proftpd TLS

[alexus]

On Wed, May 20, 2009 at 10:13 AM, alexus <alexus at gmail.com> wrote:
> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn
> <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
>> On Tuesday 19 May 2009 21:18:48 alexus wrote:
>>> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved <mehul.n.ved at gmail.com> wrote:
>>> > On Tue, May 19, 2009 at 11:14 PM, alexus <alexus at gmail.com> wrote:
>>> >> i start it as a root, but it switchs to non-root
>>> >>
>>> >> nobody 52346  0.0  0.1 11820  4208  ??  SsJ  Sun06PM   0:00.66
>>> >> proftpd: (accepting connections) (proftpd)
>>> >
>>> > Check the value for 'user' in proftpd.conf. It will be nobody. Change
>>> > it to root.
>>> >
>>> > --
>>> >
>>> > Dyslexics have more fnu.  - http://kingsly.net/tmp/fortune.php/1242364116
>>>
>>> wouldn't it sort of make it more risky in terms of security to run
>>> ftpd as root vs nobody?
>>> in general daemon do not run as root and thats for a reason..
>>
>> Yes, don't do it. Is proftpd started as root? Then this shouldn't occur,
>> although a forum post[1] suggests that mod_cap can fiddle with this.
>>
>> [1] http://forums.proftpd.org/smf/index.php?topic=1315.0
>> --
>> Mel
>>
>
> if i set User in proftpd.conf to root, then it runs as a root
> the other thing is mod_cap has something to do with Linux compatibility w/ POSIX
> I run FreeBSD...
>
> --
> http://alexus.org/
>

for test purposes i set it to root, but even with that i'm unable to
connect to ftp and my tls.log says following

May 20 10:16:58 mod_tls/2.2.1[41536]: error locking passphrase into
memory: Operation not permitted
May 20 10:16:58 mod_tls/2.2.1[41536]: using default OpenSSL
verification locations (see $SSL_CERT_DIR environment variable)
May 20 10:16:58 mod_tls/2.2.1[41536]: TLS/TLS-C requested, starting
TLS handshake
May 20 10:17:01 mod_tls/2.2.1[41536]: TLSv1/SSLv3 connection accepted,
using cipher DHE-RSA-AES256-SHA (256 bits)
May 20 10:17:01 mod_tls/2.2.1[41536]: Protection set to Private

and it hangs...

-- 
http://alexus.org/