From owner-freebsd-questions@FreeBSD.ORG Wed May 20 21:00:13 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5196210656C8 for ; Wed, 20 May 2009 21:00:13 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.29]) by mx1.freebsd.org (Postfix) with ESMTP id 055F68FC1A for ; Wed, 20 May 2009 21:00:12 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so431535ywe.13 for ; Wed, 20 May 2009 14:00:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=4xfPfYsPnn3wjNS/LvSqJMluRHH9hOg+d6FT58XCKjU=; b=f5MSka85lgzF1BrT3qtlLJ1G8HIcaTc3T0iqRy8S4Q3dQG8XhSSHFZbbA1jB1Nfnvo Z/S3ejwBzUOgwQWowj8M+uo8j3/x+j7TmaY3UoN0klc36FvIS8SPZIeakHTd+qRHnbEE 0FARrkjJgLh0ekZx7AiDTVVyZqsRziQ3RyVwo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=s7hf8n9BhVNutGYVf5MIyz3IZCj9r270RCc6W2tKBGdUzOImdQL5JnXsaEoqcDCj7C jJBGRzhZYFJseT5+PKlwZ22G12LvVmyHOTrUzzv5I3DmnEWh9lukICQFJmpBwsQE7U1V SEeRdQE/qULAnRXj6m9EEDmltNhc8g1fMTDA0= MIME-Version: 1.0 Received: by 10.151.12.12 with SMTP id p12mr3548418ybi.19.1242853211905; Wed, 20 May 2009 14:00:11 -0700 (PDT) In-Reply-To: <6ae50c2d0905201357o62d78858ydbc5d8012e880ebf@mail.gmail.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <200905201346.33032.mel.flynn+fbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <200905201647.23788.mel.flynn+fbsd.questions@mailing.thruhere.net> <6ae50c2d0905201357o62d78858ydbc5d8012e880ebf@mail.gmail.com> Date: Wed, 20 May 2009 17:00:11 -0400 Message-ID: <6ae50c2d0905201400k30aede80qd5625db910e3df4a@mail.gmail.com> From: alexus To: Mel Flynn Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-questions@freebsd.org Subject: Re: proftpd TLS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 21:00:13 -0000 On Wed, May 20, 2009 at 4:57 PM, alexus wrote: > On Wed, May 20, 2009 at 10:47 AM, Mel Flynn > wrote: >> On Wednesday 20 May 2009 16:13:15 alexus wrote: >>> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn >>> >>> wrote: >>> > On Tuesday 19 May 2009 21:18:48 alexus wrote: >>> >> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved w= rote: >>> >> > On Tue, May 19, 2009 at 11:14 PM, alexus wrote: >>> >> >> i start it as a root, but it switchs to non-root >>> >> >> >>> >> >> nobody 52346 =C2=A00.0 =C2=A00.1 11820 =C2=A04208 =C2=A0?? =C2=A0= SsJ =C2=A0Sun06PM =C2=A0 0:00.66 >>> >> >> proftpd: (accepting connections) (proftpd) >>> >> > >>> >> > Check the value for 'user' in proftpd.conf. It will be nobody. Cha= nge >>> >> > it to root. >>> >> > >>> >> > -- >>> >> > >>> >> > Dyslexics have more fnu. =C2=A0- >>> >> > http://kingsly.net/tmp/fortune.php/1242364116 >>> >> >>> >> wouldn't it sort of make it more risky in terms of security to run >>> >> ftpd as root vs nobody? >>> >> in general daemon do not run as root and thats for a reason.. >>> > >>> > Yes, don't do it. Is proftpd started as root? Then this shouldn't occ= ur, >>> > although a forum post[1] suggests that mod_cap can fiddle with this. >>> > >>> > [1] http://forums.proftpd.org/smf/index.php?topic=3D1315.0 >>> > -- >>> > Mel >>> >>> if i set User in proftpd.conf to root, then it runs as a root >> >> I said *start* as root. Theoretically, the pass phrase part for your >> certificate comes before dropping privileges. But maybe there's a bug in= the >> code. Is proftpd running jailed or not? >> >> -- >> Mel >> > > yes, proftpd runs inside of jail > > -- > http://alexus.org/ > this is proftpd started as root then it switch to nobody nobody 52346 0.0 0.1 11820 4208 ?? SsJ Sun06PM 0:00.66 proftpd: (accepting connections) (proftpd) SsJ =3D j means jail --=20 http://alexus.org/