Bug 786623 - ftpdctl doesn't work with out-of-the-box configuration
Summary: ftpdctl doesn't work with out-of-the-box configuration
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: proftpd
Version: 16
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Matthias Saou
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-02-01 23:11 UTC by Philip Prindeville
Modified: 2012-03-08 21:29 UTC (History)
3 users (show)

Fixed In Version: proftpd-1.3.4a-5.fc16
Clone Of:
Environment:
Last Closed: 2012-03-08 21:29:23 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Philip Prindeville 2012-02-01 23:11:38 UTC 
Description of problem:

ftpdctl should work (since it's a basic troubleshooting tool of the FTP service) with no configuration, but it doesn't:

# ftpdctl lsmod
ftpdctl: error contacting server using '/run/proftpd/proftpd.sock': Connection refused
# 

Version-Release number of selected component (if applicable):

proftpd-1.3.4a-3.fc16.x86_64

How reproducible:

As above.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Paul Howarth 2012-02-02 09:10:58 UTC 
Here's what I added locally to proftpd.conf for ftpdctl to work:

LoadModule mod_ctrls_admin.c

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

# Support for ftpdctl
<IfModule mod_ctrls.c>
  ControlsEngine                on
  ControlsACLs                  all allow user root
  ControlsSocketACL             allow user *
  ControlsLog                   /var/log/proftpd/controls.log
</IfModule>
<IfModule mod_ctrls_admin.c>
  AdminControlsEngine           on
  AdminControlsACLs             all allow user root
</IfModule>


Perhaps I should add this by default?
Comment 2 Philip Prindeville 2012-02-02 16:43:08 UTC 
(In reply to comment #1)
> 
> Perhaps I should add this by default?

Mostly looks good... just one thing: instead of "user root" maybe have "group wheel" instead?
Comment 3 Paul Howarth 2012-02-28 14:35:04 UTC 
(In reply to comment #2)
> (In reply to comment #1)
> > 
> > Perhaps I should add this by default?
> 
> Mostly looks good... just one thing: instead of "user root" maybe have "group
> wheel" instead?

I'm not convinced about the usefulness of "group wheel" here; the ftp server only gets the current gid of the process connecting to the controls socket, not any supplementary groups, so a member of the wheel group would have to do "newgrp wheel" before using ftpdctl to see the benefit of this. It would probably be easier to use the wheel group via sudo I think.
Comment 4 Philip Prindeville 2012-02-28 17:09:58 UTC 
(In reply to comment #3)
> I'm not convinced about the usefulness of "group wheel" here; the ftp server
> only gets the current gid of the process connecting to the controls socket, not
> any supplementary groups, so a member of the wheel group would have to do
> "newgrp wheel" before using ftpdctl to see the benefit of this.

Good point.
Comment 5 Fedora Update System 2012-02-28 22:11:40 UTC 
proftpd-1.3.4a-5.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/proftpd-1.3.4a-5.fc17
Comment 6 Fedora Update System 2012-02-28 22:11:57 UTC 
proftpd-1.3.4a-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/proftpd-1.3.4a-5.fc16
Comment 7 Fedora Update System 2012-03-06 20:27:21 UTC 
proftpd-1.3.4a-5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-03-08 21:25:55 UTC 
proftpd-1.3.4a-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.