Date: Wed, 20 May 2009 10:19:58 -0400 From: alexus <alexus@gmail.com> To: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net> Cc: Mehul Ved <mehul.n.ved@gmail.com>, freebsd-questions@freebsd.org, Nikos Vassiliadis <nvass9573@gmx.com> Subject: Re: proftpd TLS Message-ID: <6ae50c2d0905200719sf099123g769920981b84efcc@mail.gmail.com> In-Reply-To: <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com> References: <6ae50c2d0905171301y2d92a7b1mc3598295de12ecc2@mail.gmail.com> <c1e7523f0905191126o317b254aia654ed83cd141f5@mail.gmail.com> <6ae50c2d0905191218mca27c81o67a7e2f0a2a37ca8@mail.gmail.com> <200905201346.33032.mel.flynn%2Bfbsd.questions@mailing.thruhere.net> <6ae50c2d0905200713t7d9c785fs4f6c5ec6db4166de@mail.gmail.com> <6ae50c2d0905200718u596a087du537f64abe20a4ff7@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 20, 2009 at 10:18 AM, alexus <alexus@gmail.com> wrote: > On Wed, May 20, 2009 at 10:13 AM, alexus <alexus@gmail.com> wrote: >> On Wed, May 20, 2009 at 7:46 AM, Mel Flynn >> <mel.flynn+fbsd.questions@mailing.thruhere.net> wrote: >>> On Tuesday 19 May 2009 21:18:48 alexus wrote: >>>> On Tue, May 19, 2009 at 2:26 PM, Mehul Ved <mehul.n.ved@gmail.com> wro= te: >>>> > On Tue, May 19, 2009 at 11:14 PM, alexus <alexus@gmail.com> wrote: >>>> >> i start it as a root, but it switchs to non-root >>>> >> >>>> >> nobody 52346 =C2=A00.0 =C2=A00.1 11820 =C2=A04208 =C2=A0?? =C2=A0Ss= J =C2=A0Sun06PM =C2=A0 0:00.66 >>>> >> proftpd: (accepting connections) (proftpd) >>>> > >>>> > Check the value for 'user' in proftpd.conf. It will be nobody. Chang= e >>>> > it to root. >>>> > >>>> > -- >>>> > >>>> > Dyslexics have more fnu. =C2=A0- http://kingsly.net/tmp/fortune.php/= 1242364116 >>>> >>>> wouldn't it sort of make it more risky in terms of security to run >>>> ftpd as root vs nobody? >>>> in general daemon do not run as root and thats for a reason.. >>> >>> Yes, don't do it. Is proftpd started as root? Then this shouldn't occur= , >>> although a forum post[1] suggests that mod_cap can fiddle with this. >>> >>> [1] http://forums.proftpd.org/smf/index.php?topic=3D1315.0 >>> -- >>> Mel >>> >> >> if i set User in proftpd.conf to root, then it runs as a root >> the other thing is mod_cap has something to do with Linux compatibility = w/ POSIX >> I run FreeBSD... >> >> -- >> http://alexus.org/ >> > > for test purposes i set it to root, but even with that i'm unable to > connect to ftp and my tls.log says following > > May 20 10:16:58 mod_tls/2.2.1[41536]: error locking passphrase into > memory: Operation not permitted > May 20 10:16:58 mod_tls/2.2.1[41536]: using default OpenSSL > verification locations (see $SSL_CERT_DIR environment variable) > May 20 10:16:58 mod_tls/2.2.1[41536]: TLS/TLS-C requested, starting > TLS handshake > May 20 10:17:01 mod_tls/2.2.1[41536]: TLSv1/SSLv3 connection accepted, > using cipher DHE-RSA-AES256-SHA (256 bits) > May 20 10:17:01 mod_tls/2.2.1[41536]: Protection set to Private > > and it hangs... > > -- > http://alexus.org/ > actually, I take it back, I can connect even though I'm seeing this message error locking passphrase into memory: Operation not permitted but i guess my main concern it not to run it as root now --=20 http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ae50c2d0905200719sf099123g769920981b84efcc>