From c749750a03262e366fe00da50296fb763c5c483a Mon Sep 17 00:00:00 2001 From: Matthias Saou Date: Aug 01 2005 15:17:49 +0000 Subject: PAM fixes (#163026). --- diff --git a/proftpd.conf b/proftpd.conf index aaa0e2d..4c03ded 100644 --- a/proftpd.conf +++ b/proftpd.conf @@ -1,5 +1,5 @@ # This is the ProFTPD configuration file -# $Id: proftpd.conf,v 1.4 2004/11/16 18:34:25 thias Exp $ +# $Id: proftpd.conf,v 1.5 2005/08/01 15:17:49 thias Exp $ ServerName "ProFTPD server" ServerIdent on "FTP Server ready." @@ -16,8 +16,9 @@ DeferWelcome off # Use this to excude users from the chroot DefaultRoot ~ !adm -# Use pam to authenticate by default -AuthPAMAuthoritative on +# Use pam to authenticate (default) and be authoritative +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c # Do not perform ident nor DNS lookups (hangs when the port is filtered) IdentLookups off @@ -106,8 +107,8 @@ LogFormat auth "%v [%P] %h %t \"%r\" %s" # DisplayReadme README* # # # Some more cosmetic and not vital stuff -# DirFakeUser on ftpadm -# DirFakeGroup on ftpadm +# DirFakeUser on ftp +# DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot # diff --git a/proftpd.spec b/proftpd.spec index 823184f..1f211dd 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -1,7 +1,7 @@ Summary: Flexible, stable and highly-configurable FTP server Name: proftpd Version: 1.2.10 -Release: 4%{?_with_ldap:_ldap}%{?_with_mysql:_mysql}%{?_with_postgresql:_pgsql} +Release: 5%{?_with_ldap:_ldap}%{?_with_mysql:_mysql}%{?_with_postgresql:_pgsql}%{?dist} License: GPL Group: System Environment/Daemons URL: http://www.proftpd.org/ @@ -11,8 +11,9 @@ Source2: proftpd.init Source3: proftpd-xinetd Source4: proftpd.logrotate Source5: welcome.msg +Source6: proftpd.pam BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root -Requires: pam >= 0.59, /sbin/service, /sbin/chkconfig, /etc/init.d +Requires: pam >= 0.59, /sbin/service, /sbin/chkconfig BuildRequires: pam-devel, perl, ncurses-devel, pkgconfig %{!?_without_tls:Requires: openssl} %{!?_without_tls:BuildRequires: openssl-devel, krb5-devel} @@ -74,12 +75,12 @@ fi %makeinstall rundir="%{buildroot}%{_localstatedir}/run/proftpd" \ INSTALL_USER=`id -un` \ INSTALL_GROUP=`id -gn` -%{__install} -D -m 644 contrib/dist/rpm/ftp.pamd %{buildroot}%{_sysconfdir}/pam.d/ftp %{__install} -D -m 640 %{SOURCE1} %{buildroot}%{_sysconfdir}/proftpd.conf %{__install} -D -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd %{__install} -D -m 640 %{SOURCE3} %{buildroot}%{_sysconfdir}/xinetd.d/xproftpd %{__install} -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/logrotate.d/proftpd %{__install} -D -m 644 %{SOURCE5} %{buildroot}/var/ftp/welcome.msg +%{__install} -D -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/proftpd %{__mkdir_p} %{buildroot}/var/ftp/uploads %{__mkdir_p} %{buildroot}/var/ftp/pub %{__mkdir_p} %{buildroot}/var/log/proftpd @@ -103,9 +104,9 @@ fi %preun if [ $1 = 0 ]; then - /sbin/service proftpd stop >/dev/null 2>&1 || : + /sbin/service proftpd stop &>/dev/null || : /sbin/chkconfig --del proftpd - /sbin/service xinetd reload >/dev/null 2>&1 || : + /sbin/service xinetd reload &>/dev/null || : if [ -d /var/run/proftpd ]; then rm -rf /var/run/proftpd/* fi @@ -113,7 +114,7 @@ fi %postun if [ $1 -ge 1 ]; then - /sbin/service proftpd condrestart >/dev/null 2>&1 + /sbin/service proftpd condrestart &>/dev/null || : fi @@ -125,7 +126,7 @@ fi %config(noreplace) %{_sysconfdir}/proftpd.conf %config(noreplace) %{_sysconfdir}/xinetd.d/xproftpd %config %{_sysconfdir}/ftpusers -%config %{_sysconfdir}/pam.d/ftp +%config %{_sysconfdir}/pam.d/proftpd %config %{_sysconfdir}/logrotate.d/proftpd %{_sysconfdir}/rc.d/init.d/proftpd %{_mandir}/*/* @@ -139,6 +140,12 @@ fi %changelog +* Wed Jul 13 2005 Matthias Saou 1.2.10-5 +- The provided pam.d file no longer works, use our own based on the one from + the vsftpd package (#163026). +- Rename the pam.d file we use from 'ftp' to 'proftpd'. +- Update deprecated AuthPAMAuthoritative in the config file (see README.PAM). + * Tue May 10 2005 Matthias Saou 1.2.10-4 - Disable stripping in order to get useful debuginfo packages.