On 2017-04-12, Todd C. Miller <todd.mil...@courtesan.com> wrote: > On Wed, 12 Apr 2017 21:27:49 +0200, Olivier Regnier wrote: > >> "ftpsesame chroots to "/var/empty" and changes to user "proxy" to drop >> privileges. It does keep a file descriptor to both bpf >> <https://www.gsp.com/cgi-bin/man.cgi?section=4&topic=bpf>(4) and pf >> <https://www.gsp.com/cgi-bin/man.cgi?section=4&topic=pf>(4) so it is >> still very powerful." > > The "proxy" user was removed, that is almost certainly the problem. > The port needs a patch to use "_ftp_proxy" instead.
Simplest quick workaround is to re-add the proxy user though. Run vipw and add this: proxy:*:71:71::0:0:Proxy Services:/nonexistent:/sbin/nologin And add to /etc/group: proxy:*:71: