Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode

Volker Theile vtheile at gmx.de
Sat May 9 15:33:59 BST 2020


Hi Hilmar,

the issue exits for a long time. I have many reports about this issue in
the openmediavault forum. To workaround this issue i added a systemd
drop-in to change the file mode before the 'stop' action is executed.
See
https://github.com/openmediavault/openmediavault/commit/439d11d9ad375101f8f65820013e5d472ff590ca

I can not say if it always appears and if there must be special
conditions to make it happen.

Regards
Volker

Am 09.05.20 um 16:13 schrieb Hilmar Preuße:
> Am 09.05.2020 um 15:29 teilte votdev mit:
>
> Hi Volker,
>
>> The proftpd daemon writes the pidfile with mode 0666 instead of 0644.
>> Because of that it is
>> not possible to stop or restart the daemon with "systemctl stop proftpd" or
>> "systemctl restart proftpd". The reason is the new security check of
>> start-stop-deamon
>> in conjunction with --pidfile.
>>
> I'm failing to reproduce all this.
>
> root at nas1:~# ls -ld /run/proftpd*
> drwxr-xr-x 2 root root 40 May  9 16:07 /run/proftpd
> -rw-r--r-- 1 root root  5 May  9 16:08 /run/proftpd.pid
> -rw-r--r-- 1 root root 32 May  9 16:08 /run/proftpd.scoreboard
> -rw-r--r-- 1 root root  0 May  9 16:08 /run/proftpd.scoreboard.lck
>
> And stopping / restarting works fine. Is this new w/ deb10u5? I'm not
> aware of any changes regarding this between deb10u5 & deb10u4.
>
>> The following error will be logged to syslog.
>>
>> Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server:
>> proftpdstart-stop-daemon: matching on world-writable pidfile
>> /run/proftpd.pid is insecure
>> Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on
>> world-writable pidfile /run/proftpd.pid is insecure
>>
>



More information about the Pkg-proftpd-maintainers mailing list