On Sat, Jan 30, 2010 at 10:08:50AM +0100, Jean-Francois wrote:
> Le jeudi 28 janvier 2010 21:05:08, Robert a icrit :
> > On Thu, 28 Jan 2010 20:04:25 +0100
> >
> > Jean-Frangois SIMON <[email protected]> wrote:
> > > Hi List,
> > >
> > > I am using vsftpd as ftp daemon. I actually launch this service as
> > > root (sudo /usr/...) because this is the only way it actually starts.
> > > Is this normal way or do I miss something ?
> > > I don't see that it drops its privileges, through "top", I see it
> > > running as root.
> > >
> > > Regards
> >
> > ftp uses port 20 and 21.
> > ports below 1024 need root priviliges to bind to.
> > so yes, that is "normal".
> > sane applications that need those ports drop the root privs or
> > use different processes for different stuff, read privilege seperation.
> > vsftpd implements that.
> >
> > - Robert
> >
> Does information below teels that process did not drop privileges ? If not how
> to check this ?
>
> PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
> 1467 root 2 0 512K 1256K idle netcon 0:00 0.00% vsftpd
>
> Regards
It could drop privs the moment a connection arrives and after the fork.
If you e.g. want to change to a non-anon user you need root until that
has happened.
-Otto
