Bug#1119295: erases all (user) data from /srv/ftp when purged
Hilmar Preuße
hille42 at web.de
Sat Nov 8 14:01:50 GMT 2025
Hello,
I guess it was never understood, how to remove that directory correctly (w/o destroying data). Your suggestion sounds reasonable, I've implemented it an will upload soon.
Hilmar
28.10.2025 20:35:06 Evgeni Golov <evgeni at debian.org>:
> Package: proftpd-core
> Version: 1.3.9~dfsg-3
> Severity: grave
> X-Debbugs-Cc: evgeni at debian.org
> Control: found -1 1.3.8.c+dfsg-4
>
> Ohai,
>
> proftpd-core.postrm contains (since [1]) the following snippet:
>
> if [ "$1" = "purge" ]
> then
> …
> rm -rf /etc/proftpd
> rm -rf /var/log/proftpd
> rm -rf /srv/ftp
> rm -f /etc/logrotate.d/proftpd-core
> userdel --remove --force proftpd || true
> userdel ftp || true
> fi
>
> The `rm -rf /srv/ftp` part results in *all* data from /srv/ftp being
> purged, not only the one related to the package itself. This can lead to
> serious data loss if people decide to use /srv/ftp as the root of their
> FTP server (e.g. as suggested by the Anonymous example in proftpd.conf).
>
> I think purging proftpd-core should only remove files that were placed
> in /srv/ftp by proftpd-core (welcome.msg) and remove the directory only
> if it is empty afterwards (rm -f /srv/ftp/welcome.msg; rmdir
> --ignore-fail-on-non-empty /srv/ftp).
>
> For historical reference: this was reported once in the past already as
> [2], got fixed [3], but now regressed again.
>
> Thanks for maintaining ProFTPD!
>
> Evgeni
>
>
> [1] https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/9dbf3b40750465e3680601ee55df9e49624de072
> [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655514
> [3] https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/99fbc334eace80d1e99302b8b9ecc987d45d73a5
>
>
> -- System Information:
> Debian Release: forky/sid
> APT prefers unstable-debug
> APT policy: (500, 'unstable-debug'), (500, 'unstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 6.12.38+deb13-amd64 (SMP w/4 CPU threads; PREEMPT)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: SELinux: enabled - Mode: Permissive - Policy name: default
>
> Versions of packages proftpd-core depends on:
> ii adduser 3.152
> ii init-system-helpers 1.68
> ii libacl1 2.3.2-2+b1
> ii libc6 2.41-12
> ii libcap2 1:2.75-10+b1
> ii libcrypt1 1:4.4.38-1
> ii libhiredis1.1.0 1.2.0-6+b3
> ii libidn2-0 2.3.8-2
> ii libmemcached11t64 1.1.4-1.1+b2
> ii libmemcachedutil2t64 1.1.4-1.1+b2
> ii libncursesw6 6.5+20250216-2
> ii libpam-runtime 1.7.0-5
> ii libpam0g 1.7.0-5
> ii libpcre2-8-0 10.45-1
> ii libpcre2-posix3 10.45-1
> ii libssl3t64 3.5.2-1
> ii libtinfo6 6.5+20250216-2
> ii netbase 6.5
> ii ucf 3.0052
> ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
>
> Versions of packages proftpd-core recommends:
> pn proftpd-doc <none>
>
> Versions of packages proftpd-core suggests:
> pn openbsd-inetd | inet-superserver <none>
> ii openssl 3.5.2-1
> pn proftpd-mod-crypto <none>
> pn proftpd-mod-geoip <none>
> pn proftpd-mod-ldap <none>
> pn proftpd-mod-mysql <none>
> pn proftpd-mod-odbc <none>
> pn proftpd-mod-pgsql <none>
> pn proftpd-mod-snmp <none>
> pn proftpd-mod-sqlite <none>
> pn proftpd-mod-wrap <none>
>
> -- no debconf information
> _______________________________________________
> Pkg-proftpd-maintainers mailing list
> Pkg-proftpd-maintainers at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-proftpd-maintainers
More information about the Pkg-proftpd-maintainers
mailing list