diff options
author | Roy.Li <rongqing.li@windriver.com> | 2013-07-19 10:19:25 +0800 |
---|---|---|
committer | Joe MacDonald <joe.macdonald@windriver.com> | 2013-07-19 11:00:43 -0400 |
commit | 441502b68d03a4ce7796436a53c5e95399724ad2 (patch) | |
tree | 3fb89fa557663cc7dc813090e5859ef2930d7a99 /meta-networking/recipes-daemons | |
parent | fe85f4980e7c7c35df8fc6b93431c125577dd643 (diff) | |
download | meta-openembedded-441502b68d03a4ce7796436a53c5e95399724ad2.tar.gz |
Upgrade vsftpd to 3.0.0
Upgrade vsftpd to 3.0.0 with below modification:
1. more strict access limitation, like: do not allow anonymous access
2. use vsftpd.ftpusers and vsftpd.user_list to confine user access
3. enable pam if DISTRO_FEATURE includes pam
4. enable tcp-wrapper
5. install vsftpd.conf with 0600 permission, not 0755
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Diffstat (limited to 'meta-networking/recipes-daemons')
11 files changed, 199 insertions, 63 deletions
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf index 08f91e048..bb1929480 100755..100644 --- a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf | |||
@@ -12,17 +12,17 @@ | |||
12 | listen=YES | 12 | listen=YES |
13 | 13 | ||
14 | # Allow anonymous FTP? (Beware - allowed by default if you comment this out). | 14 | # Allow anonymous FTP? (Beware - allowed by default if you comment this out). |
15 | anonymous_enable=YES | 15 | anonymous_enable=NO |
16 | # | 16 | # |
17 | # Uncomment this to allow local users to log in. | 17 | # Uncomment this to allow local users to log in. |
18 | #local_enable=YES | 18 | local_enable=YES |
19 | # | 19 | # |
20 | # Uncomment this to enable any form of FTP write command. | 20 | # Uncomment this to enable any form of FTP write command. |
21 | write_enable=YES | 21 | write_enable=YES |
22 | # | 22 | # |
23 | # Default umask for local users is 077. You may wish to change this to 022, | 23 | # Default umask for local users is 077. You may wish to change this to 022, |
24 | # if your users expect that (022 is used by most other ftpd's) | 24 | # if your users expect that (022 is used by most other ftpd's) |
25 | #local_umask=022 | 25 | local_umask=022 |
26 | # | 26 | # |
27 | # Uncomment this to allow the anonymous FTP user to upload files. This only | 27 | # Uncomment this to allow the anonymous FTP user to upload files. This only |
28 | # has an effect if the above global write enable is activated. Also, you will | 28 | # has an effect if the above global write enable is activated. Also, you will |
@@ -54,7 +54,7 @@ connect_from_port_20=YES | |||
54 | #xferlog_file=/var/log/vsftpd.log | 54 | #xferlog_file=/var/log/vsftpd.log |
55 | # | 55 | # |
56 | # If you want, you can have your log file in standard ftpd xferlog format | 56 | # If you want, you can have your log file in standard ftpd xferlog format |
57 | #xferlog_std_format=YES | 57 | xferlog_std_format=YES |
58 | # | 58 | # |
59 | # You may change the default value for timing out an idle session. | 59 | # You may change the default value for timing out an idle session. |
60 | #idle_session_timeout=600 | 60 | #idle_session_timeout=600 |
@@ -64,7 +64,7 @@ connect_from_port_20=YES | |||
64 | # | 64 | # |
65 | # It is recommended that you define on your system a unique user which the | 65 | # It is recommended that you define on your system a unique user which the |
66 | # ftp server can use as a totally isolated and unprivileged user. | 66 | # ftp server can use as a totally isolated and unprivileged user. |
67 | #nopriv_user=ftpsecure | 67 | #nopriv_user=ftp |
68 | # | 68 | # |
