[proftpd] Make mod_vroot a DSO, loaded by default (#772354)

Tue Jan 10 22:23:14 UTC 2012

commit 5766525dd85d8a712396da1f869af2becc39dc2d
Author: Paul Howarth <paul at city-fan.org>
Date:   Tue Jan 10 21:51:47 2012 +0000

    Make mod_vroot a DSO, loaded by default (#772354)
    
    - Make mod_vroot a DSO, loaded by default (#772354)
    - VRootAlias for /etc/security/pam_env.conf is redundant, so remove it

 proftpd.conf |   13 +++++++++----
 proftpd.spec |   11 ++++++++---
 2 files changed, 17 insertions(+), 7 deletions(-)
---

diff --git a/proftpd.conf b/proftpd.conf
index f8da84c..b5e6352 100644
--- a/proftpd.conf
+++ b/proftpd.conf
@@ -11,11 +11,7 @@ ServerAdmin			root at localhost
 DefaultServer			on
 
 # Cause every FTP user except adm to be chrooted into their home directory
-# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
-# work at session-end time (http://bugzilla.redhat.com/477120)
-VRootEngine			on
 DefaultRoot			~ !adm
-VRootAlias			/etc/security/pam_env.conf etc/security/pam_env.conf
 
 # Use pam to authenticate (default) and be authoritative
 AuthPAMConfig			proftpd
@@ -186,6 +182,15 @@ LogFormat			auth	"%v [%P] %h %t \"%r\" %s"
 # database tables (http://www.proftpd.org/docs/contrib/mod_wrap2_sql.html)
 #   LoadModule mod_wrap2_sql.c
 #
+# Implement a virtual chroot capability that does not require root privileges
+# (http://www.castaglia.org/proftpd/modules/mod_vroot.html)
+# Using this module rather than the kernel's chroot() system call works
+# around issues with PAM and chroot (http://bugzilla.redhat.com/506735)
+LoadModule mod_vroot.c
+<IfModule mod_vroot.c>
+  VRootEngine			on
+</IfModule>
+#
 # Provide a flexible way of specifying that certain configuration directives
 # only apply to certain sessions, based on credentials such as connection
 # class, user, or group membership
diff --git a/proftpd.spec b/proftpd.spec
index 281f3cb..b82aded 100644
--- a/proftpd.spec
+++ b/proftpd.spec
@@ -41,7 +41,7 @@
 %endif
 
 #global prever rc3
-%global rpmrel 1
+%global rpmrel 2
 
 Summary:		Flexible, stable and highly-configurable FTP server
 Name:			proftpd
@@ -208,7 +208,7 @@ chmod -c -x include/tpl.h lib/tpl.c
 # Modules to be built as DSO's (excluding mod_ifsession, always specified last)
 SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres
 SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql
-SMOD3=mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load
+SMOD3=mod_ldap:mod_ban:mod_wrap:mod_ctrls_admin:mod_facl:mod_load:mod_vroot
 SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper:mod_geoip
 SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos
 SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache%{?have_libmemcached::mod_tls_memcache}
@@ -229,7 +229,7 @@ SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache%{?have_libmemcached::m
 			--enable-tests \
 			--with-libraries="%{_libdir}/mysql" \
 			--with-includes="%{_includedir}/mysql" \
-			--with-modules=mod_readme:mod_auth_pam:mod_tls:mod_vroot \
+			--with-modules=mod_readme:mod_auth_pam:mod_tls \
 			--with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession
 
 make %{?_smp_mflags}
@@ -431,6 +431,7 @@ fi
 %{_libexecdir}/proftpd/mod_sql_passwd.so
 %{?have_libmemcached:%{_libexecdir}/proftpd/mod_tls_memcache.so}
 %{_libexecdir}/proftpd/mod_tls_shmcache.so
+%{_libexecdir}/proftpd/mod_vroot.so
 %{_libexecdir}/proftpd/mod_wrap.so
 %{_libexecdir}/proftpd/mod_wrap2.so
 %{_libexecdir}/proftpd/mod_wrap2_file.so
@@ -455,6 +456,10 @@ fi
 %{_libexecdir}/proftpd/mod_sql_postgres.so
 
 %changelog
+* Tue Jan 10 2012 Paul Howarth <paul at city-fan.org> 1.3.4a-2
+- Make mod_vroot a DSO, loaded by default (#772354)
+- VRootAlias for /etc/security/pam_env.conf is redundant, so remove it
+
 * Fri Nov 11 2011 Paul Howarth <paul at city-fan.org> 1.3.4a-1
 - Update to 1.3.4a:
   - Fixed mod_load/mod_wrap2 build issues
