Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 258735 - net-ftp/proftpd 1.3.2_rc2-r2: Problem with Global DenyAll Rule Filter.
Summary: net-ftp/proftpd 1.3.2_rc2-r2: Problem with Global DenyAll Rule Filter.
Status: RESOLVED DUPLICATE of bug 258730
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: x86 Linux
: High major (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-12 14:40 UTC by Andreas Schaller
Modified: 2009-02-12 18:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schaller 2009-02-12 14:40:20 UTC 
Recently i made an update of Proftpd from release 1.3.1 to release 1.3.2_rc2-r2. Everything worked fine, like emerging, starting & stopping the Service. 
We made a Global Rule to first DenyAll Command and afterwards Allow Specific Commands for each Directory on its own.
After 2 Days a collegue of mine found out that he can´t send a few commands like "PWD or RMDIR" but they are Permittet on the given Directory.
Somehow i don´t know why, this Rule does not work Correctly anymore.

I´ve created a rule like the following for testing:

# Disable all ftp commands
<Limit ALL>
 DenyAll
</Limit>

# Enable cd, ls, rename and pwd
<Limit CDUP PWD CWD LIST NLST RNFR RNTO TYPE
  AllowAll
</Limit>

# Enable put and mkdir
<Directory /ftp/test>
 <Limit STOR STOU RETR DELE PWD RMD>
 AllowAll
 </Limit>
</Directory>

As you can the Directory /ftp/test allows PWD, RMDIR, DELETE and so on but not MKDIR.
The strange thing no is, if i connect via FTP and i want to create a SubDirectory in the /ftp/test directory it is possible. 
If i send a PWD i get Permission Denied.

I also tried to change the Config to AllowAll Command at the Beginning and afterwards Deny every Command i don´t need for the specific Directory but the same Thing here.

Any help would be greatly appreciatet.

Thanks in advance and Regards,
Andreas S.

Reproducible: Always

Steps to Reproduce:
1. emerge latest Proftpd release 1.3.2_rc2-r2
2. setup the Config like i mentioned in the Description before
3. run a Test

Actual Results:  
Commands which shouldn´t work are working and some that should work stopped Working.

Expected Results:  
Work correctly and allow only those Commands i Permit.

Output from: metadata.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<herd>net-ftp</herd>
<maintainer>
        <email>chtekk@gentoo.org</email>
        <name>Luca Longinotti</name>
</maintainer>
<longdescription>ProFTPD grew out of the desire to have a secure and
configurable FTP server, and out of a significant admiration of the Apache web
server.</longdescription>
<use>
        <flag name='authfile'>Enable support for the auth-file module</flag>
        <flag name='ban'>Enable support for the mod_ban module</flag>
        <flag name='case'>Enable support for the mod_case module</flag>
        <flag name='deflate'>Enable support for the mod_deflate module</flag>
        <flag name='ifsession'>Enable support for the ifsession module</flag>
        <flag name='noauthunix'>Disable support for the auth-unix module</flag>
        <flag name='opensslcrypt'>Enable support for OpenSSL crypto</flag>
        <flag name='rewrite'>Enable support for the rewrite module</flag>
        <flag name='shaper'>Enable support for the mod_shaper module</flag>
        <flag name='sitemisc'>Enable support for the sitemisc module</flag>
        <flag name='softquota'>Enable support for the quotatab module</flag>
        <flag name='vroot'>Enable support for the virtual root module</flag>
</use>
</pkgmetadata>
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2009-02-12 18:08:41 UTC 

*** This bug has been marked as a duplicate of bug 258730 ***