69 | # Enable this and the server will recognise asynchronous ABOR requests. Not | 69 | # Enable this and the server will recognise asynchronous ABOR requests. Not |
70 | # recommended for security (the code is non-trivial). Not enabling it, | 70 | # recommended for security (the code is non-trivial). Not enabling it, |
@@ -105,4 +105,35 @@ connect_from_port_20=YES | |||
105 | # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume | 105 | # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume |
106 | # the presence of the "-R" option, so there is a strong case for enabling it. | 106 | # the presence of the "-R" option, so there is a strong case for enabling it. |
107 | #ls_recurse_enable=YES | 107 | #ls_recurse_enable=YES |
108 | 108 | # | |
109 | # This string is the name of the PAM service vsftpd will use. | ||
110 | pam_service_name=vsftpd | ||
111 | # | ||
112 | # This option is examined if userlist_enable is activated. If you set this | ||
113 | # setting to NO, then users will be denied login unless they are explicitly | ||
114 | # listed in the file specified by userlist_file. When login is denied, the | ||
115 | # denial is issued before the user is asked for a password. | ||
116 | userlist_deny=YES | ||
117 | # | ||
118 | # If enabled, vsftpd will load a list of usernames, from the filename given by | ||
119 | # userlist_file. If a user tries to log in using a name in this file, they | ||
120 | # will be denied before they are asked for a password. This may be useful in | ||
121 | # preventing cleartext passwords being transmitted. See also userlist_deny. | ||
122 | userlist_enable=YES | ||
123 | # | ||
124 | # If enabled, vsftpd will display directory listings with the time in your | ||
125 | # local time zone. The default is to display GMT. The times returned by the | ||
126 | # MDTM FTP command are also affected by this option. | ||
127 | use_localtime=YES | ||
128 | # | ||
129 | # If set to YES, local users will be (by default) placed in a chroot() jail in | ||
130 | # their home directory after login. Warning: This option has security | ||
131 | # implications, especially if the users have upload permission, or shell access. | ||
132 | # Only enable if you know what you are doing. Note that these security implications | ||
133 | # are not vsftpd specific. They apply to all FTP daemons which offer to put | ||
134 | # local users in chroot() jails. | ||
135 | chroot_local_user=YES | ||
136 | # | ||
137 | allow_writeable_chroot=YES | ||
138 | # | ||
139 | tcp_wrappers=YES | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers new file mode 100644 index 000000000..096142f5d --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers | |||
@@ -0,0 +1,15 @@ | |||
1 | # Users that are not allowed to login via ftp | ||
2 | root | ||
3 | bin | ||
4 | daemon | ||
5 | adm | ||
6 | lp | ||
7 | sync | ||
8 | shutdown | ||
9 | halt | ||
10 | |||
11 | news | ||
12 | uucp | ||
13 | operator | ||
14 | games | ||
15 | nobody | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list new file mode 100644 index 000000000..d283e3d26 --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list | |||
@@ -0,0 +1,20 @@ | |||
1 | # vsftpd userlist | ||
2 | # If userlist_deny=NO, only allow users in this file | ||
3 | # If userlist_deny=YES (default), never allow users in this file, and | ||
4 | # do not even prompt for a password. | ||
5 | # Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers | ||
6 | # for users that are denied. | ||
7 | root | ||
8 | bin | ||
9 | daemon | ||
10 | adm | ||
11 | lp | ||
12 | sync | ||
13 | shutdown | ||
14 | halt | ||
15 | |||
16 | news | ||
17 | uucp | ||
18 | operator | ||
19 | games | ||
