proftpd: use /bin/false as the login shell and add home-dir

Use /bin/false as the login shell, just like what Ubuntu does, otherwise there might be secure issue; add /var/lib/ftp as user ftp home-dir. Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Roy Li <rongqing.li@windriver.com> 2013-12-06 16:34:16 +0800
committer: Joe MacDonald <joe@deserted.net> 2013-12-09 16:17:44 -0500
commit: ac3a5d430139e3be08718770e4439032ad3091eb (patch)
tree: e48087d3e65e3e45b46c0e198744c73b95b41265 /meta-networking/recipes-daemons/proftpd
parent: c6e1be52b71c9c234de6aebd036a0e7898a89338 (diff)
download: meta-openembedded-ac3a5d430139e3be08718770e4439032ad3091eb.tar.gz
2 files changed, 30 insertions, 1 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
new file mode 100644
index 000000000..c64535cac
--- /dev/null
+++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
@@ -0,0 +1,27 @@
+close RequireValidShell check
+Upstream-Status: Inappropriate [configuration]
+close RequireValidShell check since we like to make /bin/false as shell
+for ftp user
+Signed-off-by: Roy Li <rongqing.li@windriver.com>
+---
+ sample-configurations/basic.conf |    1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
+index 314eb79..abcb284 100644
+--- a/sample-configurations/basic.conf
+++ b/sample-configurations/basic.conf
+@@ -53,6 +53,7 @@ AllowOverwrite                on
+   # We want clients to be able to login with "anonymous" as well as "ftp"
+   UserAlias                    anonymous ftp
+ 
+  RequireValidShell            off
+   # Limit the maximum number of anonymous logins
+   MaxClients                   10
+ 
+-- 
+1.7.10.4
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
index 6537b7709..eb502d6d9 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
@@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
           file://proftpd-basic.init \
           file://default \
           file://move-pidfile-to-var-run.patch \
+           file://close-RequireValidShell-check.patch \
 "
 SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"
@@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
-USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
+USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
+                       --shell /bin/false ${FTPUSER}"
 FILES_${PN} += "/home/${FTPUSER}"
author	Roy Li <rongqing.li@windriver.com>	2013-12-06 16:34:16 +0800
committer	Joe MacDonald <joe@deserted.net>	2013-12-09 16:17:44 -0500
commit	ac3a5d430139e3be08718770e4439032ad3091eb (patch)
tree	e48087d3e65e3e45b46c0e198744c73b95b41265 /meta-networking/recipes-daemons/proftpd
parent	c6e1be52b71c9c234de6aebd036a0e7898a89338 (diff)
download	meta-openembedded-ac3a5d430139e3be08718770e4439032ad3091eb.tar.gz

diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch new file mode 100644 index 000000000..c64535cac --- /dev/null +++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
@@ -0,0 +1,27 @@
		1	close RequireValidShell check
		2
		3	Upstream-Status: Inappropriate [configuration]
		4
		5	close RequireValidShell check since we like to make /bin/false as shell
		6	for ftp user
		7
		8	Signed-off-by: Roy Li <rongqing.li@windriver.com>
		9	---
		10	sample-configurations/basic.conf \| 1 +
		11	1 file changed, 1 insertion(+)
		12
		13	diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
		14	index 314eb79..abcb284 100644
		15	--- a/sample-configurations/basic.conf
		16	+++ b/sample-configurations/basic.conf
		17	@@ -53,6 +53,7 @@ AllowOverwrite on
		18	# We want clients to be able to login with "anonymous" as well as "ftp"
		19	UserAlias anonymous ftp
		20
		21	+ RequireValidShell off
		22	# Limit the maximum number of anonymous logins
		23	MaxClients 10
		24
		25	--
		26	1.7.10.4
		27


diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb index 6537b7709..eb502d6d9 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
@@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
13	file://proftpd-basic.init \	13	file://proftpd-basic.init \
14	file://default \	14	file://default \
15	file://move-pidfile-to-var-run.patch \	15	file://move-pidfile-to-var-run.patch \
		16	file://close-RequireValidShell-check.patch \
16	"	17	"
17		18
18	SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"	19	SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"
@@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
62		63
63	USERADD_PACKAGES = "${PN}"	64	USERADD_PACKAGES = "${PN}"
64	GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"	65	GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
65	USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"	66	USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
		67	--shell /bin/false ${FTPUSER}"
66		68
67	FILES_${PN} += "/home/${FTPUSER}"	69	FILES_${PN} += "/home/${FTPUSER}"