Message ID | 1443965495-12774-2-git-send-email-maxime.hadjinlian@gmail.com |
---|---|
State | Accepted |
Headers | show |
Dear Maxime Hadjinlian,
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Regards,
Vincent.
Maxime, On Sun, 4 Oct 2015 15:31:34 +0200, Maxime Hadjinlian wrote: > +# > +# VSFTPD won't work if the jail directory is writable, it has to be readable > +# only > +# Otherwise you get the following error: > +# 500 OOPS: vsftpd: refusing to run with writable root inside chroot() > +# That's why we have to chmod /home/ftp > +define VSFTPD_FIX_HOME_PERMISSIONS > + $(INSTALL) -d -m 555 $(TARGET_DIR)/home/ftp > +endef Can we use VSFTPD_PERMISSIONS instead ? The only drawback is that you will have to set a fixed UID/GID for ftp:ftp in VSFTPD_USERS. Thomas
Maxime, All, On 2015-10-04 15:44 +0100, Thomas Petazzoni spake thusly: > On Sun, 4 Oct 2015 15:31:34 +0200, Maxime Hadjinlian wrote: > > +# > > +# VSFTPD won't work if the jail directory is writable, it has to be readable > > +# only > > +# Otherwise you get the following error: > > +# 500 OOPS: vsftpd: refusing to run with writable root inside chroot() > > +# That's why we have to chmod /home/ftp > > +define VSFTPD_FIX_HOME_PERMISSIONS > > + $(INSTALL) -d -m 555 $(TARGET_DIR)/home/ftp > > +endef > > Can we use VSFTPD_PERMISSIONS instead ? The only drawback is that you > will have to set a fixed UID/GID for ftp:ftp in VSFTPD_USERS. Canyoucheck if it is possible to: - check if it is possible to create a premission table with no UID or GID, only a mode, - if so: - move the mkuser script call before th makedev call in fs/common.mk - use a permission table as suggested by Thomas. If it's not possible to not specify UID/GID in a permission table, then we'll have to do with your solution. Thanks. Regards, Yann E. MORIN.
Hi Yann, all On Sun, Oct 4, 2015 at 5:08 PM, Yann E. MORIN <yann.morin.1998@free.fr> wrote: > Maxime, All, > > On 2015-10-04 15:44 +0100, Thomas Petazzoni spake thusly: > > On Sun, 4 Oct 2015 15:31:34 +0200, Maxime Hadjinlian wrote: > > > +# > > > +# VSFTPD won't work if the jail directory is writable, it has to be > readable > > > +# only > > > +# Otherwise you get the following error: > > > +# 500 OOPS: vsftpd: refusing to run with writable root inside chroot() > > > +# That's why we have to chmod /home/ftp > > > +define VSFTPD_FIX_HOME_PERMISSIONS > > > + $(INSTALL) -d -m 555 $(TARGET_DIR)/home/ftp > > > +endef > > > > Can we use VSFTPD_PERMISSIONS instead ? The only drawback is that you > > will have to set a fixed UID/GID for ftp:ftp in VSFTPD_USERS. > > Canyoucheck if it is possible to: > - check if it is possible to create a premission table with no UID or > GID, only a mode, > - if so: > - move the mkuser script call before th makedev call in fs/common.mk > - use a permission table as suggested by Thomas. > > If it's not possible to not specify UID/GID in a permission table, then > we'll have to do with your solution. > > Unfortunately, it doesn't seem to work, I get the following error: makedevs: unknown group name: - > Thanks. > > Regards, > Yann E. MORIN. > > -- > > .-----------------.--------------------.------------------.--------------------. > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' > conspiracy: | > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ > | > | +33 223 225 172 `------------.-------: X AGAINST | \e/ There > is no | > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v > conspiracy. | > > '------------------------------^-------^------------------^--------------------' >
Dear Maxime Hadjinlian, On Sun, 4 Oct 2015 15:31:34 +0200, Maxime Hadjinlian wrote: > In order to remove '/home/ftp' and the ftp user from the 'skeleton' > package, we need to add the creation of the ftp users to the package so > it still work out of the box (with an anonymous user). > > Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> > --- > package/vsftpd/vsftpd.mk | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) Even though I dislike the solution as I would prefer to use the <pkg>_PERMISSIONS mechanism, I've applied this patch. I believe that the fact that we can't do this with our <pkg>_PERMISSIONS mechanism indicates a deficiency in our implementation. Also, I've done some minor tweaks to your patch before applying: [Thomas: - remove the VSFTPD_FIX_HOME_PERMISSIONS variable, and simply put the additional command in VSFTPD_INSTALL_TARGET_CMDS. - slightly tweak the comment.] Thanks! Thomas
diff --git a/package/vsftpd/vsftpd.mk b/package/vsftpd/vsftpd.mk index 1e48264..976d397 100644 --- a/package/vsftpd/vsftpd.mk +++ b/package/vsftpd/vsftpd.mk @@ -43,9 +43,22 @@ define VSFTPD_BUILD_CMDS LDFLAGS="$(TARGET_LDFLAGS)" LIBS="$(VSFTPD_LIBS)" -C $(@D) endef +define VSFTPD_USERS + ftp -1 ftp -1 * /home/ftp - - Anonymous FTP User +endef + define VSFTPD_INSTALL_INIT_SYSV $(INSTALL) -D -m 755 package/vsftpd/S70vsftpd $(TARGET_DIR)/etc/init.d/S70vsftpd endef +# +# VSFTPD won't work if the jail directory is writable, it has to be readable +# only +# Otherwise you get the following error: +# 500 OOPS: vsftpd: refusing to run with writable root inside chroot() +# That's why we have to chmod /home/ftp +define VSFTPD_FIX_HOME_PERMISSIONS + $(INSTALL) -d -m 555 $(TARGET_DIR)/home/ftp +endef define VSFTPD_INSTALL_TARGET_CMDS $(INSTALL) -D -m 755 $(@D)/vsftpd $(TARGET_DIR)/usr/sbin/vsftpd @@ -53,6 +66,7 @@ define VSFTPD_INSTALL_TARGET_CMDS $(INSTALL) -D -m 644 $(@D)/vsftpd.conf \ $(TARGET_DIR)/etc/vsftpd.conf $(INSTALL) -d -m 700 $(TARGET_DIR)/usr/share/empty + $(VSFTPD_FIX_HOME_PERMISSIONS) endef $(eval $(generic-package))
In order to remove '/home/ftp' and the ftp user from the 'skeleton' package, we need to add the creation of the ftp users to the package so it still work out of the box (with an anonymous user). Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> --- package/vsftpd/vsftpd.mk | 14 ++++++++++++++ 1 file changed, 14 insertions(+)