20 | nobody | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-destdir.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-destdir.patch index ee37f26e9..1980d09fd 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-destdir.patch +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-destdir.patch | |||
@@ -7,8 +7,8 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | |||
7 | diff --git a/Makefile b/Makefile | 7 | diff --git a/Makefile b/Makefile |
8 | --- a/Makefile | 8 | --- a/Makefile |
9 | +++ b/Makefile | 9 | +++ b/Makefile |
10 | @@ -24,21 +24,21 @@ vsftpd: $(OBJS) | 10 | @@ -24,21 +24,21 @@ |
11 | $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS) $(LDFLAGS) | 11 | $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS) |
12 | 12 | ||
13 | install: | 13 | install: |
14 | - if [ -x /usr/local/sbin ]; then \ | 14 | - if [ -x /usr/local/sbin ]; then \ |
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-libs.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-libs.patch index 6a419db47..9a10f722f 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-libs.patch +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-libs.patch | |||
@@ -10,7 +10,7 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | |||
10 | diff --git a/Makefile b/Makefile | 10 | diff --git a/Makefile b/Makefile |
11 | --- a/Makefile | 11 | --- a/Makefile |
12 | +++ b/Makefile | 12 | +++ b/Makefile |
13 | @@ -5,7 +5,7 @@ IFLAGS = -idirafter dummyinc | 13 | @@ -5,7 +5,7 @@ |
14 | #CFLAGS = -g | 14 | #CFLAGS = -g |
15 | CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion | 15 | CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion |
16 | 16 | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-strip.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-strip.patch index a2e0cd048..fd3160037 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/makefile-strip.patch +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/makefile-strip.patch | |||
@@ -7,11 +7,11 @@ Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | |||
7 | diff --git a/Makefile b/Makefile | 7 | diff --git a/Makefile b/Makefile |
8 | --- a/Makefile | 8 | --- a/Makefile |
9 | +++ b/Makefile | 9 | +++ b/Makefile |
10 | @@ -6,7 +6,6 @@ IFLAGS = -idirafter dummyinc | 10 | @@ -9,7 +9,6 @@ CFLAGS = -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \ |
11 | CFLAGS = -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion | 11 | #-pedantic -Wconversion |
12 | 12 | ||
13 | LIBS = -lssl -lcrypto -lnsl -lresolv | 13 | LIBS = -lssl -lcrypto -lnsl -lresolv |
14 | -LINK = -Wl,-s | 14 | -LINK = -Wl,-s |
15 | LDFLAGS = -fPIE -pie -Wl,-z,relro -Wl,-z,now | ||
15 | 16 | ||
16 | OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ | 17 | OBJS = main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \ |
17 | tunables.o ftpdataio.o secbuf.o ls.o \ | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam-with-tcp_wrappers.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam-with-tcp_wrappers.patch new file mode 100644 index 000000000..fdcf3a02b --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam-with-tcp_wrappers.patch | |||
@@ -0,0 +1,17 @@ | |||
1 | Disable PAM | ||
2 | |||
3 | Upstream-Status: Inappropriate [config] | ||
4 | |||
5 | Signed-off-by: Roy.Li <rongqing.li@windriver.com> | ||
6 | diff -ur vsftpd-2.0.1_org/builddefs.h vsftpd-2.0.1_patch/builddefs.h | ||
7 | --- vsftpd-2.0.1_org/builddefs.h 2004-07-02 16:36:59.000000000 +0200 | ||
8 | +++ vsftpd-2.0.1_patch/builddefs.h 2004-07-21 09:34:49.044900488 +0200 | ||
9 | @@ -2,7 +2,7 @@ | ||
10 | #define VSF_BUILDDEFS_H | ||
11 | |||
12 | #define VSF_BUILD_TCPWRAPPERS | ||
