Ticket #404 (reopened task)
PloneFTP should not run as root
| Reported by: | grant | Owned by: | |
|---|---|---|---|
| Priority: | critical | Milestone: | 4.6 |
| Component: | AuthorProfile | Severity: | New Ticket |
| Keywords: | Cc: | ||
| Who will test this: | And |
Description
PlumiFTP is running as root which is not ideal from a security perspective. Can we modify it so it can run without needing to do so?
Comment from Dimo:
I don't know of any way of doing that without changing how plumiftp works. The plumiftp init script will always need root privileges to bind to port 21 for listening ftp connections.
Grant, do you know of any sysadmin trick to make plumiftp drop the root privileges but keep using port 21?
I'm afraid we would have to modify plumiftp significantly in the next version so that it drops its root privileges right after it binds port 21. But that's beyond the scope of the current contract.
Comment from Grant:
Nope - no idea - the whole thing needs some research & assessment. How do other FTP daemons do it?
Attachments
Change History
comment:4 Changed 2 years ago by anna
Can somebody clarify this via email please - in terms of what the risk is.
comment:5 Changed 2 years ago by mike
- Status changed from new to closed
- Resolution set to fixed
This was done in 4.1.
comment:6 Changed 2 years ago by dimo
- Status changed from closed to reopened
- Resolution fixed deleted
- Summary changed from PlumiFTP should not run as root to PloneFTP should not run as root
apparently this is still an issue in production builds with ploneftp listening on port 21
This link could be helpful: http://stackoverflow.com/questions/2699907/dropping-root-permissions-in-python
comment:11 Changed 3 months ago by anna
would be great to get an estimate of time needed to do this, or a rundown of what might be involved.
