Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode
Volker Theile
vtheile at gmx.de
Sat May 9 15:51:18 BST 2020
I think i've found the problem. The umask configuration is taken into
account when the pidfile is created. That's a little bit strange because
i think this setting should only taken into account when files are
uploaded at runtime. Nevertheless, it seems to be a configuration
problem, thus you can close this issue.
Volker
Am 09.05.20 um 16:33 schrieb Volker Theile:
> Hi Hilmar,
>
> the issue exits for a long time. I have many reports about this issue in
> the openmediavault forum. To workaround this issue i added a systemd
> drop-in to change the file mode before the 'stop' action is executed.
> See
> https://github.com/openmediavault/openmediavault/commit/439d11d9ad375101f8f65820013e5d472ff590ca
>
> I can not say if it always appears and if there must be special
> conditions to make it happen.
>
> Regards
> Volker
>
> Am 09.05.20 um 16:13 schrieb Hilmar Preuße:
>> Am 09.05.2020 um 15:29 teilte votdev mit:
>>
>> Hi Volker,
>>
>>> The proftpd daemon writes the pidfile with mode 0666 instead of 0644.
>>> Because of that it is
>>> not possible to stop or restart the daemon with "systemctl stop proftpd" or
>>> "systemctl restart proftpd". The reason is the new security check of
>>> start-stop-deamon
>>> in conjunction with --pidfile.
>>>
>> I'm failing to reproduce all this.
>>
>> root at nas1:~# ls -ld /run/proftpd*
>> drwxr-xr-x 2 root root 40 May 9 16:07 /run/proftpd
>> -rw-r--r-- 1 root root 5 May 9 16:08 /run/proftpd.pid
>> -rw-r--r-- 1 root root 32 May 9 16:08 /run/proftpd.scoreboard
>> -rw-r--r-- 1 root root 0 May 9 16:08 /run/proftpd.scoreboard.lck
>>
>> And stopping / restarting works fine. Is this new w/ deb10u5? I'm not
>> aware of any changes regarding this between deb10u5 & deb10u4.
>>
>>> The following error will be logged to syslog.
>>>
>>> Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server:
>>> proftpdstart-stop-daemon: matching on world-writable pidfile
>>> /run/proftpd.pid is insecure
>>> Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on
>>> world-writable pidfile /run/proftpd.pid is insecure
>>>
More information about the Pkg-proftpd-maintainers
mailing list