Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authentication file permissions are too open #36

Open
TJM opened this issue Jan 5, 2017 · 1 comment
Open

authentication file permissions are too open #36

TJM opened this issue Jan 5, 2017 · 1 comment

Comments

@TJM
Copy link

TJM commented Jan 5, 2017

A puppet run fails with:

Error: /Stage[main]/Proftpd::Service/Service[proftpd]: Failed to call refresh: Could not restart Service[proftpd]: Execution of '/bin/systemctl restart proftpd' returned 1: Job for proftpd.service failed because the control process exited with error code. See "systemctl status proftpd.service" and "journalctl -xe" for details.
Error: /Stage[main]/Proftpd::Service/Service[proftpd]: Could not restart Service[proftpd]: Execution of '/bin/systemctl restart proftpd' returned 1: Job for proftpd.service failed because the control process exited with error code. See "systemctl status proftpd.service" and "journalctl -xe" for details.

The status output is:

Jan 05 19:43:44 host.domain.com systemd[1]: Starting ProFTPD FTP Server...
Jan 05 19:43:44 host.domain.com proftpd[7716]: 2017-01-05 19:43:44,243 host.domain.com proftpd[7716]: processing configuration directory '/etc/proftpd/sites.d'
Jan 05 19:43:44 host.domain.com proftpd[7716]: 2017-01-05 19:43:44,244 host.domain.com proftpd[7716]: mod_auth_file/1.0: unable to use world-readable AuthUserFile '/etc/proftpd/users.d/0.0.0.0_22.passwd' (perms 0644): Operation not permitted
Jan 05 19:43:44 host.domain.com proftpd[7716]: 2017-01-05 19:43:44,244 host.domain.com proftpd[7716]: fatal: AuthUserFile: unable to use /etc/proftpd/users.d/0.0.0.0_22.passwd: Operation not permitted on line 6 of '/etc/proftpd/users.d/0.0.0.0_22.conf'
Jan 05 19:43:44 host.domain.com systemd[1]: proftpd.service: control process exited, code=exited status=1
Jan 05 19:43:44 host.domain.com systemd[1]: Failed to start ProFTPD FTP Server.
Jan 05 19:43:44 host.domain.com systemd[1]: Unit proftpd.service entered failed state.
Jan 05 19:43:44 host.domain.com systemd[1]: proftpd.service failed.

This should simply be a change of permissions on the passwd and group files.
TJM pushed a commit to LarkIT/puppet-proftpd that referenced this issue Jan 5, 2017
Issue cegeka#36 - further updates to permissions and default logdir
c115575
@TJM
Copy link
Author

TJM commented Jan 6, 2017

As noted in my PR, I created another branch that fixed more than just these specific file permissions. Several changes were needed for CentOS 7. I also added the ability to have "server" managed SSH keys (rather than having them be accessible to the users) and to force publickey authentication. https://github.com/TJM/puppet-proftpd/tree/centos7 ... I realize its not generally a good thing to have a bunch of changes in one PR, but they were all kindof needed together for our deployment. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TJM