From owner-freebsd-questions@FreeBSD.ORG Wed May 20 14:20:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AD31F10656EB for ; Wed, 20 May 2009 14:20:22 +0000 (UTC) (envelope-from alexus@gmail.com) Received: from mail-gx0-f166.google.com (mail-gx0-f166.google.com [209.85.217.166]) by mx1.freebsd.org (Postfix) with ESMTP id 5B69B8FC12 for ; Wed, 20 May 2009 14:20:22 +0000 (UTC) (envelope-from alexus@gmail.com) Received: by gxk10 with SMTP id 10so926042gxk.19 for ; Wed, 20 May 2009 07:20:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=cUHkux1IEejPiXjFmOZmZhp2KcaBJ0snm9iSvdZc4bc=; b=fntiGmwziFbhQkdkmt8Gnk+GOM0JnsNixnUFbyAQ2qv5jUd2uM7ns8pjEwY7i68vtW NThwlsItFg0/ykXNVVELg/3lof9cFqUXkkTr0rgSPq/cvt3E0KTkSI9vCFhkRwYj+/z9 IxB/yg2ScxklfXn8iWNjTwBpTcv4Vreo8cfoI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=EJO5qG+zEG1PHwbvgDApA7UPAaFieguLwc95aM1xpXGc9611THaL3w+BnROjKZm0/Z AbRvLDciEZhmQldYCHQqdcyMUGpPOA62X/GECESYlHebCp/zHoKJs/i2DZJIuUzCelvU YHETtRdiGUemkPX634bVuVckMxgvgte3NucNw= MIME-Version: 1.0 Received: by 10.151.69.11 with SMTP id w11mr10289ybk.193.1242829198813; Wed, 20 May 2009 07:19:58 -0700 (PDT) In-Reply-To: <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com> <200905201346.33032.mel.flynn+fbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> Date: Wed, 20 May 2009 10:19:58 -0400 Message-ID: <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com> From: alexus To: Mel Flynn Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Mehul Ved , freebsd-questions@freebsd.org, Nikos Vassiliadis Subject: Re: proftpd TLS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 14:20:24 -0000 On Wed, May 20, 2009 at 10:18 AM, alexus wrote: > On Wed, May 20, 2009 at 10:13 AM, alexus wrote: >> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn >> wrote: >>> On Tuesday 19 May 2009 21:18:48 alexus wrote: >>>> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved wro= te: >>>> > On Tue, May 19, 2009 at 11:14 PM, alexus wrote: >>>> >> i start it as a root, but it switchs to non-root >>>> >> >>>> >> nobody 52346 =C2=A00.0 =C2=A00.1 11820 =C2=A04208 =C2=A0?? =C2=A0Ss= J =C2=A0Sun06PM =C2=A0 0:00.66 >>>> >> proftpd: (accepting connections) (proftpd) >>>> > >>>> > Check the value for 'user' in proftpd.conf. It will be nobody. Chang= e >>>> > it to root. >>>> > >>>> > -- >>>> > >>>> > Dyslexics have more fnu. =C2=A0- http://kingsly.net/tmp/fortune.php/= 1242364116 >>>> >>>> wouldn't it sort of make it more risky in terms of security to run >>>> ftpd as root vs nobody? >>>> in general daemon do not run as root and thats for a reason.. >>> >>> Yes, don't do it. Is proftpd started as root? Then this shouldn't occur= , >>> although a forum post[1] suggests that mod_cap can fiddle with this. >>> >>> [1] http://forums.proftpd.org/smf/index.php?topic=3D1315.0 >>> -- >>> Mel >>> >> >> if i set User in proftpd.conf to root, then it runs as a root >> the other thing is mod_cap has something to do with Linux compatibility = w/ POSIX >> I run FreeBSD... >> >> -- >> http://alexus.org/ >> > > for test purposes i set it to root, but even with that i'm unable to > connect to ftp and my tls.log says following > > May 20 10:16:58 mod_tls/2.2.1[41536]: error locking passphrase into > memory: Operation not permitted > May 20 10:16:58 mod_tls/2.2.1[41536]: using default OpenSSL > verification locations (see $SSL_CERT_DIR environment variable) > May 20 10:16:58 mod_tls/2.2.1[41536]: TLS/TLS-C requested, starting > TLS handshake > May 20 10:17:01 mod_tls/2.2.1[41536]: TLSv1/SSLv3 connection accepted, > using cipher DHE-RSA-AES256-SHA (256 bits) > May 20 10:17:01 mod_tls/2.2.1[41536]: Protection set to Private > > and it hangs... > > -- > http://alexus.org/ > actually, I take it back, I can connect even though I'm seeing this message error locking passphrase into memory: Operation not permitted but i guess my main concern it not to run it as root now --=20 http://alexus.org/