[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir

rongqing.li at windriver.com rongqing.li at windriver.com
Fri Dec 6 08:34:16 UTC 2013 

From: Roy Li <rongqing.li at windriver.com>

Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue; add /var/lib/ftp as user
ftp home-dir.

Signed-off-by: Roy Li <rongqing.li at windriver.com>
---
 .../files/close-RequireValidShell-check.patch      |   27 ++++++++++++++++++++
 .../recipes-daemons/proftpd/proftpd_1.3.4b.bb      |    4 ++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch

diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
new file mode 100644
index 0000000..cb73c2d
--- /dev/null
+++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
@@ -0,0 +1,27 @@
+close RequireValidShell check
+
+Upstream-Status: Inappropriate [configuration]
+
+close RequireValidShell check since we like to make /bin/false as shell
+for ftp user
+
+Signed-off-by: Roy Li <rongqing.li at windriver.com>
+---
+ sample-configurations/basic.conf |    1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
+index 314eb79..abcb284 100644
+--- a/sample-configurations/basic.conf
++++ b/sample-configurations/basic.conf
+@@ -53,6 +53,7 @@ AllowOverwrite		on
+   # We want clients to be able to login with "anonymous" as well as "ftp"
+   UserAlias			anonymous ftp
+ 
++  RequireValidShell	 	off	
+   # Limit the maximum number of anonymous logins
+   MaxClients			10
+ 
+-- 
+1.7.10.4
+
diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
index 6537b77..eb502d6 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
@@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
            file://proftpd-basic.init \
            file://default \
            file://move-pidfile-to-var-run.patch \
+           file://close-RequireValidShell-check.patch \
 "
 
 SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"
@@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
 
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
-USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
+USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
+                       --shell /bin/false ${FTPUSER}"
 
 FILES_${PN} += "/home/${FTPUSER}"
-- 
1.7.10.4

More information about the Openembedded-devel mailing list