dropping privileges doesn't work if home is specified
Fedyon opened this issue · 2 comments
Because the global pw is only filled in by src/uftpd.c:init()
if (!home) {
pw = getpwnam(FTP_DEFAULT_USER);
Is this intentional? I feel any ftpd running in root context is not right thing in any circumstances...
Yup, the reason was I wanted to support two use-cases: 1) use home from passwd, e.g. ftp user's, 2) quickly share files from random directory as myself.
There are lots of other ftp servers out there, in particular vsftpd if you want security. I've mentioned this in several places in the documentation.
Ya, I thought that might be, but currently documents say only this in ChangeLog: "Support for dropping privileges if a valid FTP user exists," where I read (mistook) it as "IF a valid FTP user exists, THEN privileges will be dropped."
No I'm not complaining, but a separate switch to control dropping privileges might be nice to have, at least for me: I wanted a quick ftpd to receive files from buggy network cameras, and relay those files over samba. But then root-owned files looked like all read-only from samba, and creating root share in samba sounded a bit too scary (compared to relatively simple ftp).
Thanks anyways, it's already working locally (with that line flipped :-).