ProxyTables permission check fails unexpectedly on AIX
ws0w opened this issue · 10 comments
I'm testing mod_proxy on AIX with ProFTPd 1.3.7a
The first time I started ProFTPd with a reverse proxy config, I go this message:
mod_proxy/0.6: ProxyTables directory '/opt/proftpd/var/proxy' does not exist, creating it
The next time I tried to start ProFTPd, I got this message and it fails to start:
fatal: ProxyTables: directory '/opt/proftpd/var/proxy/empty' has incorrect permissions (not 0111 as required) on line 270 of '/opt/proftpd/etc/proftpd.conf'
The permissions ARE 0111 on /opt/proftpd/var/proxy/empty ( which was created by mod_proxy)>
Line 270 just has this:
ProxyTables /opt/proftpd/var/proxy
It doesn't seem to matter what I set ProxyTables to. If the directory does not exist, it gets created. If it does exist, proftpd fails to start with the error message that the permissions are not 0111, even though they are.
Hopefully, I'm missing something obvious.
Are you starting ProFTPD as root, or as some non-root user?
Also, what does this command show?
$ ls -ald /opt /opt/proftpd /opt/proftpd/var /opt/proftpd/var/proxy /opt/proftpd/var/proxy/empty
ProFTPd is started by root.
Here's the requested output:
drwxr-xr-x 24 root system 4096 Apr 16 11:17 /opt/
drwxr-xr-x 12 cmwadm webapp 4096 Apr 10 2017 /opt/proftpd/
drwxr-xr-x 3 cmwadm webapp 4096 Aug 14 17:32 /opt/proftpd/var/
d--x--x--x 3 root system 256 Aug 11 19:13 /opt/proftpd/var/proxy/
d--x--x--x 2 root system 256 Aug 11 19:13 /opt/proftpd/var/proxy/empty/
Could you provide the proftpd.conf
you're using, including the mod_proxy
configs, please?
I've just merged a change to print out the permissions that mod_proxy
thinks it found, if not the expected "0111" permissions.
I'm not able to reproduce this behavior locally; could there be some AIX-isms involved? That's why I'm hoping that maybe there's something else in your ProFTPD/mod_proxy configuration that might be at play here.
The config is attached.
Here is the output with the updated mod_proxy.c:
2020-09-08 10:39:19,044 dhemdftp1 proftpd[10027134]: Entered ldap_mod_init
2020-09-08 10:39:19,060 dhemdftp1 proftpd[10027134]: fatal: ProxyTables: directory '/opt/proftpd/var/proxy/empty' has incorrect permissions (200111, not 0111 as required) on line 221 of '/opt/proftpd/etc/proftpd.conf'
Fascinating. It must be something with how AIX defines the S_IFMT
macro, which is ostensibly used to mask off a file type from the st.st_mode
field.
Some Internet searches reveal that indeed, S_IFMT
is not defined the same way across platforms. Most are the same...but there are exceptions:
Fix merged to master. Thanks!