[Techtalk] Re: LIDS and CAPSET woes
Raven Alder
raven at oneeyedcrow.net
Tue Jan 7 20:06:50 EST 2003
Heya --
Thankyouthankyouthankyou! [grin]
Quoth Mandi (Tue, Jan 07, 2003 at 05:52:19PM -0500):
> (disclaimer: i am not a kernel hacker...where's VAL when you need her?!?)
Your post gave me enough information to solve my problem. So
have a happy glowy moment.
> there is one call to capset, in sysdeputil.c in the vsftpd source. It
> looks like it's calling for CAP_CHOWN and CAP_NET_BIND_SERVICE. chown is
> probably the one you don't have in your LIDS conf.
Yep -- I gave the vsftp daemon the ability to CAP_CHOWN and
CAP_NET_BIND_SERVICE for ports 20 and 21, and suddenly everything was
coming up roses. (For anyone googling this later:)
root at batcat ~ $ lidsconf -A -s /usr/local/sbin/vsftpd -o CAP_CHOWN -j
GRANT
root at batcat ~ $ lidsconf -A -s /usr/local/sbin/vsftpd -o
CAP_NET_BIND_SERVICE 20 -j GRANT
root at batcat ~ $ lidsconf -A -s /usr/local/sbin/vsftpd -o
CAP_NET_BIND_SERVICE 21 -j GRANT
...
raven at batcat ~ $ ftp localhost
Connected to localhost.
220 (vsFTPd 1.1.3)
Name (localhost:raven): anonymous
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing. [and so forth]
> (oh, and btw, next time you build your kernel, you can change the
> EXTRAVERSION in the Makefile so as not to overwrite your working system.
> ;) )
Yeah, I ran into that just exactly too late. [grin] Oh well,
I learned something new for next time. Thanks so much for your very
prompt help!
Cheers,
Raven
"Mug the Traveller."
-- advice from the box of an Irish tea cup
More information about the Techtalk
mailing list