Merged, thanks. -J. [[oe] [PATCH meta-networking v2] proftpd: use /bin/false as the login shell and add home-dir] On 13.12.06 (Fri 16:34) [email protected] wrote:
> From: Roy Li <[email protected]> > > Use /bin/false as the login shell, just like what Ubuntu does, > otherwise there might be secure issue; add /var/lib/ftp as user > ftp home-dir. > > Signed-off-by: Roy Li <[email protected]> > --- > .../files/close-RequireValidShell-check.patch | 27 > ++++++++++++++++++++ > .../recipes-daemons/proftpd/proftpd_1.3.4b.bb | 4 ++- > 2 files changed, 30 insertions(+), 1 deletion(-) > create mode 100644 > meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch > > diff --git > a/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch > > b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch > new file mode 100644 > index 0000000..cb73c2d > --- /dev/null > +++ > b/meta-networking/recipes-daemons/proftpd/files/close-RequireValidShell-check.patch > @@ -0,0 +1,27 @@ > +close RequireValidShell check > + > +Upstream-Status: Inappropriate [configuration] > + > +close RequireValidShell check since we like to make /bin/false as shell > +for ftp user > + > +Signed-off-by: Roy Li <[email protected]> > +--- > + sample-configurations/basic.conf | 1 + > + 1 file changed, 1 insertion(+) > + > +diff --git a/sample-configurations/basic.conf > b/sample-configurations/basic.conf > +index 314eb79..abcb284 100644 > +--- a/sample-configurations/basic.conf > ++++ b/sample-configurations/basic.conf > +@@ -53,6 +53,7 @@ AllowOverwrite on > + # We want clients to be able to login with "anonymous" as well as "ftp" > + UserAlias anonymous ftp > + > ++ RequireValidShell off > + # Limit the maximum number of anonymous logins > + MaxClients 10 > + > +-- > +1.7.10.4 > + > diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb > b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb > index 6537b77..eb502d6 100644 > --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb > +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb > @@ -13,6 +13,7 @@ SRC_URI = > "ftp://ftp.proftpd.org/distrib/source/${BPN}-${PV}.tar.gz \ > file://proftpd-basic.init \ > file://default \ > file://move-pidfile-to-var-run.patch \ > + file://close-RequireValidShell-check.patch \ > " > > SRC_URI[md5sum] = "0871e0b93c9c3c88ca950b6d9a04aed2" > @@ -62,6 +63,7 @@ INITSCRIPT_PARAM = "defaults 85 15" > > USERADD_PACKAGES = "${PN}" > GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}" > -USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}" > +USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir > /var/lib/${FTPUSER} --no-create-home \ > + --shell /bin/false ${FTPUSER}" > > FILES_${PN} += "/home/${FTPUSER}" -- -Joe MacDonald. :wq
signature.asc
Description: Digital signature
_______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
