i didn't mean to revert all your changes! just the quoting issue. jmc
On 21 May 2025 09:10:02 BST, Klemens Nanni <k...@openbsd.org> wrote: >21.05.2025 11:00, Jason McIntyre пишет: >> On Wed, May 21, 2025 at 06:53:47AM +0000, Klemens Nanni wrote: >>> 21.05.2025 09:03, Jason McIntyre ??????????: >>>> this diff removes the quoting around "_ftp_proxy" (user) but does not >>>> mention it is doing so! >>>> >>>> what's the reason for the change? quoting something like that is pretty >>>> standard, and if you look down the page, at least -A uses this form for >>>> "ftp" and "anonymous". >>> >>> Preference, I guess. I'm fine with both. >>> >>> Manuals don't quote the root user, though, and tftpd(8) is the only manual >>> I found where an unprivileged user is mentioned... without quotes. >>> >> >> well, first your commit message should say what you're changing. > >Agreed, point taken. > >> >> this is a lesson for me as well, since i'm guilty of glibly changing >> things with very terse commit messages! >> >> regarding the change: >> >> - we wouldn;t normally mark up "root" (or quote it) because root is a >> very general concept, we all understand it. >> specific users are very different, and either quoting or >> marking up the username makes the text easier to read. >> >> - tftpd(8) does not mark it up, but it does not mention other users. so >> at least it's internally consistent. your change made the page >> internally inconsistent. >> >> so i think we should reinstate it to how it was, and then we can have a >> conversation about if it's better to not quote usernames, or whether a >> specific mark up is required. (in my opinion it was good as it was) >> >> jmc > >-chroots to "/var/empty" and changes to user "_ftp_proxy" to drop privileges. >+needs to start as root and drops privileges to the _ftp_proxy user. > >Reverting that hunk makes it not match the code, there's no chroot() anymore; >the simpler wording now matches usr.sbin/tftpd/tftpd.8 r1.12: > > [...] > Also reduce privdrop details to what's required for users to know. > > Feedback OK schwarze > >I can add the quotes back around the user, if you want. >Either way, the two manuals should be in sync. > >Feedback? OK? > >Index: usr.sbin/tftpd/tftpd.8 >=================================================================== >RCS file: /cvs/src/usr.sbin/tftpd/tftpd.8,v >diff -u -p -r1.12 tftpd.8 >--- usr.sbin/tftpd/tftpd.8 18 May 2025 07:01:41 -0000 1.12 >+++ usr.sbin/tftpd/tftpd.8 21 May 2025 08:07:09 -0000 >@@ -77,7 +77,9 @@ network bootloaders access this path to > kernel load. > .Pp > .Nm >-needs to start as root and drops privileges to the _tftpd user. >+needs to start as root and drops privileges to the >+.Dq _tftpd >+user. > .Pp > The options are as follows: > .Bl -tag -width Ds >Index: usr.sbin/ftp-proxy/ftp-proxy.8 >=================================================================== >RCS file: /cvs/src/usr.sbin/ftp-proxy/ftp-proxy.8,v >diff -u -p -r1.26 ftp-proxy.8 >--- usr.sbin/ftp-proxy/ftp-proxy.8 21 May 2025 03:15:40 -0000 1.26 >+++ usr.sbin/ftp-proxy/ftp-proxy.8 21 May 2025 08:06:51 -0000 >@@ -82,7 +82,9 @@ pass out from $client to $server port $p > .Ed > .Pp > .Nm >-needs to start as root and drops privileges to the _ftp_proxy user. >+needs to start as root and drops privileges to the >+.Dq _ftp_proxy >+user. > .Pp > The options are as follows: > .Bl -tag -width Ds > >
