vsftpd: change default secure_chroot_dir

Change default value of secure_chroot_dir to /var/run/vsftpd/empty, add volatiles entry for it, to ensure it won't fail to start with error: "500 OOPS: vsftpd: not found: directory given in 'secure_chroot_dir':/var/share/empty" This shows up in both standalone mode or started by xined. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
author: Ming Liu <ming.liu@windriver.com> 2013-09-18 09:44:20 +0800
committer: Joe MacDonald <joe@deserted.net> 2013-09-23 10:07:23 -0400
commit: 1c4921817e202909ae97e8108ab1de17ca14f6ce (patch)
tree: 988249c875b98c35de2cb2e9d1a8fb19aff665d2 /meta-networking/recipes-daemons/vsftpd
parent: 08c4c25787e10e6f9f2b2b5de59afbf648243603 (diff)
download: meta-openembedded-1c4921817e202909ae97e8108ab1de17ca14f6ce.tar.gz
3 files changed, 61 insertions, 1 deletions
diff --git a/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
new file mode 100644
index 000000000..5f2860e84
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
@@ -0,0 +1,55 @@
+vsftpd: change default value of secure_chroot_dir
+Upstream-Status: Pending
+Change secure_chroot_dir pointing to a volatile directory.
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ INSTALL       |    6 +++---
+ tunables.c    |    2 +-
+ vsftpd.conf.5 |    2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+diff -urpN a/INSTALL b/INSTALL
+--- a/INSTALL   2013-09-13 10:23:57.504972397 +0800
+++ b/INSTALL   2013-09-13 10:25:25.664971779 +0800
+@@ -27,11 +27,11 @@ user in case it does not already exist. 
+ [root@localhost root]# useradd nobody
+ useradd: user nobody exists
+ 
+-2b) vsftpd needs the (empty) directory /usr/share/empty in the default
+2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default
+ configuration. Add this directory in case it does not already exist. e.g.:
+ 
+-[root@localhost root]# mkdir /usr/share/empty/
+-mkdir: cannot create directory `/usr/share/empty': File exists
+[root@localhost root]# mkdir /var/run/vsftpd/empty/
+mkdir: cannot create directory `/var/run/vsftpd/empty': File exists
+ 
+ 2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
+ valid home directory (which is NOT owned or writable by the user "ftp").
+diff -urpN a/tunables.c b/tunables.c
+--- a/tunables.c        2013-09-13 10:26:29.554972817 +0800
+++ b/tunables.c        2013-09-13 10:27:18.104972210 +0800
+@@ -254,7 +254,7 @@ tunables_load_defaults()
+   /* -rw------- */
+   tunable_chown_upload_mode = 0600;
+ 
+-  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
+  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+   install_str_setting("root", &tunable_chown_username);
+   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
+diff -urpN a/vsftpd.conf.5 b/vsftpd.conf.5
+--- a/vsftpd.conf.5     2013-09-13 10:09:33.774972462 +0800
+++ b/vsftpd.conf.5     2013-09-13 10:10:41.914971989 +0800
+@@ -969,7 +969,7 @@ This option should be the name of a dire
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+ 
+-Default: /usr/share/empty
+Default: /var/run/vsftpd/empty
+ .TP
+ .B ssl_ciphers
+ This option can be used to select which SSL ciphers vsftpd will allow for
diff --git a/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
new file mode 100644
index 000000000..8a602ba37
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
@@ -0,0 +1 @@
+d root root 0755 /var/run/vsftpd/empty none
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
index 2c3e0098a..49d5d2a95 100644
--- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
           file://vsftpd.conf \
           file://vsftpd.user_list \
           file://vsftpd.ftpusers \
+           file://change-secure_chroot_dir.patch \
+           file://volatiles.99_vsftpd \
 "
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
@@ -40,7 +42,7 @@ LDFLAGS_append =" -lcrypt -lcap"
 do_configure() {
    # Fix hardcoded /usr, /etc, /var mess.
    cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \
-    |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
+    |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
    mv tunables.c.new tunables.c
 }
@@ -57,6 +59,8 @@ do_install() {
    install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf
    install -d ${D}${sysconfdir}/init.d/
    install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd
+    install -d ${D}/${sysconfdir}/default/volatiles
+    install -m 644 ${WORKDIR}/volatiles.99_vsftpd ${D}/${sysconfdir}/default/volatiles/99_vsftpd
    install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/
    install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/
author	Ming Liu <ming.liu@windriver.com>	2013-09-18 09:44:20 +0800
committer	Joe MacDonald <joe@deserted.net>	2013-09-23 10:07:23 -0400
commit	1c4921817e202909ae97e8108ab1de17ca14f6ce (patch)
tree	988249c875b98c35de2cb2e9d1a8fb19aff665d2 /meta-networking/recipes-daemons/vsftpd
parent	08c4c25787e10e6f9f2b2b5de59afbf648243603 (diff)
download	meta-openembedded-1c4921817e202909ae97e8108ab1de17ca14f6ce.tar.gz

