On 10/19/2013 12:29 AM, Joe MacDonald wrote:
Hi Roy,
Is this different from the patch I received from Ming Liu about a month
ago? It doesn't look it at first glance, but I didn't diff the two.
-J.
Sorry, I did not sync my repo, LiuMing patch is OK.
Thanks
-Roy
[[oe] [PATCH 2/2 meta-networking] vsftpd: change default secure_chroot_dir] On
13.10.10 (Thu 16:34) [email protected] wrote:
From: Roy Li <[email protected]>
Change default value of secure_chroot_dir to /var/run/vsftpd/empty, add
volatiles entry for it, to ensure it won't fail to start by xinetd.
Signed-off-by: Roy Li <[email protected]>
---
.../vsftpd/files/change-secure_chroot_dir.patch | 55 ++++++++++++++++++++
meta-networking/recipes-daemons/vsftpd/files/init | 2 +-
.../vsftpd/files/volatiles.99_vsftpd | 2 +
.../recipes-daemons/vsftpd/vsftpd_3.0.0.bb | 7 ++-
4 files changed, 64 insertions(+), 2 deletions(-)
create mode 100644
meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
create mode 100644
meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
diff --git
a/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
new file mode 100644
index 0000000..e7a673e
--- /dev/null
+++
b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
@@ -0,0 +1,55 @@
+vsftpd: change secure_chroot_dir default value
+
+Upstream-Status: Pending
+
+Change secure_chroot_dir pointing to a volatile directory.
+
+Signed-off-by: Ming Liu <[email protected]>
+---
+ INSTALL | 6 +++---
+ tunables.c | 2 +-
+ vsftpd.conf.5 | 2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff -urpN a/INSTALL b/INSTALL
+--- a/INSTALL 2013-09-13 10:23:57.504972397 +0800
++++ b/INSTALL 2013-09-13 10:25:25.664971779 +0800
+@@ -27,11 +27,11 @@ user in case it does not already exist.
+ [root@localhost root]# useradd nobody
+ useradd: user nobody exists
+
+-2b) vsftpd needs the (empty) directory /usr/share/empty in the default
++2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default
+ configuration. Add this directory in case it does not already exist. e.g.:
+
+-[root@localhost root]# mkdir /usr/share/empty/
+-mkdir: cannot create directory `/usr/share/empty': File exists
++[root@localhost root]# mkdir /var/run/vsftpd/empty/
++mkdir: cannot create directory `/var/run/vsftpd/empty': File exists
+
+ 2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
+ valid home directory (which is NOT owned or writable by the user "ftp").
+diff -urpN a/tunables.c b/tunables.c
+--- a/tunables.c 2013-09-13 10:26:29.554972817 +0800
++++ b/tunables.c 2013-09-13 10:27:18.104972210 +0800
+@@ -254,7 +254,7 @@ tunables_load_defaults()
+ /* -rw------- */
+ tunable_chown_upload_mode = 0600;
+
+- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
++ install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
+ install_str_setting("ftp", &tunable_ftp_username);
+ install_str_setting("root", &tunable_chown_username);
+ install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
+diff -urpN a/vsftpd.conf.5 b/vsftpd.conf.5
+--- a/vsftpd.conf.5 2013-09-13 10:09:33.774972462 +0800
++++ b/vsftpd.conf.5 2013-09-13 10:10:41.914971989 +0800
+@@ -969,7 +969,7 @@ This option should be the name of a dire
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+
+-Default: /usr/share/empty
++Default: /var/run/vsftpd/empty
+ .TP
+ .B ssl_ciphers
+ This option can be used to select which SSL ciphers vsftpd will allow for
diff --git a/meta-networking/recipes-daemons/vsftpd/files/init
b/meta-networking/recipes-daemons/vsftpd/files/init
index d0ec010..513f407 100755
--- a/meta-networking/recipes-daemons/vsftpd/files/init
+++ b/meta-networking/recipes-daemons/vsftpd/files/init
@@ -2,7 +2,7 @@
DAEMON=/usr/sbin/vsftpd
NAME=vsftpd
DESC="FTP Server"
-ARGS=""
+ARGS="/etc/vsftpd.conf"
FTPDIR=/var/lib/ftp
test -f $DAEMON || exit 0
diff --git a/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
new file mode 100644
index 0000000..0f80776
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
@@ -0,0 +1,2 @@
+# <type> <owner> <group> <mode> <path> <linksource>
+d root root 0755 /var/run/vsftpd/empty none
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
index 7677477..09de1e9 100644
--- a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.0.bb
@@ -14,6 +14,8 @@ SRC_URI =
"https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
file://vsftpd.conf \
file://vsftpd.user_list \
file://vsftpd.ftpusers \
+ file://change-secure_chroot_dir.patch \
+ file://volatiles.99_vsftpd \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
@@ -40,7 +42,7 @@ LDFLAGS_append =" -lcrypt -lcap"
do_configure() {
# Fix hardcoded /usr, /etc, /var mess.
cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed
s:\"/var:\"${localstatedir}:g \
- |sed s:\"${prefix}/share/empty:\"${localstatedir}/share/empty:g |sed
s:\"/etc:\"${sysconfdir}:g > tunables.c.new
+ |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
mv tunables.c.new tunables.c
}
@@ -60,6 +62,9 @@ do_install() {
install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/
install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/
+ install -d ${D}/${sysconfdir}/default/volatiles
+ install -m 644 ${WORKDIR}/volatiles.99_vsftpd
${D}/${sysconfdir}/default/volatiles/99_vsftpd
+
if ! test -z "${PAMLIB}" ; then
install -d ${D}${sysconfdir}/pam.d/
cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd
--
Best Reagrds,
Roy | RongQing Li
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
