21.05.2025 11:00, Jason McIntyre пишет:
> On Wed, May 21, 2025 at 06:53:47AM +0000, Klemens Nanni wrote:
>> 21.05.2025 09:03, Jason McIntyre ??????????:
>>> this diff removes the quoting around "_ftp_proxy" (user) but does not
>>> mention it is doing so!
>>>
>>> what's the reason for the change? quoting something like that is pretty
>>> standard, and if you look down the page, at least -A uses this form for
>>> "ftp" and "anonymous".
>>
>> Preference, I guess. I'm fine with both.
>>
>> Manuals don't quote the root user, though, and tftpd(8) is the only manual
>> I found where an unprivileged user is mentioned... without quotes.
>>
>
> well, first your commit message should say what you're changing.
Agreed, point taken.
>
> this is a lesson for me as well, since i'm guilty of glibly changing
> things with very terse commit messages!
>
> regarding the change:
>
> - we wouldn;t normally mark up "root" (or quote it) because root is a
> very general concept, we all understand it.
> specific users are very different, and either quoting or
> marking up the username makes the text easier to read.
>
> - tftpd(8) does not mark it up, but it does not mention other users. so
> at least it's internally consistent. your change made the page
> internally inconsistent.
>
> so i think we should reinstate it to how it was, and then we can have a
> conversation about if it's better to not quote usernames, or whether a
> specific mark up is required. (in my opinion it was good as it was)
>
> jmc
-chroots to "/var/empty" and changes to user "_ftp_proxy" to drop privileges.
+needs to start as root and drops privileges to the _ftp_proxy user.
Reverting that hunk makes it not match the code, there's no chroot() anymore;
the simpler wording now matches usr.sbin/tftpd/tftpd.8 r1.12:
[...]
Also reduce privdrop details to what's required for users to know.
Feedback OK schwarze
I can add the quotes back around the user, if you want.
Either way, the two manuals should be in sync.
Feedback? OK?
Index: usr.sbin/tftpd/tftpd.8
===================================================================
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.8,v
diff -u -p -r1.12 tftpd.8
--- usr.sbin/tftpd/tftpd.8 18 May 2025 07:01:41 -0000 1.12
+++ usr.sbin/tftpd/tftpd.8 21 May 2025 08:07:09 -0000
@@ -77,7 +77,9 @@ network bootloaders access this path to
kernel load.
.Pp
.Nm
-needs to start as root and drops privileges to the _tftpd user.
+needs to start as root and drops privileges to the
+.Dq _tftpd
+user.
.Pp
The options are as follows:
.Bl -tag -width Ds
Index: usr.sbin/ftp-proxy/ftp-proxy.8
===================================================================
RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.8,v
diff -u -p -r1.26 ftp-proxy.8
--- usr.sbin/ftp-proxy/ftp-proxy.8 21 May 2025 03:15:40 -0000 1.26
+++ usr.sbin/ftp-proxy/ftp-proxy.8 21 May 2025 08:06:51 -0000
@@ -82,7 +82,9 @@ pass out from $client to $server port $p
.Ed
.Pp
.Nm
-needs to start as root and drops privileges to the _ftp_proxy user.
+needs to start as root and drops privileges to the
+.Dq _ftp_proxy
+user.
.Pp
The options are as follows:
.Bl -tag -width Ds
