Ticket #404 (reopened task)
PloneFTP should not run as root
|Reported by:||grant||Owned by:|
|Who will test this:||And|
PlumiFTP is running as root which is not ideal from a security perspective. Can we modify it so it can run without needing to do so?
Comment from Dimo:
I don't know of any way of doing that without changing how plumiftp works. The plumiftp init script will always need root privileges to bind to port 21 for listening ftp connections.
Grant, do you know of any sysadmin trick to make plumiftp drop the root privileges but keep using port 21?
I'm afraid we would have to modify plumiftp significantly in the next version so that it drops its root privileges right after it binds port 21. But that's beyond the scope of the current contract.
Comment from Grant:
Nope - no idea - the whole thing needs some research & assessment. How do other FTP daemons do it?
- Status changed from closed to reopened
- Resolution fixed deleted
- Summary changed from PlumiFTP should not run as root to PloneFTP should not run as root