Bug 786623
Summary: | ftpdctl doesn't work with out-of-the-box configuration | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Philip Prindeville <philipp> |
Component: | proftpd | Assignee: | Matthias Saou <matthias> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 16 | CC: | matthias, paul, philipp |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | proftpd-1.3.4a-5.fc16 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-08 21:29:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Philip Prindeville
2012-02-01 23:11:38 UTC
Here's what I added locally to proftpd.conf for ftpdctl to work: LoadModule mod_ctrls_admin.c # Allow only user root to load and unload modules, but allow everyone # to see which modules have been loaded ModuleControlsACLs insmod,rmmod allow user root ModuleControlsACLs lsmod allow user * # Support for ftpdctl <IfModule mod_ctrls.c> ControlsEngine on ControlsACLs all allow user root ControlsSocketACL allow user * ControlsLog /var/log/proftpd/controls.log </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on AdminControlsACLs all allow user root </IfModule> Perhaps I should add this by default? (In reply to comment #1) > > Perhaps I should add this by default? Mostly looks good... just one thing: instead of "user root" maybe have "group wheel" instead? (In reply to comment #2) > (In reply to comment #1) > > > > Perhaps I should add this by default? > > Mostly looks good... just one thing: instead of "user root" maybe have "group > wheel" instead? I'm not convinced about the usefulness of "group wheel" here; the ftp server only gets the current gid of the process connecting to the controls socket, not any supplementary groups, so a member of the wheel group would have to do "newgrp wheel" before using ftpdctl to see the benefit of this. It would probably be easier to use the wheel group via sudo I think. (In reply to comment #3) > I'm not convinced about the usefulness of "group wheel" here; the ftp server > only gets the current gid of the process connecting to the controls socket, not > any supplementary groups, so a member of the wheel group would have to do > "newgrp wheel" before using ftpdctl to see the benefit of this. Good point. proftpd-1.3.4a-5.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/proftpd-1.3.4a-5.fc17 proftpd-1.3.4a-5.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/proftpd-1.3.4a-5.fc16 proftpd-1.3.4a-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. proftpd-1.3.4a-5.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |