| Summary: | vsftpd should be using portreserve | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Karel Srot <ksrot> |
| Component: | vsftpd | Assignee: | Jiri Skala <jskala> |
| Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.2 | CC: | aglotov, dapospis, ovasik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-02-15 11:55:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
I forgot to mention that we are interested in ports withing the range 600 - 1023. The vsftpd communicates on port 21 with the client that uses port > 1024. There are handled ports for data transfer. This mechanism is the same for TLS too. No one of that ports is in the range 600-1024. This could be done only by explicit setting in the vsftpd.conf file. I didn't find any occurrence using port in the range 600-1024 by vsftpd. Therefore I close it with the status 'netabug'. |
To avoid port conflicts with services such as CUPS or IMAP vsftpd should be using portreserve for reserving respective ports on RHEL6. Typical changes required: Given a SysV service package that uses a particular port, (say, krb5_prop/tcp - 754): 1) Create a file named after the service, for example 'krb5_prop', which contains: krb5_prop/tcp 2) In the spec, install this file in /etc/portreserve, i.e., /etc/portreserve/krb5_prop 3) In the spec, add 'Requires: portreserve' to the package that provides the server. 4) In the init script, in the start() stanza, add: [ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || : before starting the daemon. Some background can be found in bug 103401.