Red Hat Bugzilla – Bug 145548
vsftpd doesn't warn when not reading user_configs
Last modified: 2016-07-26 19:46:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3)
Description of problem:
vsftpd has the ability to use user specific configuration files
("user_config_dir"). When these configuration files are *not* being
owned by root, they are ignored - for obvious security reasons.
The problem is, that this is not documented and there is no warning if
retval = str_stat(&filename_str, &p_statbuf);
/* Security - ignore unless owned by root */
if (!vsf_sysutil_retval_is_error(retval) &&
vsf_sysutil_statbuf_get_uid(p_statbuf) == VSFTP_ROOT_UID)
to avoid confusion vsftpd should log (on server side) its problems.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual Results: Config file not being read, no notice, nowhere
Expected Results: Minimum documentation, better some log entry what
even more confusing, when reading the main configuration file those
checks are not being done, see parseconf.c:183
Hmm, corect. I'll add the test there. May I have your personal opinion
for my thoughts? I think vsftpd should die when the conf file isn't
owned by root, not only log it.
Yes, either die with a warning or ignore the config with a warning.
For the first solution the advantage would be, that the admin would
realize, that something is wrong, but both ways are ok.
Ok, the fix will appear in vsftpd-2.0.1-9 (devel) and
vsftpd-1.2.1-3E.4 (RHEL3) .. later I'll push it to the other dists.
What was the final decision? Does vsftpd die with a warning or ignore
the config with a warning?
Oh sorry, I forget to mention it in my posting. The final decision is:
we are strict. The file not owned by root is rejected as not being a
valid configuration file. I've also added a note to vsftpd.8 about this.
(In reply to comment #6)
> Oh sorry, I forget to mention it in my posting. The final decision is:
> we are strict. The file not owned by root is rejected as not being a
> valid configuration file. I've also added a note to vsftpd.8 about this.
Hi! We use the per-user configuration file feature for our installation.
However, our server configuration requires the possibility not to have a
configuration file for every single user (and use the settings in the global
configuration file instead). In such a case, the current "vsftpd-1.2.1-
nonrootconf.patch" lets vsftpd die if a configuration file doesn't exist for
the user who tries to connect.
What do you think about only letting vsftpd die if the configuration file
exists and is not owned by root? This would still leave the configuration
secure, but would allow people to have a general configuration for
all "regular" users and only some per-user configuration files for some
(In reply to comment #7)
> What do you think about only letting vsftpd die if the configuration file
> exists and is not owned by root? This would still leave the configuration
> secure, but would allow people to have a general configuration for
> all "regular" users and only some per-user configuration files for some
> specific users.
Agreed - it is unfortunate there was not any further discussion on this.
vsftpd-1.2.1-3E.6 was released with this patch and broke ftp login, if no
configuration file exists.
The 'else' part (which throws the error) is not only entered if the config file
is not owned by root, it is also entered if the user config file does not exist.
Touching an empty file for the user is a workaround, but this should be
corrected to allow an ftp login to use the default configurations, if no custom
configuration lines are included in a user_config_dir file.
I'm sorry but for RHEL-3 we currently only fix regressions and mission critical
bug. Hence closing as WONTFIX.