You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2010/09/20 17:54:36 UTC
[jira] Closed: (FTPSERVER-387) Disabling a user appears to have no
effect
[ https://issues.apache.org/jira/browse/FTPSERVER-387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-387.
---------------------------------------
Assignee: Niklas Gustavsson
Fix Version/s: 1.1.0
Resolution: Fixed
Fixed in rev 998964, thanks for reporting!
> Disabling a user appears to have no effect
> ------------------------------------------
>
> Key: FTPSERVER-387
> URL: https://issues.apache.org/jira/browse/FTPSERVER-387
> Project: FtpServer
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.0.4
> Environment: WinXP
> Reporter: Chris Birchall
> Assignee: Niklas Gustavsson
> Fix For: 1.0.5, 1.1.0
>
>
> Using PropertiesUserManager, setting a user's "enableflag" to false does not prevent the user from logging in, downloading files, etc.
> Here is the users.properties file:
> =======
> # Password is "admin"
> ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
> ftpserver.user.admin.homedirectory=./res/home
> ftpserver.user.admin.enableflag=true
> ftpserver.user.admin.writepermission=true
> ftpserver.user.admin.maxloginnumber=0
> ftpserver.user.admin.maxloginperip=0
> ftpserver.user.admin.idletime=0
> ftpserver.user.admin.uploadrate=0
> ftpserver.user.admin.downloadrate=0
> ftpserver.user.anonymous.userpassword=
> ftpserver.user.anonymous.homedirectory=./res/home
> ftpserver.user.anonymous.enableflag=true
> ftpserver.user.anonymous.writepermission=false
> ftpserver.user.anonymous.maxloginnumber=20
> ftpserver.user.anonymous.maxloginperip=2
> ftpserver.user.anonymous.idletime=300
> ftpserver.user.anonymous.uploadrate=4800
> ftpserver.user.anonymous.downloadrate=4800
> # Password is "admin"
> ftpserver.user.chris.userpassword=21232F297A57A5A743894A0E4A801FC3
> ftpserver.user.chris.homedirectory=./res/home
> ftpserver.user.chris.enableflag=false
> ftpserver.user.chris.writepermission=false
> ftpserver.user.chris.maxloginnumber=20
> ftpserver.user.chris.maxloginperip=2
> ftpserver.user.chris.idletime=300
> ftpserver.user.chris.uploadrate=4800
> ftpserver.user.chris.downloadrate=4800
> =========
> User 'chris' can successfully login and download a file, even though he is disabled.
> The DESCUSER command shows the user as disabled:
> =======
> コマンド: SITE DESCUSER chris
> 応答: 200-
> 応答: userid : chris
> 応答: userpassword : ********
> 応答: homedirectory : ./res/home
> 応答: writepermission : false
> 応答: enableflag : false
> 応答: idletime : 300
> 応答: uploadrate : 0
> 応答: 200 downloadrate : 0
> =======
> I did a quick check of the source, and the only place I could find a check of org.apache.ftpserver.ftplet.User#getEnabled() was in the SITE_DESCUSER class. So it appears that at login time a user's enabled/disabled status is never checked.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.