proftpd TLS

Wed May 20 21:00:13 UTC 2009

On Wed, May 20, 2009 at 4:57 PM, alexus <alexus at gmail.com> wrote:
> On Wed, May 20, 2009 at 10:47 AM, Mel Flynn
> <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
>> On Wednesday 20 May 2009 16:13:15 alexus wrote:
>>> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn
>>>
>>> <mel.flynn+fbsd.questions at mailing.thruhere.net> wrote:
>>> > On Tuesday 19 May 2009 21:18:48 alexus wrote:
>>> >> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved <mehul.n.ved at gmail.com> wrote:
>>> >> > On Tue, May 19, 2009 at 11:14 PM, alexus <alexus at gmail.com> wrote:
>>> >> >> i start it as a root, but it switchs to non-root
>>> >> >>
>>> >> >> nobody 52346  0.0  0.1 11820  4208  ??  SsJ  Sun06PM   0:00.66
>>> >> >> proftpd: (accepting connections) (proftpd)
>>> >> >
>>> >> > Check the value for 'user' in proftpd.conf. It will be nobody. Change
>>> >> > it to root.
>>> >> >
>>> >> > --
>>> >> >
>>> >> > Dyslexics have more fnu.  -
>>> >> > http://kingsly.net/tmp/fortune.php/1242364116
>>> >>
>>> >> wouldn't it sort of make it more risky in terms of security to run
>>> >> ftpd as root vs nobody?
>>> >> in general daemon do not run as root and thats for a reason..
>>> >
>>> > Yes, don't do it. Is proftpd started as root? Then this shouldn't occur,
>>> > although a forum post[1] suggests that mod_cap can fiddle with this.
>>> >
>>> > [1] http://forums.proftpd.org/smf/index.php?topic=1315.0
>>> > --
>>> > Mel
>>>
>>> if i set User in proftpd.conf to root, then it runs as a root
>>
>> I said *start* as root. Theoretically, the pass phrase part for your
>> certificate comes before dropping privileges. But maybe there's a bug in the
>> code. Is proftpd running jailed or not?
>>
>> --
>> Mel
>>
>
> yes, proftpd runs inside of jail
>
> --
> http://alexus.org/
>

this is proftpd started as root then it switch to nobody

nobody 52346  0.0  0.1 11820  4208  ??  SsJ  Sun06PM   0:00.66
proftpd: (accepting connections) (proftpd)

SsJ = j means jail


-- 
http://alexus.org/