10 Jan
2019
10 Jan
'19
11:44 p.m.
More digging (now that I have a better handle on how to ask the question) reveals this bug against documentation and release notes for 7.6 to alert updaters about this breaking change for vsftpd:
https://bugzilla.redhat.com/show_bug.cgi?id=1647485
The last comment there, #15 by "Roy":
For a workaround to vsftpd login failures that doesn't expose your system to the cited CVE, and retains the benefits of system user account separation, read from "Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated vsftpd" on https://ubuntuforums.org/showthread.php?t=518293, but implement home directories using the section "System users as a virtual user with non-system password" as a guide.