Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode
I think i've found the problem. The umask configuration is taken into account when the pidfile is created. That's a little bit strange because i think this setting should only taken into account when files are uploaded at runtime. Nevertheless, it seems to be a configuration problem, thus you can close this issue. Volker Am 09.05.20 um 16:33 schrieb Volker Theile: > Hi Hilmar, > > the issue exits for a long time. I have many reports about this issue in > the openmediavault forum. To workaround this issue i added a systemd > drop-in to change the file mode before the 'stop' action is executed. > See > https://github.com/openmediavault/openmediavault/commit/439d11d9ad375101f8f65820013e5d472ff590ca > > I can not say if it always appears and if there must be special > conditions to make it happen. > > Regards > Volker > > Am 09.05.20 um 16:13 schrieb Hilmar Preuße: >> Am 09.05.2020 um 15:29 teilte votdev mit: >> >> Hi Volker, >> >>> The proftpd daemon writes the pidfile with mode 0666 instead of 0644. >>> Because of that it is >>> not possible to stop or restart the daemon with "systemctl stop proftpd" or >>> "systemctl restart proftpd". The reason is the new security check of >>> start-stop-deamon >>> in conjunction with --pidfile. >>> >> I'm failing to reproduce all this. >> >> root@nas1:~# ls -ld /run/proftpd* >> drwxr-xr-x 2 root root 40 May 9 16:07 /run/proftpd >> -rw-r--r-- 1 root root 5 May 9 16:08 /run/proftpd.pid >> -rw-r--r-- 1 root root 32 May 9 16:08 /run/proftpd.scoreboard >> -rw-r--r-- 1 root root 0 May 9 16:08 /run/proftpd.scoreboard.lck >> >> And stopping / restarting works fine. Is this new w/ deb10u5? I'm not >> aware of any changes regarding this between deb10u5 & deb10u4. >> >>> The following error will be logged to syslog. >>> >>> Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server: >>> proftpdstart-stop-daemon: matching on world-writable pidfile >>> /run/proftpd.pid is insecure >>> Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on >>> world-writable pidfile /run/proftpd.pid is insecure >>>
Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode
Hi Hilmar, the issue exits for a long time. I have many reports about this issue in the openmediavault forum. To workaround this issue i added a systemd drop-in to change the file mode before the 'stop' action is executed. See https://github.com/openmediavault/openmediavault/commit/439d11d9ad375101f8f65820013e5d472ff590ca I can not say if it always appears and if there must be special conditions to make it happen. Regards Volker Am 09.05.20 um 16:13 schrieb Hilmar Preuße: > Am 09.05.2020 um 15:29 teilte votdev mit: > > Hi Volker, > >> The proftpd daemon writes the pidfile with mode 0666 instead of 0644. >> Because of that it is >> not possible to stop or restart the daemon with "systemctl stop proftpd" or >> "systemctl restart proftpd". The reason is the new security check of >> start-stop-deamon >> in conjunction with --pidfile. >> > I'm failing to reproduce all this. > > root@nas1:~# ls -ld /run/proftpd* > drwxr-xr-x 2 root root 40 May 9 16:07 /run/proftpd > -rw-r--r-- 1 root root 5 May 9 16:08 /run/proftpd.pid > -rw-r--r-- 1 root root 32 May 9 16:08 /run/proftpd.scoreboard > -rw-r--r-- 1 root root 0 May 9 16:08 /run/proftpd.scoreboard.lck > > And stopping / restarting works fine. Is this new w/ deb10u5? I'm not > aware of any changes regarding this between deb10u5 & deb10u4. > >> The following error will be logged to syslog. >> >> Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server: >> proftpdstart-stop-daemon: matching on world-writable pidfile >> /run/proftpd.pid is insecure >> Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on >> world-writable pidfile /run/proftpd.pid is insecure >> >
Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode
Am 09.05.2020 um 15:29 teilte votdev mit: Hi Volker, > The proftpd daemon writes the pidfile with mode 0666 instead of 0644. > Because of that it is > not possible to stop or restart the daemon with "systemctl stop proftpd" or > "systemctl restart proftpd". The reason is the new security check of > start-stop-deamon > in conjunction with --pidfile. > I'm failing to reproduce all this. root@nas1:~# ls -ld /run/proftpd* drwxr-xr-x 2 root root 40 May 9 16:07 /run/proftpd -rw-r--r-- 1 root root 5 May 9 16:08 /run/proftpd.pid -rw-r--r-- 1 root root 32 May 9 16:08 /run/proftpd.scoreboard -rw-r--r-- 1 root root 0 May 9 16:08 /run/proftpd.scoreboard.lck And stopping / restarting works fine. Is this new w/ deb10u5? I'm not aware of any changes regarding this between deb10u5 & deb10u4. > The following error will be logged to syslog. > > Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server: > proftpdstart-stop-daemon: matching on world-writable pidfile > /run/proftpd.pid is insecure > Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on > world-writable pidfile /run/proftpd.pid is insecure > -- sigfault #206401 http://counter.li.org signature.asc Description: OpenPGP digital signature
Bug#960108: proftpd-basic: proftpd write pidfile with incorrect mode
Package: proftpd-basic Version: 1.3.6-4+deb10u5 Severity: important The proftpd daemon writes the pidfile with mode 0666 instead of 0644. Because of that it is not possible to stop or restart the daemon with "systemctl stop proftpd" or "systemctl restart proftpd". The reason is the new security check of start-stop-deamon in conjunction with --pidfile. The following error will be logged to syslog. Mai 09 14:42:30 titan proftpd[1296]: Stopping ftp server: proftpdstart-stop-daemon: matching on world-writable pidfile /run/proftpd.pid is insecure Mai 09 14:42:30 titan proftpd[1296]: start-stop-daemon: matching on world-writable pidfile /run/proftpd.pid is insecure -- System Information: Debian Release: 10.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-0.bpo.2-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages proftpd-basic depends on: ii adduser 3.118 ii debianutils 4.8.6.1 ii libacl1 2.2.53-4 ii libattr1 1:2.4.48-4 ii libc6 2.28-10 ii libcap2 1:2.25-2 ii libhiredis0.14 0.14.0-3 ii libmemcached11 1.0.18-4.2 ii libmemcachedutil2 1.0.18-4.2 ii libncursesw6 6.1+20181013-2+deb10u2 ii libpam-runtime 1.3.1-5 ii libpam0g 1.3.1-5 ii libpcre3 2:8.39-12 ii libssl1.1 1.1.1d-0+deb10u3 ii libtinfo6 6.1+20181013-2+deb10u2 ii libwrap0 7.6.q-28 ii lsb-base 10.2019051400 ii netbase 5.6 ii sed 4.7-1 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages proftpd-basic recommends: pn proftpd-doc Versions of packages proftpd-basic suggests: pn openbsd-inetd | inet-superserver ii openssl 1.1.1d-0+deb10u3 pn proftpd-mod-geoip pn proftpd-mod-ldap pn proftpd-mod-mysql pn proftpd-mod-odbc pn proftpd-mod-pgsql pn proftpd-mod-snmp pn proftpd-mod-sqlite -- Configuration Files: /etc/ftpusers changed [not included] -- no debconf information