From owner-freebsd-questions@FreeBSD.ORG  Wed May 20 14:18:07 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 930AA1065680
	for <freebsd-questions@freebsd.org>;
	Wed, 20 May 2009 14:18:07 +0000 (UTC)
	(envelope-from alexus@gmail.com)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.31])
	by mx1.freebsd.org (Postfix) with ESMTP id 4276C8FC08
	for <freebsd-questions@freebsd.org>;
	Wed, 20 May 2009 14:18:07 +0000 (UTC)
	(envelope-from alexus@gmail.com)
Received: by yw-out-2324.google.com with SMTP id 9so294330ywe.13
	for <freebsd-questions@freebsd.org>;
	Wed, 20 May 2009 07:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=51B8IyWv6ADNwftVz6hyktcq1QBM0RPkMXg9ukBdyQM=;
	b=pCUBtg10X5chFtZG+rohntPTYpMjNvpfpL/NW6H67U3cgug/tl1TW0K9yNP/fHawL5
	ogKlVYLrt71gYTivJlnYuVX+vayI8sX8CuUvM5uAPJzMj0crS911fv8FjsH1yBX6Z2pS
	UbpRy7BvSDWAsqtGp9jhFjNYZpwk1hw5VG+nU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=X7e2Jeu2ZRmVZSxiKrNSsiCGDTLh1t3aw/ZkgzNGywu7xLfWSonun2w5P8By5VTJLj
	NoCvhiHn943ZYuV7fcUBlxSGjsoRzsCcFtokl4KmCDP/LBD3wbnWO4x2ef9FJ1nIwS/s
	3O494My7PODsVRTVvhTJfSO2cksWU/9dCfPNk=
MIME-Version: 1.0
Received: by 10.151.46.11 with SMTP id y11mr2738707ybj.325.1242829086585; Wed, 
	20 May 2009 07:18:06 -0700 (PDT)
In-Reply-To: <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com>
References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com>
	<c1e7523f0905191126o317b254aia654ed83cd141f5@mail.gmail.com>
	<6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com>
	<200905201346.33032.mel.flynn+fbsd.questions@mailing.thruhere.net>
	<6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com>
Date: Wed, 20 May 2009 10:18:06 -0400
Message-ID: <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com>
From: alexus <alexus@gmail.com>
To: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: Mehul Ved <mehul.n.ved@gmail.com>, freebsd-questions@freebsd.org,
	Nikos Vassiliadis <nvass9573@gmx.com>
Subject: Re: proftpd TLS
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 May 2009 14:18:08 -0000

On Wed, May 20, 2009 at 10:13 AM, alexus <alexus@gmail.com> wrote:
> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn
> <mel.flynn+fbsd.questions@mailing.thruhere.net> wrote:
>> On Tuesday 19 May 2009 21:18:48 alexus wrote:
>>> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved <mehul.n.ved@gmail.com> wrot=
e:
>>> > On Tue, May 19, 2009 at 11:14 PM, alexus <alexus@gmail.com> wrote:
>>> >> i start it as a root, but it switchs to non-root
>>> >>
>>> >> nobody 52346 =C2=A00.0 =C2=A00.1 11820 =C2=A04208 =C2=A0?? =C2=A0SsJ=
 =C2=A0Sun06PM =C2=A0 0:00.66
>>> >> proftpd: (accepting connections) (proftpd)
>>> >
>>> > Check the value for 'user' in proftpd.conf. It will be nobody. Change
>>> > it to root.
>>> >
>>> > --
>>> >
>>> > Dyslexics have more fnu. =C2=A0- http://kingsly.net/tmp/fortune.php/1=
242364116
>>>
>>> wouldn't it sort of make it more risky in terms of security to run
>>> ftpd as root vs nobody?
>>> in general daemon do not run as root and thats for a reason..
>>
>> Yes, don't do it. Is proftpd started as root? Then this shouldn't occur,
>> although a forum post[1] suggests that mod_cap can fiddle with this.
>>
>> [1] http://forums.proftpd.org/smf/index.php?topic=3D1315.0
>> --
>> Mel
>>
>
> if i set User in proftpd.conf to root, then it runs as a root
> the other thing is mod_cap has something to do with Linux compatibility w=
/ POSIX
> I run FreeBSD...
>
> --
> http://alexus.org/
>

for test purposes i set it to root, but even with that i'm unable to
connect to ftp and my tls.log says following

May 20 10:16:58 mod_tls/2.2.1[41536]: error locking passphrase into
memory: Operation not permitted
May 20 10:16:58 mod_tls/2.2.1[41536]: using default OpenSSL
verification locations (see $SSL_CERT_DIR environment variable)
May 20 10:16:58 mod_tls/2.2.1[41536]: TLS/TLS-C requested, starting
TLS handshake
May 20 10:17:01 mod_tls/2.2.1[41536]: TLSv1/SSLv3 connection accepted,
using cipher DHE-RSA-AES256-SHA (256 bits)
May 20 10:17:01 mod_tls/2.2.1[41536]: Protection set to Private

and it hangs...

--=20
http://alexus.org/