From svysh@pn.sinp.msu.ru  Tue Sep 16 01:10:33 2003
Return-Path: <svysh@pn.sinp.msu.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE96816A4B3
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Sep 2003 01:10:33 -0700 (PDT)
Received: from vivaldi.pn.sinp.msu.ru (pn-gw.sinp.msu.ru [213.131.0.178])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D290943FBF
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Sep 2003 01:10:31 -0700 (PDT)
	(envelope-from svysh@pn.sinp.msu.ru)
Received: from vivaldi.pn.sinp.msu.ru (svysh@localhost [127.0.0.1])
	by vivaldi.pn.sinp.msu.ru (8.12.9/8.12.9) with ESMTP id h8G8ATZw003624
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 16 Sep 2003 12:10:29 +0400 (MSD)
	(envelope-from svysh@vivaldi.pn.sinp.msu.ru)
Received: (from svysh@localhost)
	by vivaldi.pn.sinp.msu.ru (8.12.9/8.12.9/Submit) id h8G8ARcc003623;
	Tue, 16 Sep 2003 12:10:27 +0400 (MSD)
	(envelope-from svysh)
Message-Id: <200309160810.h8G8ARcc003623@vivaldi.pn.sinp.msu.ru>
Date: Tue, 16 Sep 2003 12:10:27 +0400 (MSD)
From: Sergei Vyshenski <svysh-4@pn.sinp.msu.ru>
Reply-To: Sergei Vyshenski <svysh-4@pn.sinp.msu.ru>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ftpd ignores default umask settings
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         56914
>Category:       bin
>Synopsis:       ftpd ignores default umask settings
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    yar
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 16 01:20:08 PDT 2003
>Closed-Date:    Sat Oct 30 11:33:24 GMT 2004
>Last-Modified:  Sat Oct 30 11:33:24 GMT 2004
>Originator:     Sergei Vyshenski <svysh-4@pn.sinp.msu.ru>
>Release:        FreeBSD 4.9-PRERELEASE i386
>Organization:
>Environment:
System: FreeBSD 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #0: Thu Sep 11 04:53:19 MSD 2003 i386


>Description:
	With /usr/libexec/ftpd all files uploaded by user ftp get permissions 644
	regardless of default umask value set by -u option for ftpd or from /etc/login.conf.
>How-To-Repeat:

	Arrange ~ftp as /stand/sysinstall does by default for Anonymous FTP server.
	1) Add to /etc/login.conf the line

	ftp::umask=027:

	do "cap_mkdb /etc/login.conf".

	And/or 
	2) add to /etc/inetd.conf the line 

	ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -l -A -h -M -u 027

	do "killall -1 inetd".

	Then log in to the ftpd as user "anonymous" and upload a file.
	Uploaded file has mode 644, instead of mode 640 expected from the given default umask

>Fix:

	Use wu-ftpd or proftpd from ports instead.


>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@ringlet.net>
To: Sergei Vyshenski <svysh-4@pn.sinp.msu.ru>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/56914: ftpd ignores default umask settings
Date: Tue, 16 Sep 2003 12:27:27 +0300

 On Tue, Sep 16, 2003 at 12:10:27PM +0400, Sergei Vyshenski wrote:
 > 
 > >Number:         56914
 > >Category:       bin
 > >Synopsis:       ftpd ignores default umask settings
 > >Class:          sw-bug
 > >Arrival-Date:   Tue Sep 16 01:20:08 PDT 2003
 > >Originator:     Sergei Vyshenski <svysh-4@pn.sinp.msu.ru>
 > >Release:        FreeBSD 4.9-PRERELEASE i386
 > >Organization:
 > >Environment:
 > System: FreeBSD 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #0: Thu Sep 11 04:53:19 MSD 2003 i386
 > 
 > 
 > >Description:
 > 	With /usr/libexec/ftpd all files uploaded by user ftp get permissions 644
 > 	regardless of default umask value set by -u option for ftpd or from /etc/login.conf.
 > >How-To-Repeat:
 > 
 > 	Arrange ~ftp as /stand/sysinstall does by default for Anonymous
 > 	FTP server.
 > 	1) Add to /etc/login.conf the line
 > 
 > 	ftp::umask=027:
 > 
 > 	do "cap_mkdb /etc/login.conf".
 
 Adding the 'ftp' class to /etc/login.conf will not automatically
 make the 'ftp' user actually use this class's settings.  Is the 'ftp'
 user actually a member of the 'ftp' login class?  You can tell by
 issuing the 'chfn ftp' command as root and checking the 'Class'
 field; if it does not say 'ftp', then the ftp user will not honor
 your login.conf settings for the 'ftp' class.
 