diff --git a/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch new file mode 100644 index 000000000..5f2860e84 --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
@@ -0,0 +1,55 @@
		1	vsftpd: change default value of secure_chroot_dir
		2
		3	Upstream-Status: Pending
		4
		5	Change secure_chroot_dir pointing to a volatile directory.
		6
		7	Signed-off-by: Ming Liu <ming.liu@windriver.com>
		8	---
		9	INSTALL \| 6 +++---
		10	tunables.c \| 2 +-
		11	vsftpd.conf.5 \| 2 +-
		12	3 files changed, 5 insertions(+), 5 deletions(-)
		13
		14	diff -urpN a/INSTALL b/INSTALL
		15	--- a/INSTALL 2013-09-13 10:23:57.504972397 +0800
		16	+++ b/INSTALL 2013-09-13 10:25:25.664971779 +0800
		17	@@ -27,11 +27,11 @@ user in case it does not already exist.
		18	[root@localhost root]# useradd nobody
		19	useradd: user nobody exists
		20
		21	-2b) vsftpd needs the (empty) directory /usr/share/empty in the default
		22	+2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default
		23	configuration. Add this directory in case it does not already exist. e.g.:
		24
		25	-[root@localhost root]# mkdir /usr/share/empty/
		26	-mkdir: cannot create directory `/usr/share/empty': File exists
		27	+[root@localhost root]# mkdir /var/run/vsftpd/empty/
		28	+mkdir: cannot create directory `/var/run/vsftpd/empty': File exists
		29
		30	2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
		31	valid home directory (which is NOT owned or writable by the user "ftp").
		32	diff -urpN a/tunables.c b/tunables.c
		33	--- a/tunables.c 2013-09-13 10:26:29.554972817 +0800
		34	+++ b/tunables.c 2013-09-13 10:27:18.104972210 +0800
		35	@@ -254,7 +254,7 @@ tunables_load_defaults()
		36	/* -rw------- */
		37	tunable_chown_upload_mode = 0600;
		38
		39	- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
		40	+ install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
		41	install_str_setting("ftp", &tunable_ftp_username);
		42	install_str_setting("root", &tunable_chown_username);
		43	install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
		44	diff -urpN a/vsftpd.conf.5 b/vsftpd.conf.5
		45	--- a/vsftpd.conf.5 2013-09-13 10:09:33.774972462 +0800
		46	+++ b/vsftpd.conf.5 2013-09-13 10:10:41.914971989 +0800
		47	@@ -969,7 +969,7 @@ This option should be the name of a dire
		48	directory should not be writable by the ftp user. This directory is used
		49	as a secure chroot() jail at times vsftpd does not require filesystem access.
		50
		51	-Default: /usr/share/empty
		52	+Default: /var/run/vsftpd/empty
		53	.TP
		54	.B ssl_ciphers
		55	This option can be used to select which SSL ciphers vsftpd will allow for


diff --git a/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd new file mode 100644 index 000000000..8a602ba37 --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
@@ -0,0 +1 @@
			d root root 0755 /var/run/vsftpd/empty none


diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb index 2c3e0098a..49d5d2a95 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
14	file://vsftpd.conf \	14	file://vsftpd.conf \
15	file://vsftpd.user_list \	15	file://vsftpd.user_list \
16	file://vsftpd.ftpusers \	16	file://vsftpd.ftpusers \
		17	file://change-secure_chroot_dir.patch \
		18	file://volatiles.99_vsftpd \
17	"	19	"
18		20
19	LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \	21	LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
@@ -40,7 +42,7 @@ LDFLAGS_append =" -lcrypt -lcap"
40	do_configure() {	42	do_configure() {
41	# Fix hardcoded /usr, /etc, /var mess.	43	# Fix hardcoded /usr, /etc, /var mess.
42	cat tunables.c\|sed s:\"/usr:\"${prefix}:g\|sed s:\"/var:\"${localstatedir}:g \	44	cat tunables.c\|sed s:\"/usr:\"${prefix}:g\|sed s:\"/var:\"${localstatedir}:g \
43	\|sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g \|sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new	45	\|sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
44	mv tunables.c.new tunables.c	46	mv tunables.c.new tunables.c
45	}	47	}
46		48
@@ -57,6 +59,8 @@ do_install() {
57	install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf	59	install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf
58	install -d ${D}${sysconfdir}/init.d/	60	install -d ${D}${sysconfdir}/init.d/
59	install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd	61	install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd
		62	install -d ${D}/${sysconfdir}/default/volatiles
		63	install -m 644 ${WORKDIR}/volatiles.99_vsftpd ${D}/${sysconfdir}/default/volatiles/99_vsftpd
60		64
61	install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/	65	install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/
62	install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/	66	install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/