[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir
Joe MacDonald
joe at deserted.net
Mon Dec 9 21:18:41 UTC 2013
Merged, thanks.
-J.
[[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir] On 13.12.06 (Fri 16:34) rongqing.li at windriver.com wrote:
> From: Roy Li <rongqing.li at windriver.com>
>
> Use /bin/false as the login shell, just like what Ubuntu does,
> otherwise there might be secure issue; add /var/lib/ftp as user
> ftp home-dir.
>
> Signed-off-by: Roy Li <rongqing.li at windriver.com>
> ---
> .../files/close-RequireValidShell-check.patch | 27 ++++++++++++++++++++
> .../recipes-daemons/proftpd/proftpd_1.3.4b.bb | 4 ++-
> 2 files changed, 30 insertions(+), 1 deletion(-)
> create mode 100644 meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
>
> diff --git a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
> new file mode 100644
> index 0000000..cb73c2d
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch
> @@ -0,0 +1,27 @@
> +close RequireValidShell check
> +
> +Upstream-Status: Inappropriate [configuration]
> +
> +close RequireValidShell check since we like to make /bin/false as shell
> +for ftp user
> +
> +Signed-off-by: Roy Li <rongqing.li at windriver.com>
> +---
> + sample-configurations/basic.conf | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +diff --git a/sample-configurations/basic.conf b/sample-configurations/basic.conf
> +index 314eb79..abcb284 100644
> +--- a/sample-configurations/basic.conf
> ++++ b/sample-configurations/basic.conf
> +@@ -53,6 +53,7 @@ AllowOverwrite on
> + # We want clients to be able to login with "anonymous" as well as "ftp"
> + UserAlias anonymous ftp
> +
> ++ RequireValidShell off
> + # Limit the maximum number of anonymous logins
> + MaxClients 10
> +
> +--
> +1.7.10.4
> +
> diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> index 6537b77..eb502d6 100644
> --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> @@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \
> file://proftpd-basic.init \
> file://default \
> file://move-pidfile-to-var-run.patch \
> + file://close-RequireValidShell-check.patch \
> "
>
> SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2"
> @@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
>
> USERADD_PACKAGES = "${PN}"
> GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
> -USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
> +USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/${FTPUSER} --no-create-home \
> + --shell /bin/false ${FTPUSER}"
>
> FILES_${PN} += "/home/${FTPUSER}"
--
-Joe MacDonald.
:wq
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20131209/621c0a67/attachment-0002.sig>
More information about the Openembedded-devel
mailing list