Bug 509251
| Summary: | Canned /etc/proftpd.conf contains certain commands in "server config" instead of <Global> context | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Philip Prindeville <philipp> | ||||
| Component: | proftpd | Assignee: | Paul Howarth <paul> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 10 | CC: | matthias, tj | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.3.2a-5.fc10 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2009-09-24 05:25:44 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Philip Prindeville
2009-07-01 20:59:33 UTC
Created attachment 350788 [details]
Proposed new version of proftpd.conf
Here's the proftpd.conf I'm proposing to ship in the next proftpd update. The <IfDefine> bits will be specified in a new file /etc/sysconfig/proftpd.
What do you think?
(In reply to comment #1) > Created an attachment (id=350788) [details] > Proposed new version of proftpd.conf > > Here's the proftpd.conf I'm proposing to ship in the next proftpd update. The > <IfDefine> bits will be specified in a new file /etc/sysconfig/proftpd. > > What do you think? Seems reasonable. But don't we need to test for mod_dso.c? Or do we just assume it's always present? <IfModule mod_dso.c> ... all the stuff relying on "LoadModule" directives ... </IfModule> Or, is there a way to cause it to fail if it's been built *without* mod_dso.c? Also, can we add an <IfDefine ...> around IdentLookups and UseReverseDNS? Some people might want these on...
<Global>
...
<IfDefine !IDENT_LOOKUPS>
IdentLookups off
</IfDefine>
...
</Global>
and something similar (not in the Global section, obviously) for UseReverseDNS...
-Philip
(In reply to comment #3) > Also, can we add an <IfDefine ...> around IdentLookups and UseReverseDNS? Some > people might want these on... > > <Global> > ... > <IfDefine !IDENT_LOOKUPS> > IdentLookups off > </IfDefine> > ... > </Global> > > and something similar (not in the Global section, obviously) for > UseReverseDNS... > > -Philip Forgot to mention: the default of "IdentLookups" *was* on prior to 1.3.3rc1. Now it's off. So that creates certain issues for keeping the same config file across upgrades... Unless we spell it out both ways: <IfDefine IDENT_LOOKUPS> IdentLookups on </IfDefine> <IfDefine !IDENT_LOOKUPS> IdentLookups off </IfDefine> bletch. (In reply to comment #2) > (In reply to comment #1) > > Created an attachment (id=350788) [details] [details] > > Proposed new version of proftpd.conf > > > > Here's the proftpd.conf I'm proposing to ship in the next proftpd update. The > > <IfDefine> bits will be specified in a new file /etc/sysconfig/proftpd. > > > > What do you think? > > Seems reasonable. But don't we need to test for mod_dso.c? Or do we just > assume it's always present? > > <IfModule mod_dso.c> > ... all the stuff relying on "LoadModule" directives ... > </IfModule> > > Or, is there a way to cause it to fail if it's been built *without* mod_dso.c? I don't think we need to test it because the config file comes with the rpm, and the rpm build always includes mod_dso.c. If someone wants to hack the SRPM to remove that, they can always change the config file too. (In reply to comment #3) > Also, can we add an <IfDefine ...> around IdentLookups and UseReverseDNS? Some > people might want these on... > > <Global> > ... > <IfDefine !IDENT_LOOKUPS> > IdentLookups off > </IfDefine> > ... > </Global> > > and something similar (not in the Global section, obviously) for > UseReverseDNS... Well we could, but I'm not too keen on that. My aim with the <IfDefine> sections was to enable/disable significant blocks of configuration rather than one-liners, so as to keep diffs between the stock config and one on an installed system readable, as this helps when it comes to upgrades and people have to merge their config changes with those in a new rpm. So adding <IfDefine> sections for things that would be a 1-line diff isn't really worth it I think. It would also set us off on a slippery slope towards moving more and more config from /etc/proftpd.conf to /etc/sysconfig/proftpd, which I don't think is particularly desirable. I'm open to persuasion though, and I'd like to know what Matthias thinks, since it's his package after all. > (In reply to comment #3)
> > Also, can we add an <IfDefine ...> around IdentLookups and UseReverseDNS? Some
> > people might want these on...
> >
> > <Global>
> > ...
> > <IfDefine !IDENT_LOOKUPS>
> > IdentLookups off
> > </IfDefine>
> > ...
> > </Global>
> >
> > and something similar (not in the Global section, obviously) for
> > UseReverseDNS...
>
> Well we could, but I'm not too keen on that. My aim with the <IfDefine>
> sections was to enable/disable significant blocks of configuration rather than
> one-liners, so as to keep diffs between the stock config and one on an
> installed system readable, as this helps when it comes to upgrades and people
> have to merge their config changes with those in a new rpm. So adding
> <IfDefine> sections for things that would be a 1-line diff isn't really worth
> it I think. It would also set us off on a slippery slope towards moving more
> and more config from /etc/proftpd.conf to /etc/sysconfig/proftpd, which I don't
> think is particularly desirable.
>
> I'm open to persuasion though, and I'd like to know what Matthias thinks, since
> it's his package after all.
That's a reasonable argument, I guess.
Of course, dumping everything into /etc/sysconfig/proftpd *does* resolve the issue of having to reconcile /etc/proftpd.conf.rpmnew stuff... but once we get the config file reasonably stable so that new releases don't require a new config (hopefully all new features will have reasonable defaults) then that problem should go away.
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. Same issue applies in all releases, so bumping release to F-10 and re-opening. I'm awaiting feedback from Matthias on my proposed changes at the moment. proftpd-1.3.2a-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/proftpd-1.3.2a-2.fc10 proftpd-1.3.2a-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update proftpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8267 proftpd-1.3.2a-3.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/proftpd-1.3.2a-3.fc10 proftpd-1.3.2a-3.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update proftpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8875 proftpd-1.3.2a-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/proftpd-1.3.2a-4.fc10 proftpd-1.3.2a-4.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update proftpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-9249 proftpd-1.3.2a-5.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/proftpd-1.3.2a-5.fc10 Finally got around to installing it. Couple of suggestions: /etc/proftpd.conf should contain explicit "ServerType standalone" and "MaxLoginAttempts 2" to call out the defaults. /etc/sysconfig/proftpd should contain a comment that the values for PROFTPD_OPTIONS must explicitly be given as "server_args = ..." in /etc/xinetd.d/xproftpd if run in inetd-mode. Maybe replicate that same comment in /etc/xinetd.d/xproftpd as well. proftpd-1.3.2a-5.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update proftpd'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-9386 proftpd-1.3.2a-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |