ProxyTables permission check fails unexpectedly on AIX

Question

ProxyTables permission check fails unexpectedly on AIX

ws0w opened this issue 4 years ago · 10 comments

I'm testing mod_proxy on AIX with ProFTPd 1.3.7a

The first time I started ProFTPd with a reverse proxy config, I go this message:

mod_proxy/0.6: ProxyTables directory '/opt/proftpd/var/proxy' does not exist, creating it

The next time I tried to start ProFTPd, I got this message and it fails to start:

fatal: ProxyTables: directory '/opt/proftpd/var/proxy/empty' has incorrect permissions (not 0111 as required) on line 270 of '/opt/proftpd/etc/proftpd.conf'

The permissions ARE 0111 on /opt/proftpd/var/proxy/empty ( which was created by mod_proxy)>

Line 270 just has this:

ProxyTables /opt/proftpd/var/proxy

It doesn't seem to matter what I set ProxyTables to. If the directory does not exist, it gets created. If it does exist, proftpd fails to start with the error message that the permissions are not 0111, even though they are.

Hopefully, I'm missing something obvious.

Answer 1 · 2020-08-15T19:44:43.000Z

Are you starting ProFTPD as root, or as some non-root user?

Also, what does this command show?

$ ls -ald /opt /opt/proftpd /opt/proftpd/var /opt/proftpd/var/proxy /opt/proftpd/var/proxy/empty

Answer 2 · 2020-08-17T20:28:59.000Z

ProFTPd is started by root.

Here's the requested output:

drwxr-xr-x 24 root system 4096 Apr 16 11:17 /opt/
drwxr-xr-x 12 cmwadm webapp 4096 Apr 10 2017 /opt/proftpd/
drwxr-xr-x 3 cmwadm webapp 4096 Aug 14 17:32 /opt/proftpd/var/
d--x--x--x 3 root system 256 Aug 11 19:13 /opt/proftpd/var/proxy/
d--x--x--x 2 root system 256 Aug 11 19:13 /opt/proftpd/var/proxy/empty/

Answer 3 · 2020-09-07T23:09:58.000Z

Could you provide the proftpd.conf you're using, including the mod_proxy configs, please?

Answer 4 · 2020-09-07T23:43:40.000Z

I've just merged a change to print out the permissions that mod_proxy thinks it found, if not the expected "0111" permissions.

I'm not able to reproduce this behavior locally; could there be some AIX-isms involved? That's why I'm hoping that maybe there's something else in your ProFTPD/mod_proxy configuration that might be at play here.

Answer 5 · 2020-09-08T16:18:31.000Z

The config is attached.

proftpd.conf.txt

Answer 6 · 2020-09-08T16:40:46.000Z

Here is the output with the updated mod_proxy.c:

2020-09-08 10:39:19,044 dhemdftp1 proftpd[10027134]: Entered ldap_mod_init
2020-09-08 10:39:19,060 dhemdftp1 proftpd[10027134]: fatal: ProxyTables: directory '/opt/proftpd/var/proxy/empty' has incorrect permissions (200111, not 0111 as required) on line 221 of '/opt/proftpd/etc/proftpd.conf'

Answer 7 · 2020-09-09T04:08:35.000Z

Fascinating. It must be something with how AIX defines the S_IFMT macro, which is ostensibly used to mask off a file type from the st.st_mode field.

Some Internet searches reveal that indeed, S_IFMT is not defined the same way across platforms. Most are the same...but there are exceptions:

Answer 8 · 2020-09-09T04:19:19.000Z

@ws0w Can you apply #170, see if it changes the behavior (even if the reported wrong perms value is different)?

Answer 9 · 2020-09-09T20:01:49.000Z

With #170 applied, ProFTPd now starts without any error message.

Answer 10 · 2020-09-10T00:47:47.000Z

Fix merged to master. Thanks!