From owner-freebsd-questions@FreeBSD.ORG Wed May 20 14:47:43 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 035EC106566B for ; Wed, 20 May 2009 14:47:43 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id C2DE48FC16 for ; Wed, 20 May 2009 14:47:42 +0000 (UTC) (envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net) Received: from sarevok.dnr.servegame.org (mailhub.rachie.is-a-geek.net [192.168.2.11]) by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 27F067E837; Wed, 20 May 2009 06:47:41 -0800 (AKDT) From: Mel Flynn To: freebsd-questions@freebsd.org Date: Wed, 20 May 2009 16:47:23 +0200 User-Agent: KMail/1.11.3 (FreeBSD/8.0-CURRENT; KDE/4.2.3; i386; ; ) References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <200905201346.33032.mel.flynn+fbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> In-Reply-To: <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905201647.23788.mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: alexus Subject: Re: proftpd TLS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 14:47:43 -0000 On Wednesday 20 May 2009 16:13:15 alexus wrote: > On Wed, May 20, 2009 at 7:46 AM, Mel Flynn > > wrote: > > On Tuesday 19 May 2009 21:18:48 alexus wrote: > >> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved wrote: > >> > On Tue, May 19, 2009 at 11:14 PM, alexus wrote: > >> >> i start it as a root, but it switchs to non-root > >> >> > >> >> nobody 52346 0.0 0.1 11820 4208 ?? SsJ Sun06PM 0:00.66 > >> >> proftpd: (accepting connections) (proftpd) > >> > > >> > Check the value for 'user' in proftpd.conf. It will be nobody. Change > >> > it to root. > >> > > >> > -- > >> > > >> > Dyslexics have more fnu. - > >> > http://kingsly.net/tmp/fortune.php/1242364116 > >> > >> wouldn't it sort of make it more risky in terms of security to run > >> ftpd as root vs nobody? > >> in general daemon do not run as root and thats for a reason.. > > > > Yes, don't do it. Is proftpd started as root? Then this shouldn't occur, > > although a forum post[1] suggests that mod_cap can fiddle with this. > > > > [1] http://forums.proftpd.org/smf/index.php?topic=1315.0 > > -- > > Mel > > if i set User in proftpd.conf to root, then it runs as a root I said *start* as root. Theoretically, the pass phrase part for your certificate comes before dropping privileges. But maybe there's a bug in the code. Is proftpd running jailed or not? -- Mel