13 | -#define VSF_BUILD_PAM | ||
14 | +#undef VSF_BUILD_PAM | ||
15 | #undef VSF_BUILD_SSL | ||
16 | |||
17 | #endif /* VSF_BUILDDEFS_H */ | ||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/nopam.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam.patch index cf0d68e27..cf0d68e27 100644 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd-2.3.5/nopam.patch +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/nopam.patch | |||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/vsftpd-tcp_wrappers-support.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/vsftpd-tcp_wrappers-support.patch new file mode 100644 index 000000000..69745b3a1 --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.0/vsftpd-tcp_wrappers-support.patch | |||
@@ -0,0 +1,25 @@ | |||
1 | Enable tcp_wrapper. | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | |||
5 | Signed-off-by: Roy.Li <rongqing.li@windriver.com> | ||
6 | --- | ||
7 | builddefs.h | 2 +- | ||
8 | 1 files changed, 1 insertions(+), 1 deletions(-) | ||
9 | |||
10 | diff --git a/builddefs.h b/builddefs.h | ||
11 | index e908352..0106d1a 100644 | ||
12 | --- a/builddefs.h | ||
13 | +++ b/builddefs.h | ||
14 | @@ -1,7 +1,7 @@ | ||
15 | #ifndef VSF_BUILDDEFS_H | ||
16 | #define VSF_BUILDDEFS_H | ||
17 | |||
18 | -#undef VSF_BUILD_TCPWRAPPERS | ||
19 | +#define VSF_BUILD_TCPWRAPPERS | ||
20 | #define VSF_BUILD_PAM | ||
21 | #undef VSF_BUILD_SSL | ||
22 | |||
23 | -- | ||
24 | 1.7.1 | ||
25 | |||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb deleted file mode 100644 index f14691034..000000000 --- a/meta-networking/recipes-daemons/vsftpd/vsftpd_2.3.5.bb +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | SUMMARY = "Very Secure FTP server" | ||
2 | HOMEPAGE = "https://security.appspot.com/vsftpd.html" | ||
3 | SECTION = "network" | ||
4 | LICENSE = "GPLv2" | ||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271" | ||
6 | |||
7 | DEPENDS = "libcap openssl" | ||
8 | |||
9 | SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ | ||
10 | file://makefile-destdir.patch \ | ||
11 | file://makefile-libs.patch \ | ||
12 | file://makefile-strip.patch \ | ||
13 | file://nopam.patch \ | ||
14 | file://init \ | ||
15 | file://vsftpd.conf" | ||
16 | |||
17 | SRC_URI[md5sum] = "01398a5bef8e85b6cf2c213a4b011eca" | ||
18 | SRC_URI[sha256sum] = "d87ee2987df8f03e1dbe294905f7907b2798deb89c67ca965f6e2f60879e54f1" | ||
19 | |||
20 | inherit update-rc.d useradd | ||
21 | |||
22 | CONFFILES_${PN} = "${sysconfdir}/vsftpd.conf" | ||
23 | LDFLAGS_append =" -lcrypt -lcap" | ||
24 | |||
25 | do_configure() { | ||
26 | # Fix hardcoded /usr, /etc, /var mess. | ||
27 | cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \ | ||
28 | |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new | ||
29 | mv tunables.c.new tunables.c | ||
30 | } | ||
31 | |||
32 | do_install() { | ||
33 | install -d ${D}${sbindir} | ||
34 | install -d ${D}${mandir}/man8 | ||
35 | install -d ${D}${mandir}/man5 | ||
36 | oe_runmake 'DESTDIR=${D}' install | ||
37 | install -d ${D}${sysconfdir} | ||
38 | install -m 0755 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf | ||
39 | install -d ${D}${sysconfdir}/init.d/ | ||
40 | install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd | ||
41 | } | ||
42 | |||
43 | INITSCRIPT_PACKAGES = "${PN}" | ||
44 | INITSCRIPT_NAME_${PN} = "vsftpd" | ||
45 | INITSCRIPT_PARAMS_${PN} = "defaults 80" | ||
46 | |||
47 | USERADD_PACKAGES = "${PN}" | ||
48 | USERADD_PARAM_${PN} = "--system --home-dir /var/lib/ftp --no-create-home -g ftp \ | ||
49 | --shell /bin/false ftp " | ||
50 | GROUPADD_PARAM_${PN} = "-r ftp" | ||
51 | |||
