| View previous topic :: View next topic |
| Author |
Message |
Asc
n00b
Joined: 07 Feb 2004
Posts: 6
|
 Posted: Mon Feb 16, 2004 9:04 pm Post subject: vsftpd: OOPS must be started as root |
 |
|
I edited the config file and changed the user = root line. I assigned a special user for the ftp daemon. but then I had the problem, that when I connected to the ftp I got a errormessage: OOOPS: vsftpd must be started as root.
Well, then I edited my /etc/passwd and changed the ftpuser line by setting the User ID = ROOT and group ID = ROOT.
everything is now working fine. but I'm not really sure, if this is really the way to go. =) is there another way to give root privilleges to a user?
I plan to run a subversion, an apache and a ftp server on the same maschine. is it common to have a user for each service? |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Mon Feb 16, 2004 9:48 pm Post subject: Re: vsftpd: OOPS must be started as root |
|
|
| Asc wrote: | I edited the config file and changed the user = root line. I assigned a special user for the ftp daemon. but then I had the problem, that when I connected to the ftp I got a errormessage: OOOPS: vsftpd must be started as root.
Well, then I edited my /etc/passwd and changed the ftpuser line by setting the User ID = ROOT and group ID = ROOT. |
That's not possible - "ROOT" is not a User ID - it's a name.
And the wrong one, at that.
| Asc wrote: | | everything is now working fine. but I'm not really sure, if this is really the way to go. =) |
Absolutely not - what you have done is created another root user with the name ftpuser - which is an unprivileged user by default.
Very very bad idea.
| Asc wrote: | | is there another way to give root privilleges to a user? |
You shouldn't really -if vsftpd complains about that when starting up then it's probably another problem altogether.
| Asc wrote: | | I plan to run a subversion, an apache and a ftp server on the same maschine. is it common to have a user for each service? |
On Linux it is, yes - unless you run a lot of stuff through xinetd.
Almost every daemon can be configured to run as any user you want - but read the documentation on whether this is a good idea.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
Asc
n00b
Joined: 07 Feb 2004
Posts: 6
|
| Posted: Mon Feb 16, 2004 9:57 pm Post subject: |
|
|
hmm, maybe I couldn't explain clearly what I did: I changed the appropriate line of the user to this:
ftpuser:x:0:0::/home/ftpuser:/sbin/nologin
what I meant before was the 0:0 definition... first user id, second group id. don't have to explain this I suppose.
| Quote: | Absolutely not - what you have done is created another root user with the name ftpuser - which is an unprivileged user by default.
Very very bad idea. |
what do you mean by..? there is a line in vsftpd.conf where you can define nopriv_user=ftpuser (or any other user). what does this exactly mean?
thanks a lot in advance |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Tue Feb 17, 2004 10:47 am Post subject: |
|
|
| Asc wrote: | hmm, maybe I couldn't explain clearly what I did: I changed the appropriate line of the user to this:
ftpuser:x:0:0::/home/ftpuser:/sbin/nologin
what I meant before was the 0:0 definition... first user id, second group id. don't have to explain this I suppose. |
No indeedy, and I did think that was what you must have meant - but I can't look inside your head, right ?
What I said still stands - any user you assign a UID of 0 is root.
Not a good idea, then.
| Asc wrote: | | what do you mean by..? there is a line in vsftpd.conf where you can define nopriv_user=ftpuser (or any other user). what does this exactly mean? |
There are two totally different definitions of "user" in such a config:
The first one is the user that the daemon runs as, which will need root permissions to be able to change UIDs, open the network connection, access directories etc.
The second one is the user that vsftpd switches to when the privileged bits are done - when it has logged in as anonymous, for example.
Then it switches to this user for the actual connection, so you can control the permissions of anyone opening an anonymous session by setting the nopriv_user option.
In other words:
No, the two "user" options have nothing to do with each other, they are used to indicate two different things.
If you don't specify a user with sufficient privileges to start the daemon then it won't be able to do its job.
The nopriv_user is the UID that will be used to perform all non-privileged tasks.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
