Re: Incoherent default rcscript and user for pure-ftpd?

Fri, 30 Aug 2013 13:32:05 -0700 

On 2013/08/30 14:22, Brad Smith wrote:
> On 26/08/13 10:17 AM, Donovan Watteau wrote:
> >Hello,
> >
> >net/pure-ftpd creates the following user and group:
> >@newgroup _pure-ftpd:642
> >@newuser _pure-ftpd:642:_pure-ftpd:daemon:pure-ftpd 
> >user:/nonexistent:/sbin/nologin
> >
> >but then, /etc/rc.d/pure_ftpd has:
> >daemon_flags="-A -B -H -u1000"
> >
> >so, with this default configuration, users below 1000 can't log in.
> >
> >Hence, if I create a user this way:
> ># pure-pw useradd myuser -u _pure-ftpd -d /whatever
> ># pure-pw mkdb
> >
> >I can't log in with it ("account disabled"), unless I use something
> >like "-u600".
> >
> >Am I missing something about the purpose of the _pure-ftpd user here,
> >or should the -u parameter in daemon_flags be lowered by default in the
> >provided package?
> 
> I'm looking back at this and to be honest I don't even know why the
> port creates the user/group. I understand why the rc script is the
> way it is.
> 
> Stuart, do you remember why the user / group was added?

This user/group is used for privilege separation, see the section from the
README I've pasted below.

$ ps wwaxu|grep pure
root     13008  0.0  0.0   608  1340 ??  Ss     8:01PM    0:00.01 pure-ftpd: 
-pure-ftpd (SERVER) (pure-ftpd)
_pure-ftpd 20890  0.0  0.0   624  1204 ??  S      8:02PM    0:00.00 pure-ftpd: 
-pure-ftpd (PRIV) (pure-ftpd)
ftp      24033  0.0  0.0   620  1432 ??  S      8:02PM    0:00.07 pure-ftpd: 
-pure-ftpd (IDLE) (pure-ftpd)

I use a separate account with uid >=1000 as a file owner for anonymous
ftp or as account owner for virtual users.



...snip...

    ------------------------ PRIVILEGE SEPARATION ------------------------


When privilege separation is enabled, each session will spawn two processes :
a "privileged" process running as root, but that can only do very basic
and trusted actions (binding a port and remove the ftpwho scoreboard) and
the "client" process. The "client" process definitely revokes all privileges
after authentication and chroot() and punctually communicates with the
parent over a private channel.

Privilege separation decreases performance of loaded servers, but it
increases security and reliability. Enabling it is recommended.

Reply via email to