You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2010/09/20 17:54:36 UTC

[jira] Closed: (FTPSERVER-387) Disabling a user appears to have no effect

     [ https://issues.apache.org/jira/browse/FTPSERVER-387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Niklas Gustavsson closed FTPSERVER-387.
---------------------------------------

         Assignee: Niklas Gustavsson
    Fix Version/s: 1.1.0
       Resolution: Fixed

Fixed in rev 998964, thanks for reporting!

> Disabling a user appears to have no effect
> ------------------------------------------
>
>                 Key: FTPSERVER-387
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-387
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 1.0.4
>         Environment: WinXP
>            Reporter: Chris Birchall
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0.5, 1.1.0
>
>
> Using PropertiesUserManager, setting a user's "enableflag" to false does not prevent the user from logging in, downloading files, etc.
> Here is the users.properties file:
> =======
> # Password is "admin"
> ftpserver.user.admin.userpassword=21232F297A57A5A743894A0E4A801FC3
> ftpserver.user.admin.homedirectory=./res/home
> ftpserver.user.admin.enableflag=true
> ftpserver.user.admin.writepermission=true
> ftpserver.user.admin.maxloginnumber=0
> ftpserver.user.admin.maxloginperip=0
> ftpserver.user.admin.idletime=0
> ftpserver.user.admin.uploadrate=0
> ftpserver.user.admin.downloadrate=0
> ftpserver.user.anonymous.userpassword=
> ftpserver.user.anonymous.homedirectory=./res/home
> ftpserver.user.anonymous.enableflag=true
> ftpserver.user.anonymous.writepermission=false
> ftpserver.user.anonymous.maxloginnumber=20
> ftpserver.user.anonymous.maxloginperip=2
> ftpserver.user.anonymous.idletime=300
> ftpserver.user.anonymous.uploadrate=4800
> ftpserver.user.anonymous.downloadrate=4800
> # Password is "admin"
> ftpserver.user.chris.userpassword=21232F297A57A5A743894A0E4A801FC3
> ftpserver.user.chris.homedirectory=./res/home
> ftpserver.user.chris.enableflag=false
> ftpserver.user.chris.writepermission=false
> ftpserver.user.chris.maxloginnumber=20
> ftpserver.user.chris.maxloginperip=2
> ftpserver.user.chris.idletime=300
> ftpserver.user.chris.uploadrate=4800
> ftpserver.user.chris.downloadrate=4800
> =========
> User 'chris' can successfully login and download a file, even though he is disabled.
> The DESCUSER command shows the user as disabled:
> =======
> コマンド:	SITE DESCUSER chris
> 応答:	200-
> 応答:	userid          : chris
> 応答:	userpassword    : ********
> 応答:	homedirectory   : ./res/home
> 応答:	writepermission : false
> 応答:	enableflag      : false
> 応答:	idletime        : 300
> 応答:	uploadrate      : 0
> 応答:	200 downloadrate    : 0
> =======
> I did a quick check of the source, and the only place I could find a check of  org.apache.ftpserver.ftplet.User#getEnabled() was in the SITE_DESCUSER class. So it appears that at login time a user's enabled/disabled status is never checked. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.