proftpd TLS
alexus
alexus at gmail.com
Wed May 20 14:20:24 UTC 2009
On Wed, May 20, 2009 at 10:18 AM, alexus <alexus at gmail.com> wrote:
> On Wed, May 20, 2009 at 10:13 AM, alexus <alexus at gmail.com> wrote:
>> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn
>> <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
>>> On Tuesday 19 May 2009 21:18:48 alexus wrote:
>>>> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved <mehul.n.ved at gmail.com> wrote:
>>>> > On Tue, May 19, 2009 at 11:14 PM, alexus <alexus at gmail.com> wrote:
>>>> >> i start it as a root, but it switchs to non-root
>>>> >>
>>>> >> nobody 52346 0.0 0.1 11820 4208 ?? SsJ Sun06PM 0:00.66
>>>> >> proftpd: (accepting connections) (proftpd)
>>>> >
>>>> > Check the value for 'user' in proftpd.conf. It will be nobody. Change
>>>> > it to root.
>>>> >
>>>> > --
>>>> >
>>>> > Dyslexics have more fnu. - http://kingsly.net/tmp/fortune.php/1242364116
>>>>
>>>> wouldn't it sort of make it more risky in terms of security to run
>>>> ftpd as root vs nobody?
>>>> in general daemon do not run as root and thats for a reason..
>>>
>>> Yes, don't do it. Is proftpd started as root? Then this shouldn't occur,
>>> although a forum post[1] suggests that mod_cap can fiddle with this.
>>>
>>> [1] http://forums.proftpd.org/smf/index.php?topic=1315.0
>>> --
>>> Mel
>>>
>>
>> if i set User in proftpd.conf to root, then it runs as a root
>> the other thing is mod_cap has something to do with Linux compatibility w/ POSIX
>> I run FreeBSD...
>>
>> --
>> http://alexus.org/
>>
>
> for test purposes i set it to root, but even with that i'm unable to
> connect to ftp and my tls.log says following
>
> May 20 10:16:58 mod_tls/2.2.1[41536]: error locking passphrase into
> memory: Operation not permitted
> May 20 10:16:58 mod_tls/2.2.1[41536]: using default OpenSSL
> verification locations (see $SSL_CERT_DIR environment variable)
> May 20 10:16:58 mod_tls/2.2.1[41536]: TLS/TLS-C requested, starting
> TLS handshake
> May 20 10:17:01 mod_tls/2.2.1[41536]: TLSv1/SSLv3 connection accepted,
> using cipher DHE-RSA-AES256-SHA (256 bits)
> May 20 10:17:01 mod_tls/2.2.1[41536]: Protection set to Private
>
> and it hangs...
>
> --
> http://alexus.org/
>
actually, I take it back, I can connect even though I'm seeing this message
error locking passphrase into memory: Operation not permitted
but i guess my main concern it not to run it as root now
--
http://alexus.org/
More information about the freebsd-questions
mailing list