I am able to use ftp with anonymous login. it also works for all other users but it won't work for the root.

How do I enable ftp access for root-only and disable all users including anonymous login?

You VERY RARELY, IF EVER (never really) want to allow ROOT ftp access. The password on FTP it plain text, anyone can read it. You are sending your ROOT password over an unsecure line unencrypted. Bad juju

However should you decide to take my words and chuck em out the window:
In your /etc/ftpusers file comment out root (or comment it if it's uncommented, I cannot remember which right now...). That should be it. You may have to edit your proftpd.conf file if it's also restricted in there, post it up should there be any concern.

Cool

Thanks for the super fast reply.
I won't be using root for ftp access forever.

I installed apache,mysql and PHP as root. I need to access some of the files from my home/office for reinstalling PHP forums/skins.

Is there any other option of doing this? I really hate doing it as 'root'.

Anyway, commenting out root in /etc/ftpusers did not solve my problem

Also, I have heard about scp, ssh, sftp, etc.,
can I use my computer as scp server and then login as root from outside?

Yes, it'd be ssh server rather though, then you scp your files in. Another option is to use sftp, it's ftp over ssh, a little different than scp (scp is secure cp, sftp is secure ftp..).

Check your proftpd.conf file as well. However, like I said, even for 2 seconds, transmitting root's password in plain text is plain bad Sorry, had to use it.

I'd say to attempt an sftp first, it's actually likely you have ssh setup where you could ssh into the box and fix it from there.

And why have you installed these things as root? Shouldn't a non-existent user (nobody) run these daemons? I also setup a second existant, but far less privileged user for my "http" work. They will belong to a group (the only person in the group) that owns the file, give as little permissions as necessary:
chmod 760 filename
maybe, and use them for all the apache php work necessary.

Anyway, since you are in a bind, do your best and change that root pass ASAP after using FTP to access your box with root (should you even be able to, it's possible mandrake may have hardcoded or VERY hard conf'd it in to where root cannot do this for that very reason).

Cool

thanks.
you are awesome

You're Welcome, glad I could help

Welcome to LQ

Cool

I am trying to install Very Secure FTP. vsftpd

what does the author mean by
"witch to the directory created when you unpacked the vsftpd .tar.gz file.
e.g.:
cd vsftpd-1.1.2
edit "builddefs.h" to handle compile-time settings (tcp_wrappers build,etc)."

Does anyone know? Thank you

Does anyone know what they mean by switching to the directory or by tcp_wrappers or by the header file?



Um, switching to the directory means when you unpack a tarball, a directory with the name of the tarball (minus the tar.gz) is created, you must cd into that.
edit builddefs.h means to edit the file in that directory for build definitions, wich will include tcp_wrappers and likely gcc info. tcpwrappers are tcpd on some systems, check your /usr/sbin for tcpd if you're interested. From my iddie bit of research tcp_wrappers are another security measure for applications. I believe it helps then appear as rogue apps? Also it's a bit more speedy than standalone? This is all just heresay since I've got no real solid info for ya on it.

I'd suggest sticking with FTP for now, vsftp simply is secure because it supports chrooting itself automatically, but it's no more secure to FTP with root with that than it is with proftpd. You will still be sending it plain text, it's the protocols fault, not the applications.

sftp should be something you should look at, for now...

Cool

Thanks again.

I really want to go ahead with proftpd, but it is not working with the root. I will check it once again.

Ok, to enable root, you will need to make sure that root does not exist in that file, a simple comment in front of the name will do. Save, send a HUP to proftpd (if you are running it in inetd or xinetd send HUP's to them instead) and try again.

Cool