Bug 929559

Summary: Feature Request: Restore FTP support for non-system Users
Product: [openSUSE] openSUSE Tumbleweed Reporter: Tony Su <tonysu>
Component: YaST2Assignee: Michal Filka <mfilka>
Status: NEW --- QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: tonysu
Version: 201503*   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: screenshot of authentication tab

Description Tony Su 2015-05-04 16:44:09 UTC 
This was a YAST2 supported feature (properly) a long time ago (don't know when this was removed).

A standard and important feature running an Internet File Server using something like FTP is to support remote only FTP access (ie no local logon permissions). I don't know of a single FTP Server which does not support this.

For whatever reason, this feature disappeared from the YAST FTP server applet, and now only local system users are supported. Of course, this feature has not disappeared from the FTP Servers themselves.

Because this functionality once existed, I wonder if that earlier YAST applet code can be researched instead of re-building from scratch? If there has been fundamental changes in pure-ftpd and vsftpd the code may still need to be modified.
Comment 1 Martin Vidner 2015-05-05 14:22:54 UTC 
Created attachment 633285 [details]
screenshot of authentication tab

Sorry, I don't understand what you mean by "non-system users". Do you mean Anonymous users? That is supported, see the screenshot.
Comment 2 Tony Su 2015-05-05 22:05:52 UTC 
No,

The FTP app with its long history has always maintained its own application level database of Users that can login and access files using the FTP protocol, unrelated to any other database of Users.

YAST introduced the idea of permitting access to Users with Local System accounts. While an interesting idea for private access within a very small group or company, this is unworkable for traditional Internet use where you don't want every FTP User to also have local login access to the machine. The way the YAST FTP Server applet works now is very different than how FTP apps are supposed to be configured with minor upside (easy auto use of an available database of Users) but a major security downside (Usual FTP users should not have local logon access).

This is of course different than Anonymous access where the User is not individually identifiable..