Bug 145548
Summary: | vsftpd doesn't warn when not reading user_configs | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 3 | Reporter: | Thomas Uebermeier <uthomas> |
Component: | vsftpd | Assignee: | Martin Nagy <mnagy> |
Status: | CLOSED WONTFIX | QA Contact: | Mike McLean <mikem> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 3.0 | CC: | hripps, juergen_nowak, kwade, mbarabas, mnagy, mshuler |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-02-01 12:38:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Thomas Uebermeier
2005-01-19 16:09:51 UTC
even more confusing, when reading the main configuration file those checks are not being done, see parseconf.c:183 Hmm, corect. I'll add the test there. May I have your personal opinion for my thoughts? I think vsftpd should die when the conf file isn't owned by root, not only log it. Yes, either die with a warning or ignore the config with a warning. For the first solution the advantage would be, that the admin would realize, that something is wrong, but both ways are ok. Ok, the fix will appear in vsftpd-2.0.1-9 (devel) and vsftpd-1.2.1-3E.4 (RHEL3) .. later I'll push it to the other dists. What was the final decision? Does vsftpd die with a warning or ignore the config with a warning? Oh sorry, I forget to mention it in my posting. The final decision is: we are strict. The file not owned by root is rejected as not being a valid configuration file. I've also added a note to vsftpd.8 about this. (In reply to comment #6) > Oh sorry, I forget to mention it in my posting. The final decision is: > we are strict. The file not owned by root is rejected as not being a > valid configuration file. I've also added a note to vsftpd.8 about this. Hi! We use the per-user configuration file feature for our installation. However, our server configuration requires the possibility not to have a configuration file for every single user (and use the settings in the global configuration file instead). In such a case, the current "vsftpd-1.2.1- nonrootconf.patch" lets vsftpd die if a configuration file doesn't exist for the user who tries to connect. What do you think about only letting vsftpd die if the configuration file exists and is not owned by root? This would still leave the configuration secure, but would allow people to have a general configuration for all "regular" users and only some per-user configuration files for some specific users. (In reply to comment #7) > What do you think about only letting vsftpd die if the configuration file > exists and is not owned by root? This would still leave the configuration > secure, but would allow people to have a general configuration for > all "regular" users and only some per-user configuration files for some > specific users. Agreed - it is unfortunate there was not any further discussion on this. vsftpd-1.2.1-3E.6 was released with this patch and broke ftp login, if no configuration file exists. ref: http://bugs.centos.org/view.php?id=1393 Radek, The 'else' part (which throws the error) is not only entered if the config file is not owned by root, it is also entered if the user config file does not exist. Touching an empty file for the user is a workaround, but this should be corrected to allow an ftp login to use the default configurations, if no custom configuration lines are included in a user_config_dir file. Kind Regards, Michael Shuler I'm sorry but for RHEL-3 we currently only fix regressions and mission critical bug. Hence closing as WONTFIX. |