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb new file mode 100644 index 000000000..2c3e0098a --- /dev/null +++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb | |||
@@ -0,0 +1,79 @@ | |||
1 | SUMMARY = "Very Secure FTP server" | ||
2 | HOMEPAGE = "https://security.appspot.com/vsftpd.html" | ||
3 | SECTION = "network" | ||
4 | LICENSE = "GPLv2" | ||
5 | LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271" | ||
6 | |||
7 | DEPENDS = "libcap openssl" | ||
8 | |||
9 | SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \ | ||
10 | file://makefile-destdir.patch \ | ||
11 | file://makefile-libs.patch \ | ||
12 | file://makefile-strip.patch \ | ||
13 | file://init \ | ||
14 | file://vsftpd.conf \ | ||
15 | file://vsftpd.user_list \ | ||
16 | file://vsftpd.ftpusers \ | ||
17 | " | ||
18 | |||
19 | LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \ | ||
20 | file://COPYRIGHT;md5=04251b2eb0f298dae376d92454f6f72e \ | ||
21 | file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb" | ||
22 | SRC_URI[md5sum] = "ad9fa952558c2c5b0426ccaccff0f972" | ||
23 | SRC_URI[sha256sum] = "ef70205dcd0c7f03b008b9578fb44c0cbe31e66daab8cfafb9904747c17fc2a8" | ||
24 | |||
25 | PACKAGECONFIG ??= "tcp-wrappers" | ||
26 | PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers" | ||
27 | SRC_URI +="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)}" | ||
28 | |||
29 | DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}" | ||
30 | RDEPENDS_${PN} += "${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}" | ||
31 | PAMLIB = "${@base_contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}" | ||
32 | NOPAM_SRC ="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}" | ||
33 | SRC_URI += "${@base_contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)}" | ||
34 | |||
35 | inherit update-rc.d useradd | ||
36 | |||
37 | CONFFILES_${PN} = "${sysconfdir}/vsftpd.conf" | ||
38 | LDFLAGS_append =" -lcrypt -lcap" | ||
39 | |||
40 | do_configure() { | ||
41 | # Fix hardcoded /usr, /etc, /var mess. | ||
42 | cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \ | ||
43 | |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new | ||
44 | mv tunables.c.new tunables.c | ||
45 | } | ||
46 | |||
47 | do_compile() { | ||
48 | oe_runmake "LIBS=-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB} -lwrap" | ||
49 | } | ||
50 | |||
51 | do_install() { | ||
52 | install -d ${D}${sbindir} | ||
53 | install -d ${D}${mandir}/man8 | ||
54 | install -d ${D}${mandir}/man5 | ||
55 | oe_runmake 'DESTDIR=${D}' install | ||
56 | install -d ${D}${sysconfdir} | ||
57 | install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf | ||
58 | install -d ${D}${sysconfdir}/init.d/ | ||
59 | install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd | ||
60 | |||
61 | install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/ | ||
62 | install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/ | ||
63 | if ! test -z ${PAMLIB} ; then | ||
64 | install -d ${D}${sysconfdir}/pam.d/ | ||
65 | cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd | ||
66 | sed -i "s:/lib/security:${base_libdir}/security:" ${D}${sysconfdir}/pam.d/vsftpd | ||
67 | sed -i "s:ftpusers:vsftpd.ftpusers:" ${D}${sysconfdir}/pam.d/vsftpd | ||
68 | fi | ||
69 | } | ||
70 | |||
71 | INITSCRIPT_PACKAGES = "${PN}" | ||
72 | INITSCRIPT_NAME_${PN} = "vsftpd" | ||
73 | INITSCRIPT_PARAMS_${PN} = "defaults 80" | ||
74 | |||
75 | USERADD_PACKAGES = "${PN}" | ||
76 | USERADD_PARAM_${PN} = "--system --home-dir /var/lib/ftp --no-create-home -g ftp \ | ||
77 | --shell /bin/false ftp " | ||
78 | GROUPADD_PARAM_${PN} = "-r ftp" | ||
79 | |||