 03:14 PM

тАО10-23-2003 03:14 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

You obviously need to understand the security risk here. If someone gets root access on the net they can wipe out your whole system.

ftp transmits passwords back and forth in clear text. With no priviledges and a pc I could sniff your network and get the root password off one ftp login if you do this.

Stuart gave you a solution and thats worth 10 points.

I propose an alternative solution thats a bit harder.

Install openssh. That will give root secure sftp access.

http://www.redhat.com for the rpms or http://openssh.org for the source code if you like compiling stuff.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
george_114
Advisor

тАО10-23-2003 03:40 PM

тАО10-23-2003 03:40 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

I have removed root from /etc/ftpusers but still I can not ftp using root.After edit that file, i have to reboot my machine ???
Or restart ftp service ???
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО10-23-2003 04:20 PM

тАО10-23-2003 04:20 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

You shouldn't have too. I tried it here, and it worked immediately (but using an older version of wu-ftpd).

I don't have an RH8 box with wu-ftpd here to test further I'm afraid.

Other than ensuring you are using the right redentials (user/pass), I can't help further.

However, SEP is most definately correct in saying that it is most definatly not a secure, or preferred method, especially if you are using root credentials.
One long-haired git at your service...
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

тАО10-23-2003 09:26 PM

тАО10-23-2003 09:26 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

it's not enough to edit /etc/ftpusers file.
You should also edit the file /etc/ftpaccess
append these lines below "allow-gid ftp":
allow-uid root
allow-gid root
and then restart xinetd service:
service xinetd restart


Best regards
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-23-2003 11:25 PM

тАО10-23-2003 11:25 PM

Re: How I can not ftp using root user on Redhat 8.0 Wu-Ftp

You need to restart xinetd driver for you change to take effect.

service xinetd restart

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.