Hey!

I have a little problem with pure-ftpd. When i generate config file for it, everything works fine. No anonymous logins, bandwitch regulation etc...but i can`t login as root user. Pure says that he can`t trust me :-). Although
when i run pure-ftpd withoud -E function (which if i as far as i know means "use config file " ;-) ) i can login as root, but everything else is default. So can anyone tell me what function should i use in pureftp.conf to be able to use root account on my ftp?

Thanks

Szymon

I don't know anything about that FTP daemon, but logging in as root over FTP is a very bad idea. The reason for this is FTP transmits the password over the network in clear text, so it can easily be read by anyone running a packet sniffer on the network. You should look into SFTP instead. Your sshd will be able to handle SFTP, and so long as you allow root to login over ssh (which is the default in most installations that I've seen), you will be fine.

the thing is that my network is me and my neighbor (who barely knows how to install software on his windows machine :-) so he is rather harmless). But thanks for warning i will watch out in future.

In trying to find the answer to this I've seen quite a few people ask the question, but no one's ever answered it.

Without fail all you get is someone saying 'Logging in as root is a bad idea.... blah, blah....'

So's getting in a car & driving to work! - Do you know how many people get killed on the world's roads each day?
But without fail, despite knowing the dangers, people weigh the advantages against the risks, make a decision, and do it anyway because they have a need that can't be met any other way.
If you ask someone who's been driving for years to teach you how to, they might tell you it's dangerous, but they'll still teach you.
Why do linux users get stuck at the warning stage? 'Yeah, I know you want to learn to drive but it's dangerous so I won't tell you how to!'

Did you really just compare sending the root password over the network in clear text to driving a car? Driving a car is dangerous, yes, but certainly not reckless. A better analogy would be sitting on top of the car while your drunk 7 year old daughter drives you to work...there's really just no reason it should EVER be done. There is always another solution..adding a non-root user to certain groups and changing ownership/permissions of files/folders/devices usually does the trick. Even using something with encryption like ssh is still a bad idea to login as root unless it cannot be avoided (which I would argue that it can). Things like sudo make the root account all but unnecessary - in fact I typically disable it.

If you say your network is just you and your neighbor then I assume it is a wireless network. That makes sending the root password over clear text even more stupid. No wireless encryption/security scheme is perfectly secure, and everything you send over the network is sent out as radio waves for ~100 meters.

The "actual answer" to this is likely a configuration issue. I'm also unfamiliar with pure-ftpd, but the man page says, "Note that ftpd allows remote users to log in as root if the password is known and -u not used." So somewhere in your configuration file is a line akin to the -u switch that will not allow users below a certain uuid to login.

Yes I did compare, and no I didn't say that my network was just my neighbour & I on a wireless connection - that was someone else.

If the situation was akin to letting a drunk daughter drive the car while sitting on top...???
No, but sometimes things just have to be done in a way that is not ideal.
I'm in a situation where I've inherited the job of looking after a creaky old linux box that's been put together by various people over the years, has had various jobs assigned to it in that time & is having to work with systems it was never meant to.
One area it is vaguely linked to uses an old free bit of software that will only use ftp to connect, and needs access to various places on the system, data owned by various accounts,... it's a mess.
Reassigning ownership, creating new groups, you name it would take ages, & would eventually end up with an account that is pretty much root by another name.

It's a wired network, it's not an Enterprise Critical machine, it's backed up, and after the 30 - 60 mins it takes for the job to complete I can change the root password to something new.

If anyone was monitoring a backwater machine like this one waiting for the one chance in 12 years to grab the root password, 1 - They're very, very sad. 2 - It wouldn't do them any good for long.

Yes - Having weighed the risks against the benefits, in this particular case, on this particular system, logging in as root over ftp is the best (pretty much only) way to do it.

I don't think I'd let my drunk daughter do it though - that would just be silly

Right it was the OP who is likely on a wireless network - I haven't been here in so long I don't remember how to do much more than enter text for a reply - sorry for the confusion.

I'm sure there are many boxes out in the world doing things such as you described, but I still maintain it is a bad idea. Find a replacement for the software or hire a firm to replace it for you. Instead of mashing together some stuff that "isn't meant to work together" perhaps it would be best to find other solutions from things that are meant to work together. If I get your root password and login before you change it there's not really much you can do at that point. Now I have an internal device to launch my attack on your important machines or launch an attack on somebody else that is traced back to you. Is this likely to happen? No, but I bet it would be your ass if it did. Just saying.