diff --git a/ChangeLog b/ChangeLog index 93f2ffc5..3454a14d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2013-06-11 Mats Erik Andersson + + * paths (PATH_NOLOGIN): Change default value to + `/etc/nologin' for best portability. + * README: Add some observations on hard-coded + file locations. + 2013-06-11 Mats Erik Andersson ftpd: Erroneous access check. diff --git a/README b/README index 920183f9..fad16339 100644 --- a/README +++ b/README @@ -12,6 +12,7 @@ distribution, and rules to find values for them. To change a path PATH_FOO, you may either tell configure, by using `--with-path-foo=VALUE' (where VALUE may contain references to make variables such as `$(bindir)'), or edit the `paths' file. +See further below for some important cases. If you wish to build only the clients or only the servers, you may wish to use the --disable-servers or --disable-clients options when @@ -30,9 +31,9 @@ also does not have a complete list of whois servers; feel free to send information about additional whois servers to the bug reporting address. -Notes: +Notes on setuid-executables: -1) All of the r* client commands, 'rcp', 'rlogin', 'rsh', used to + - All of the r* client commands, 'rcp', 'rlogin', 'rsh', used to need to be installed as setuid root to work correctly, since they use privileged ports for communication. However, some modern operating systems now offer capabilities that avoid @@ -40,11 +41,47 @@ Notes: our present code. CAP_NET_BIND_SERVICE and PRIV_NET_PRIVADDR are relevant for the above three programs. -2) Similarly, 'ping', 'ping6', and 'traceroute', used to depend + - Similarly, 'ping', 'ping6', and 'traceroute', used to depend on setuid installation, but also these are now content with capabilities like CAP_NET_RAW, PRIV_NET_ICMPACCESS, and PRIV_NET_RAWACCESS. +Notes on hard-coded file locations: + + - Some of the buildable executables depend critically on + hard-coded file locations for correct execution. The most + important, where care is needed, are highlighted below. + + - `ftpd' needs access to several configuration files, in order + that all use cases be covered. Both of PATH_FTPCHROOT and + PATH_FTPWELCOME are normally positioned correctly in sysconfdir + by default, whereas PATH_FTPUSERS usually is desired to state + `/etc/ftpusers', but not all systems manage this. Particular + care should be given to PATH_FTPLOGINMESG, since it defaults + to `/etc/motd', which cannot be claimed as universally ideal. + A sensible counter measure could be + + ./configure --with-path-ftploginmesg='$(sysconfdir)/ftpmotd' + + This would, however, complicate matter for chrooted users, + so a minor variation on the default could be preferable: + + ./configure --with-path-ftploginmesg=/etc/ftpmotd + + Finally, the fall-back value `/etc/nologin' for PATH_NOLOGIN + is in effect for every systems lacking , but this + sets the most plausible location in any case. + + - `rcp' relies on PATH_RSH for proper hand-over. Use the + configuration switch `--with-path-rsh=VALUE' for overriding + the detected value. It should point to the intended location + of `rsh', particularly when built with Kerberos support. + + - Similarily, `rsh' needs PATH_RLOGIN to locate `rlogin' for + correct delegation. The switch `--with-path-rlogin=VALUE' + may come handy to ensure that `rsh' as well as `rlogin' + offer identical Kerberos support. + Some known deficiencies: - Non-Shishi Kerberos support does not build. Patches welcome. diff --git a/paths b/paths index 70c0f578..88cca1ae 100644 --- a/paths +++ b/paths @@ -94,7 +94,7 @@ PATH_LOGCONF $(sysconfdir)/syslog.conf PATH_LOGCONFD $(sysconfdir)/syslog.d PATH_LOGIN x $(bindir)/login search:login PATH_LOGPID $(localstatedir)/run/syslog.pid -PATH_NOLOGIN $(sysconfdir)/nologin +PATH_NOLOGIN /etc/nologin PATH_RLOGIN x $(bindir)/rlogin PATH_RSH x $(bindir)/rsh PATH_TMP d /tmp/