[proftpd] Make mod_vroot a DSO, loaded by default (#772354)
Paul Howarth
pghmcfc at fedoraproject.org
Tue Jan 10 22:23:14 UTC 2012
commit 5766525dd85d8a712396da1f869af2becc39dc2d
Author: Paul Howarth <paul at city-fan.org>
Date: Tue Jan 10 21:51:47 2012 +0000
Make mod_vroot a DSO, loaded by default (#772354)
- Make mod_vroot a DSO, loaded by default (#772354)
- VRootAlias for /etc/security/pam_env.conf is redundant, so remove it
proftpd.conf | 13 +++++++++----
proftpd.spec | 11 ++++++++---
2 files changed, 17 insertions(+), 7 deletions(-)
---
diff --git a/proftpd.conf b/proftpd.conf
index f8da84c..b5e6352 100644
--- a/proftpd.conf
+++ b/proftpd.conf
@@ -11,11 +11,7 @@ ServerAdmin root at localhost
DefaultServer on
# Cause every FTP user except adm to be chrooted into their home directory
-# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
-# work at session-end time (http://bugzilla.redhat.com/477120)
-VRootEngine on
DefaultRoot ~ !adm
-VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
@@ -186,6 +182,15 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s"
# database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html)
# LoadModule mod_wrap2_sql.c
#
+# Implement a virtual chroot capability that does not require root privileges
+# (http://www.castaglia.org/proftpd/modules/mod_vroot.html)
+# Using this module rather than the kernel's chroot() system call works
+# around issues with PAM and chroot (http://bugzilla.redhat.com/506735)
+LoadModule mod_vroot.c
+<IfModule mod_vroot.c>
+ VRootEngine on
+</IfModule>
+#
# Provide a flexible way of specifying that certain configuration directives
# only apply to certain sessions, based on credentials such as connection
# class, user, or group membership
diff --git a/proftpd.spec b/proftpd.spec
index 281f3cb..b82aded 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -41,7 +41,7 @@
%endif
#global prever rc3
-%global rpmrel 1
+%global rpmrel 2
Summary: Flexible, stable and highly-configurable FTP server
Name: proftpd
@@ -208,7 +208,7 @@ chmod -c -x include/tpl.h lib/tpl.c
# Modules to be built as DSO's (excluding mod_ifsession, always specified last)
SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres
SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql
-SMOD3=mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load
+SMOD3=mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load:mod_vroot
SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper:mod_geoip
SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos
SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache%{?have_libmemcached::mod_tls_memcache}
@@ -229,7 +229,7 @@ SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache%{?have_libmemcached::m
--enable-tests \
--with-libraries="%{_libdir}/mysql" \
--with-includes="%{_includedir}/mysql" \
- --with-modules=mod_readme:mod_auth_pam:mod_tls:mod_vroot \
+ --with-modules=mod_readme:mod_auth_pam:mod_tls \
--with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession
make %{?_smp_mflags}
@@ -431,6 +431,7 @@ fi
%{_libexecdir}/proftpd/mod_sql_passwd.so
%{?have_libmemcached:%{_libexecdir}/proftpd/mod_tls_memcache.so}
%{_libexecdir}/proftpd/mod_tls_shmcache.so
+%{_libexecdir}/proftpd/mod_vroot.so
%{_libexecdir}/proftpd/mod_wrap.so
%{_libexecdir}/proftpd/mod_wrap2.so
%{_libexecdir}/proftpd/mod_wrap2_file.so
@@ -455,6 +456,10 @@ fi
%{_libexecdir}/proftpd/mod_sql_postgres.so
%changelog
+* Tue Jan 10 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-2
+- Make mod_vroot a DSO, loaded by default (#772354)
+- VRootAlias for /etc/security/pam_env.conf is redundant, so remove it
+
* Fri Nov 11 2011 Paul Howarth <paul at city-fan.org> 1.3.4a-1
- Update to 1.3.4a:
- Fixed mod_load/mod_wrap2 build issues
More information about the scm-commits
mailing list