Patchwork proftpd: use /bin/false as the login shell

login
register
mail settings
Submitter rongqing.li@windriver.com
Date Dec. 2, 2013, 2:27 a.m.
Message ID <1385951256-5645-1-git-send-email-rongqing.li@windriver.com>
Download mbox | patch
Permalink /patch/62645/
State Superseded, archived
Headers show

Comments

rongqing.li@windriver.com - Dec. 2, 2013, 2:27 a.m.
From: Roy Li <rongqing.li@windriver.com>

Use /bin/false as the login shell, just like what Ubuntu does,
otherwise there might be secure issue.

Signed-off-by: Roy Li <rongqing.li@windriver.com>
---
 meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
rongqing.li@windriver.com - Dec. 2, 2013, 4:43 a.m.
Drop it, I will fix the commit log

On 12/02/2013 10:27 AM, rongqing.li@windriver.com wrote:
> From: Roy Li <rongqing.li@windriver.com>
>
> Use /bin/false as the login shell, just like what Ubuntu does,
> otherwise there might be secure issue.
>
> Signed-off-by: Roy Li <rongqing.li@windriver.com>
> ---
>   meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb |    3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> index 6537b77..0006a2a 100644
> --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
> @@ -62,6 +62,7 @@ INITSCRIPT_PARAM = "defaults 85 15"
>
>   USERADD_PACKAGES = "${PN}"
>   GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
> -USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
> +USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/ftp --no-create-home \
> +                       --shell /bin/false ${FTPUSER}"
>
>   FILES_${PN} += "/home/${FTPUSER}"
>

Patch

diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
index 6537b77..0006a2a 100644
--- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
+++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.4b.bb
@@ -62,6 +62,7 @@  INITSCRIPT_PARAM = "defaults 85 15"
 
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM_${PN} = "--system ${FTPGROUP}"
-USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} ${FTPUSER}"
+USERADD_PARAM_${PN} = "--system -g ${FTPGROUP} --home-dir /var/lib/ftp --no-create-home \
+                       --shell /bin/false ${FTPUSER}"
 
 FILES_${PN} += "/home/${FTPUSER}"