Bug 1140078

Summary: pure-ftpd: pam_listfile(pure-ftpd:auth): Couldn't open /etc/ftpusers
Product: [Fedora] Fedora EPEL Reporter: Robert Scheck <redhat-bugzilla>
Component: pure-ftpdAssignee: Michal Ingeli <mi>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel7CC: gregswift, mi, robert.scheck
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Scheck 2014-09-10 09:31:07 UTC 
Description of problem:
Even /etc/pure-ftpd/pure-ftpd.conf has "UseFtpUsers no" set, the following
appears on every FTP connection in /var/log/secure:

Sep 10 11:24:02 tux pure-ftpd: pam_listfile(pure-ftpd:auth): Couldn't open /etc/ftpusers
Sep 10 11:24:02 tux pure-ftpd: pam_unix(pure-ftpd:session): session opened for user example by (uid=0)
Sep 10 11:24:02 tux pure-ftpd: pam_unix(pure-ftpd:session): session closed for user example

Digging more into this seems to come from /etc/pam.d/pure-ftpd which says:

auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

But can't PAM fail quiet? Or should that file be shipped somehow?

Version-Release number of selected component (if applicable):
pure-ftpd-1.0.36-6.el7

How reproducible:
Everytime, see above.

Actual results:
Error message on each FTP connection.

Expected results:
No error message on each FTP connection.

Additional info:
Workaround: touch /etc/ftpusers
Comment 1 Greg Swift 2014-09-12 14:30:18 UTC 
Currently the package proftpd provides /etc/ftpusers.  I don't think you should have to have both packages installed, but i'm not sure if we should start providing a conflicting package. they are simultaneously installable at the moment.

As for making pam fail quietly, you can append quiet to the pam.d/pure-ftpd line, and that should silence the error.

I don't know if that makes sense to be a default though.
Comment 2 Robert Scheck 2014-09-12 14:32:02 UTC 
Do packages conflict each other if the file is marked as %config(noreplace)
in both packages?
Comment 3 Greg Swift 2014-09-13 03:06:06 UTC 
I had never thought to test that.
Comment 4 Fedora Admin user for bugzilla script actions 2022-11-29 00:30:30 UTC 
This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component.