ftpd: Provide an option to turn off FTP anonymous usage

ftpd provides the -n option to disable anonymous FTP access, meaning the username 'ftp' cannot log in to the FTP server without a password stored in the password database. This feature helps prevent users who lack the background knowledge of how this special username 'ftp' conventionally works in FTP from mistakenly creating an account with the username 'ftp,' assuming it behaves like other usernames that require a password to log in to the FTP server, which it does not. Differential Revision: https://reviews.freebsd.org/D46547
2026-01-16 23:02:24 +00:00 · 2025-06-26 14:07:31 +02:00 · 2025-06-26 14:07:31 +02:00 · 0804e60df1
commit 0804e60df1
parent 19a7ea3cc4
2 changed files with 23 additions and 4 deletions
--- a/libexec/ftpd/ftpd.8
+++ b/libexec/ftpd/ftpd.8
@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd September 9, 2023
+.Dd June 26, 2025
 .Dt FTPD 8
 .Os
 .Sh NAME
@ -33,7 +33,8 @@
 .Nd Internet File Transfer Protocol server
 .Sh SYNOPSIS
 .Nm
-.Op Fl 468ABDdEhMmOoRrSUvW
+.Op Fl 468BDdEhMmOoRrSUvW
+.Bq Fl A | Fl n
 .Op Fl l Op Fl l
 .Op Fl a Ar address
 .Op Fl P Ar port
@ -147,6 +148,13 @@ Permit anonymous users to overwrite or modify
 existing files if allowed by file system permissions.
 By default, anonymous users cannot modify existing files;
 in particular, files to upload will be created under a unique name.
+.It Fl n
+Disable anonymous FTP access.
+The
+.Fl n
+option is mutually exclusive with the
+.Fl A
+option.
 .It Fl O
 Put server in write-only mode for anonymous users only.
 RETR is disabled for anonymous users, preventing anonymous downloads.
--- a/libexec/ftpd/ftpd.c
+++ b/libexec/ftpd/ftpd.c
@ -106,6 +106,7 @@ int	logging;
 int	restricted_data_ports = 1;
 int	paranoid = 1;	  /* be extra careful about security */
 int	anon_only = 0;    /* Only anonymous ftp allowed */
+int	noanon = 0;       /* disable anonymous ftp */
 int	assumeutf8 = 0;   /* Assume that server file names are in UTF-8 */
 int	guest;
 int	dochroot;
@ -269,7 +270,7 @@ main(int argc, char *argv[], char **envp)
 	openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP);

 	while ((ch = getopt(argc, argv,
-	                    "468a:ABdDEhlmMoOp:P:rRSt:T:u:UvW")) != -1) {
+	                    "468a:ABdDEhlmMnoOp:P:rRSt:T:u:UvW")) != -1) {
 		switch (ch) {
 		case '4':
 			family = (family == AF_INET6) ? AF_UNSPEC : AF_INET;
@ -327,6 +328,10 @@ main(int argc, char *argv[], char **envp)
 			noguestmkd = 1;
 			break;

+		case 'n':
+			noanon = 1;
+			break;
+
 		case 'o':
 			noretr = 1;
 			break;
@ -396,6 +401,11 @@ main(int argc, char *argv[], char **envp)
 		}
 	}

+	if (noanon && anon_only) {
+		syslog(LOG_ERR, "-n and -A are mutually exclusive");
+		exit(1);
+	}
+
 	/* handle filesize limit gracefully */
 	sa.sa_handler = SIG_IGN;
 	(void)sigaction(SIGXFSZ, &sa, NULL);
@ -995,7 +1005,8 @@ user(char *name)
 #else
 	pw = sgetpwnam("ftp");
 #endif
-	if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) {
+	if (!noanon &&
+	    (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0)) {
 		if (checkuser(_PATH_FTPUSERS, "ftp", 0, NULL, &ecode) ||
 		    (ecode != 0 && ecode != ENOENT))
 			reply(530, "User %s access denied.", name);