[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir

Mon Dec 9 21:18:41 UTC 2013

Merged, thanks.
-J.

[[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir] On 13.12.06 (Fri 16:34) rongqing.li at windriver.com wrote:

> From: Roy Li <rongqing.li at windriver.com>
> 
> Use /bin/false as the login shell, just like what Ubuntu does,
> otherwise there might be secure issue; add /var/lib/ftp as user
> ftp home-dir.
> 
> Signed-off-by: Roy Li <rongqing.li at windriver.com>
> ---
>  .../files/close-RequireValidShell-check.patch      |   27 ++++++++++++++++++++
>  .../recipes-daemons/proftpd/proftpd_1.3.4b.bb      |    4 ++-
>  2 files changed, 30 insertions(+), 1 deletion(-)
>  create mode 100644 meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
> 
> diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
> new file mode 100644
> index 0000000..cb73c2d
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
> @@ -0,0 +1,27 @@
> +close RequireValidShell check
> +
> +Upstream-Status: Inappropriate [configuration]
> +
> +close RequireValidShell check since we like to make /bin/false as shell
> +for ftp user
> +
> +Signed-off-by: Roy Li <rongqing.li at windriver.com>
> +---
> + sample-configurations/basic.conf |    1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
> +index 314eb79..abcb284 100644
> +--- a/sample-configurations/basic.conf
> ++++ b/sample-configurations/basic.conf
> +@@ -53,6 +53,7 @@ AllowOverwrite		on
> +   # We want clients to be able to login with "anonymous" as well as "ftp"
> +   UserAlias			anonymous ftp
> + 
> ++  RequireValidShell	 	off	
> +   # Limit the maximum number of anonymous logins
> +   MaxClients			10
> + 
> +-- 
> +1.7.10.4
> +
> diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> index 6537b77..eb502d6 100644
> --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> @@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
>             file://proftpd-basic.init \
>             file://default \
>             file://move-pidfile-to-var-run.patch \
> +           file://close-RequireValidShell-check.patch \
>  "
>  
>  SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"
> @@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
>  
>  USERADD_PACKAGES = "${PN}"
>  GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
> -USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
> +USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
> +                       --shell /bin/false ${FTPUSER}"
>  
>  FILES_${PN} += "/home/${FTPUSER}"
-- 
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20131209/621c0a67/attachment-0002.sig>