Bug 145548
| Summary: | vsftpd doesn't warn when not reading user_configs | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Thomas Uebermeier <uthomas> |
| Component: | vsftpd | Assignee: | Martin Nagy <mnagy> |
| Status: | CLOSED WONTFIX | QA Contact: | Mike McLean <mikem> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3.0 | CC: | hripps, juergen_nowak, kwade, mbarabas, mnagy, mshuler |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-02-01 12:38:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
even more confusing, when reading the main configuration file those checks are not being done, see parseconf.c:183 Hmm, corect. I'll add the test there. May I have your personal opinion for my thoughts? I think vsftpd should die when the conf file isn't owned by root, not only log it. Yes, either die with a warning or ignore the config with a warning. For the first solution the advantage would be, that the admin would realize, that something is wrong, but both ways are ok. Ok, the fix will appear in vsftpd-2.0.1-9 (devel) and vsftpd-1.2.1-3E.4 (RHEL3) .. later I'll push it to the other dists. What was the final decision? Does vsftpd die with a warning or ignore the config with a warning? Oh sorry, I forget to mention it in my posting. The final decision is: we are strict. The file not owned by root is rejected as not being a valid configuration file. I've also added a note to vsftpd.8 about this. (In reply to comment #6) > Oh sorry, I forget to mention it in my posting. The final decision is: > we are strict. The file not owned by root is rejected as not being a > valid configuration file. I've also added a note to vsftpd.8 about this. Hi! We use the per-user configuration file feature for our installation. However, our server configuration requires the possibility not to have a configuration file for every single user (and use the settings in the global configuration file instead). In such a case, the current "vsftpd-1.2.1- nonrootconf.patch" lets vsftpd die if a configuration file doesn't exist for the user who tries to connect. What do you think about only letting vsftpd die if the configuration file exists and is not owned by root? This would still leave the configuration secure, but would allow people to have a general configuration for all "regular" users and only some per-user configuration files for some specific users. (In reply to comment #7) > What do you think about only letting vsftpd die if the configuration file > exists and is not owned by root? This would still leave the configuration > secure, but would allow people to have a general configuration for > all "regular" users and only some per-user configuration files for some > specific users. Agreed - it is unfortunate there was not any further discussion on this. vsftpd-1.2.1-3E.6 was released with this patch and broke ftp login, if no configuration file exists. ref: http://bugs.centos.org/view.php?id=1393 Radek, The 'else' part (which throws the error) is not only entered if the config file is not owned by root, it is also entered if the user config file does not exist. Touching an empty file for the user is a workaround, but this should be corrected to allow an ftp login to use the default configurations, if no custom configuration lines are included in a user_config_dir file. Kind Regards, Michael Shuler I'm sorry but for RHEL-3 we currently only fix regressions and mission critical bug. Hence closing as WONTFIX. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020 Description of problem: vsftpd has the ability to use user specific configuration files ("user_config_dir"). When these configuration files are *not* being owned by root, they are ignored - for obvious security reasons. The problem is, that this is not documented and there is no warning if this happens: from twoprocess.c:337 retval = str_stat(&filename_str, &p_statbuf); /* Security - ignore unless owned by root */ if (!vsf_sysutil_retval_is_error(retval) && vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID) { vsf_parseconf_load_file(str_getbuf(&filename_str), 1); } to avoid confusion vsftpd should log (on server side) its problems. Version-Release number of selected component (if applicable): vsftpd-1.2.1-3E.1 How reproducible: Always Steps to Reproduce: see above Actual Results: Config file not being read, no notice, nowhere documented. Expected Results: Minimum documentation, better some log entry what happened. Additional info: