diff options
author | Roy Li <rongqing.li@windriver.com> | 2013-12-06 16:34:16 +0800 |
---|---|---|
committer | Joe MacDonald <joe@deserted.net> | 2013-12-09 16:17:44 -0500 |
commit | ac3a5d430139e3be08718770e4439032ad3091eb (patch) | |
tree | e48087d3e65e3e45b46c0e198744c73b95b41265 /meta-networking/recipes-daemons/proftpd | |
parent | c6e1be52b71c9c234de6aebd036a0e7898a89338 (diff) | |
download | meta-openembedded-contrib-ac3a5d430139e3be08718770e4439032ad3091eb.tar.gz |
proftpd: use /bin/false as the login shell and add home-dir
Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue; add /var/lib/ftp as user
ftp home-dir.
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'meta-networking/recipes-daemons/proftpd')
-rw-r--r-- | meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch | 27 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb | 4 |
2 files changed, 30 insertions, 1 deletions
diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch new file mode 100644 index 00000000000..c64535cac8c --- /dev/null +++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch @@ -0,0 +1,27 @@ +close RequireValidShell check + +Upstream-Status: Inappropriate [configuration] + +close RequireValidShell check since we like to make /bin/false as shell +for ftp user + +Signed-off-by: Roy Li <rongqing.li@windriver.com> +--- + sample-configurations/basic.conf | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf +index 314eb79..abcb284 100644 +--- a/sample-configurations/basic.conf ++++ b/sample-configurations/basic.conf +@@ -53,6 +53,7 @@ AllowOverwrite on + # We want clients to be able to login with "anonymous" as well as "ftp" + UserAlias anonymous ftp + ++ RequireValidShell off + # Limit the maximum number of anonymous logins + MaxClients 10 + +-- +1.7.10.4 + diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb index 6537b7709b7..eb502d6d901 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb @@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \ file://proftpd-basic.init \ file://default \ file://move-pidfile-to-var-run.patch \ + file://close-RequireValidShell-check.patch \ " SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2" @@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15" USERADD_PACKAGES = "${PN}" GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}" -USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}" +USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \ + --shell /bin/false ${FTPUSER}" FILES_${PN} += "/home/${FTPUSER}" |