RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1439724 - Add to vsftpd.conf manpage that text_userdb_names=YES is not guaranteed to work when chroot_local_user=YES is used
Summary: Add to vsftpd.conf manpage that text_userdb_names=YES is not guaranteed to wo...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: man-pages-overrides
Version: 7.5-Alt
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Nikola Forró
QA Contact: David Jež
URL:
Whiteboard:
Depends On:
Blocks: 1473733 1508021
TreeView+ depends on / blocked
 
Reported: 2017-04-06 12:28 UTC by Renaud Métrich
Modified: 2023-09-15 00:01 UTC (History)
5 users (show)

Fixed In Version: man-pages-overrides-7.5.0-1.el7
Doc Type: Bug Fix
Doc Text:
Cause: Textual names of user and group can not be reliably resolved inside a chroot, so when chroot_local_user configuration option is set, text_userdb_names configration option is not guaranteed to work. But that wasn't mentioned in the vsftpd.conf.5 man page. Consequence: Users could be expecting both chroot_local_user and text_userdb_names options to be set together without issues. Fix: Note about textual names not being guaranteed was added to the description of text_userdb_names option in the vsftpd.conf.5 man page. Result: Users are now aware that text_userdb_names option can be ineffective when chroot_local_user option is set.
Clone Of:
Environment:
Last Closed: 2018-04-10 18:11:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Patch for vsftpd.conf.5 man page (442 bytes, patch)
2017-10-24 14:30 UTC, Nikola Forró 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0965 0 None None None 2018-04-10 18:12:53 UTC

Description Renaud Métrich 2017-04-06 12:28:30 UTC 
Description of problem:

When using chroot_local_user=YES and text_userdb_names=YES, name resolution is not guaranteed. The manpage should be updated accordingly.

Indeed, because the user session is chrooted, the calls to getpwuid()/getgrgid() fail to open /etc/passwd, /etc/groups or call NSCD socket when applicable.
When no nscd is running, then textual names are never displayed.
When nscd is running, then it depends on the following scenarios:

1. cache updated before ftp session is opened
-> name resolution in ftp session with current cache content

2. cache invalidated before ftp session is opened
-> no name resolution in ftp session

3. cache invalidated after ftp session is opened
-> name resolution in ftp session with old cache content

4. cache updated after ftp session is opened
-> name resolution in ftp session with old cache content


Version-Release number of selected component (if applicable):

7.3

How reproducible:

Always

Steps to Reproduce:
1. configure vsftpd with text_userdb_names=YES and chroot_local_user=YES
2. open ftp session
3. perform "ls -l" from ftp session

Actual results:

uid/gid are printed

Expected results:

user/group (names) should be printed

Additional info:

Proposal for new vsftpd.conf:

       text_userdb_names
              By  default,  numeric  IDs  are shown in the user and group fields of directory listings. You can get
              textual names by enabling this parameter. It is off by default for performance reasons.
              Note that textual names are not guaranteed when chroot_local_user is set to YES.

              Default: NO
Comment 3 Nikola Forró 2017-10-24 14:30:15 UTC 
Created attachment 1342786 [details]
Patch for vsftpd.conf.5 man page
Comment 13 errata-xmlrpc 2018-04-10 18:11:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0965
Comment 16 Red Hat Bugzilla 2023-09-15 00:01:45 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days
Note You need to log in before you can comment on or make changes to this bug.