Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Cause: Textual names of user and group can not be reliably resolved inside a chroot, so when chroot_local_user configuration option is set, text_userdb_names configration option is not guaranteed to work. But that wasn't mentioned in the vsftpd.conf.5 man page.
Consequence: Users could be expecting both chroot_local_user and text_userdb_names options to be set together without issues.
Fix: Note about textual names not being guaranteed was added to the description of text_userdb_names option in the vsftpd.conf.5 man page.
Result: Users are now aware that text_userdb_names option can be ineffective when chroot_local_user option is set.
Description of problem:
When using chroot_local_user=YES and text_userdb_names=YES, name resolution is not guaranteed. The manpage should be updated accordingly.
Indeed, because the user session is chrooted, the calls to getpwuid()/getgrgid() fail to open /etc/passwd, /etc/groups or call NSCD socket when applicable.
When no nscd is running, then textual names are never displayed.
When nscd is running, then it depends on the following scenarios:
1. cache updated before ftp session is opened
-> name resolution in ftp session with current cache content
2. cache invalidated before ftp session is opened
-> no name resolution in ftp session
3. cache invalidated after ftp session is opened
-> name resolution in ftp session with old cache content
4. cache updated after ftp session is opened
-> name resolution in ftp session with old cache content
Version-Release number of selected component (if applicable):
7.3
How reproducible:
Always
Steps to Reproduce:
1. configure vsftpd with text_userdb_names=YES and chroot_local_user=YES
2. open ftp session
3. perform "ls -l" from ftp session
Actual results:
uid/gid are printed
Expected results:
user/group (names) should be printed
Additional info:
Proposal for new vsftpd.conf:
text_userdb_names
By default, numeric IDs are shown in the user and group fields of directory listings. You can get
textual names by enabling this parameter. It is off by default for performance reasons.
Note that textual names are not guaranteed when chroot_local_user is set to YES.
Default: NO
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2018:0965
Comment 16Red Hat Bugzilla
2023-09-15 00:01:45 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days
Description of problem: When using chroot_local_user=YES and text_userdb_names=YES, name resolution is not guaranteed. The manpage should be updated accordingly. Indeed, because the user session is chrooted, the calls to getpwuid()/getgrgid() fail to open /etc/passwd, /etc/groups or call NSCD socket when applicable. When no nscd is running, then textual names are never displayed. When nscd is running, then it depends on the following scenarios: 1. cache updated before ftp session is opened -> name resolution in ftp session with current cache content 2. cache invalidated before ftp session is opened -> no name resolution in ftp session 3. cache invalidated after ftp session is opened -> name resolution in ftp session with old cache content 4. cache updated after ftp session is opened -> name resolution in ftp session with old cache content Version-Release number of selected component (if applicable): 7.3 How reproducible: Always Steps to Reproduce: 1. configure vsftpd with text_userdb_names=YES and chroot_local_user=YES 2. open ftp session 3. perform "ls -l" from ftp session Actual results: uid/gid are printed Expected results: user/group (names) should be printed Additional info: Proposal for new vsftpd.conf: text_userdb_names By default, numeric IDs are shown in the user and group fields of directory listings. You can get textual names by enabling this parameter. It is off by default for performance reasons. Note that textual names are not guaranteed when chroot_local_user is set to YES. Default: NO