 G'luck,
 Peter
 
 -- 
 Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
 PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
 Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
 I am the thought you are now thinking.

From: Sergei Vyshenski <fbsd-4@pn.sinp.msu.ru>
To: Peter Pentchev <roam@ringlet.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: bin/56914: ftpd ignores default umask settings
Date: Wed, 17 Sep 2003 01:55:14 +0400

 >
 >Adding the 'ftp' class to /etc/login.conf will not automatically
 >make the 'ftp' user actually use this class's settings.  Is the 'ftp'
 >user actually a member of the 'ftp' login class?  You can tell by
 >issuing the 'chfn ftp' command as root and checking the 'Class'
 >field; if it does not say 'ftp', then the ftp user will not honor
 >your login.conf settings for the 'ftp' class.
 >
 >G'luck,
 >Peter
 
 
 Thank you very much. 2 issues still remain.
 
 1) Neither "man ftpd", no "man login.conf" mention existence of chfn.
 And /stand/sysinstall did not added class info for user ftp
 for me.
 
 2) Option ftpd -u ... is overridden from login.conf : either by ftp class,
 of by default class (which is always present). Then why option -d exists 
 at all?
 
 Thanks again, Sergei
 

From: Barry Pederson <bp@barryp.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/56914: ftpd ignores default umask settings
Date: Thu, 30 Sep 2004 11:00:35 -0500

 I've been burned by this too, but here's a pretty simple patch that stops the 
 login class umasks from overriding what's on the commandline:
 
 
 
 --- libexec/ftpd/ftpd.c.original        Fri Feb 14 06:42:42 2003
 +++ libexec/ftpd/ftpd.c Thu Sep 30 10:48:22 2004
 @@ -1187,7 +1187,7 @@
          pw = NULL;
   #ifdef LOGIN_CAP
          setusercontext(NULL, getpwuid(0), (uid_t)0,
 -                      LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
 +                      LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
   #endif
          logged_in = 0;
          guest = 0;
 @@ -1428,7 +1428,7 @@
          }
          setusercontext(lc, pw, (uid_t)0,
                  LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY|
 -               LOGIN_SETRESOURCES|LOGIN_SETUMASK);
 +               LOGIN_SETRESOURCES);
   #else
          setlogin(pw->pw_name);
          (void) initgroups(pw->pw_name, pw->pw_gid);
Responsible-Changed-From-To: freebsd-bugs->yar 
Responsible-Changed-By: yar 
Responsible-Changed-When: Sun Oct 24 20:54:57 GMT 2004 
Responsible-Changed-Why:  
My area. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56914 

From: Yar Tikhiy <yar@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org, svysh-4@pn.sinp.msu.ru
Cc:  
Subject: Re: bin/56914: ftpd ignores default umask settings
Date: Mon, 25 Oct 2004 00:54:19 +0400

 Hi there,
 
 First of all, I beg your pardon for it took so long to deal
 with this PR.
 
 > 1) Neither "man ftpd", no "man login.conf" mention existence of chfn.
 
 In fact, the existing reference chain is as follows:
 ftpd(8) -> login.conf(5) -> passwd(5) -> chpass(1)
 It may look lengthy, but man pages give the most relevant references only.
 You see, login.conf(5) doesn't mention chpass(1) since there's more
 than one way to edit master.passwd data and references to them are
 given on the passwd(5) page, which is referenced by login.conf(5).
 By the way, chfn is just an alias for chpass, which is the canonical
 name of the utility.
 
 >  And /stand/sysinstall did not added class info for user ftp
 >  for me.
 
 /stand/sysinstall is more to a quick'n'dirty initial setup tool
 than to a full-blown system control panel.  Therefore you still
 need to use your favourite text editor against the /etc files to
 get a well-configured system.  However, you may like to file a
 respective change request for /stand/sysinstall.
   
 >  2) Option ftpd -u ... is overridden from login.conf : either by ftp class,
 >  of by default class (which is always present). Then why option -d exists 
 >  at all?
 
 For historical reasons, I guess: login.conf(5) and login_class(3)
 haven't always been there, and ftpd(8) still can be built without
 support for them.
 
 -- 
 Yar
State-Changed-From-To: open->closed 
State-Changed-By: yar 
State-Changed-When: Sat Oct 30 11:27:26 GMT 2004 
State-Changed-Why:  
It's a shame, but the PR stayed w/o our attention so long 
that its originator's email had gone.  I think there is no 
issue raised in this PR, therefore I'm closing it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=56914 
>Unformatted:
