diff options
author | Roy Li <rongqing.li@windriver.com> | 2013-12-06 16:34:16 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2013-12-09 16:17:44 -0500 |
commit | ac3a5d430139e3be08718770e4439032ad3091eb (patch) | |
tree | e48087d3e65e3e45b46c0e198744c73b95b41265 /meta-networking/recipes-daemons/proftpd | |
parent | c6e1be52b71c9c234de6aebd036a0e7898a89338 (diff) | |
download | meta-openembedded-ac3a5d430139e3be08718770e4439032ad3091eb.tar.gz |
proftpd: use /bin/false as the login shell and add home-dir
Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue; add /var/lib/ftp as user
ftp home-dir.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'meta-networking/recipes-daemons/proftpd')
-rw-r--r-- | meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch | 27 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb | 4 |
2 files changed, 30 insertions, 1 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch new file mode 100644 index 000000000..c64535cac --- /dev/null +++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch | |||
@@ -0,0 +1,27 @@ | |||
1 | close RequireValidShell check | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | close RequireValidShell check since we like to make /bin/false as shell | ||
6 | for ftp user | ||
7 | |||
8 | Signed-off-by: Roy Li <rongqing.li@windriver.com> | ||
9 | --- | ||
10 | sample-configurations/basic.conf | 1 + | ||
11 | 1 file changed, 1 insertion(+) | ||
12 | |||
13 | diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf | ||
14 | index 314eb79..abcb284 100644 | ||
15 | --- a/sample-configurations/basic.conf | ||
16 | +++ b/sample-configurations/basic.conf | ||
17 | @@ -53,6 +53,7 @@ AllowOverwrite on | ||
18 | # We want clients to be able to login with "anonymous" as well as "ftp" | ||
19 | UserAlias anonymous ftp | ||
20 | |||
21 | + RequireValidShell off | ||
22 | # Limit the maximum number of anonymous logins | ||
23 | MaxClients 10 | ||
24 | |||
25 | -- | ||
26 | 1.7.10.4 | ||
27 | |||
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb index 6537b7709..eb502d6d9 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb | |||
@@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \ | |||
13 | file://proftpd-basic.init \ | 13 | file://proftpd-basic.init \ |
14 | file://default \ | 14 | file://default \ |
15 | file://move-pidfile-to-var-run.patch \ | 15 | file://move-pidfile-to-var-run.patch \ |
16 | file://close-RequireValidShell-check.patch \ | ||
16 | " | 17 | " |
17 | 18 | ||
18 | SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2" | 19 | SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2" |
@@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15" | |||
62 | 63 | ||
63 | USERADD_PACKAGES = "${PN}" | 64 | USERADD_PACKAGES = "${PN}" |
64 | GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}" | 65 | GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}" |
65 | USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}" | 66 | USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \ |
67 | --shell /bin/false ${FTPUSER}" | ||
66 | 68 | ||
67 | FILES_${PN} += "/home/${FTPUSER}" | 69 | FILES_${PN} += "/home/${FTPUSER}" |