View previous topic :: View next topic |
Author |
Message |
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Sat Nov 03, 2007 10:38 am Post subject: vsftpd anonymous upload |
|
|
Анонимусы не могут загружать файлы в диру incomming.
Вот мой конфиг:
Code: | listen=YES
listen_address=172.16.23.125
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=002
anon_umask=002
file_open_mode=0777
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_delete_enable=NO
dirmessage_enable=YES
connect_from_port_20=YES
chmod_enable=NO
chown_uploads=YES
chown_username=ftpserg
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.xfer.log
vsftpd_log_file=/var/log/vsftpd.log
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=nobody
ascii_upload_enable=NO
ascii_download_enable=NO
ftpd_banner=Welcome to CrazyNetwork FTP server.
convert_charset_enable=YES
local_charset=UTF8
remote_charset=WIN1251
user_config_dir=/etc/vsftpd/vusers
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
userlist_file=/etc/vsftpd/user_list
userlist_enable=YES
userlist_deny=NO
ls_recurse_enable=NO
setproctitle_enable=YES
|
Телнечусь на фтп и пробую загрузить файл:
Code: | Trying 172.16.23.125...
Connected to 172.16.23.125.
Escape character is '^]'.
220 Welcome to CrazyNetwork FTP server.
USER anonymous
331 Please specify the password.
PASS *******
230 Login successful.
CWD incomming
250 Directory successfully changed.
PASV
227 Entering Passive Mode (172,16,23,125,98,2)
STOR mysql-5.0.18-win32.zip
500 OOPS: fchown
500 OOPS: priv_sock_get_result
Connection closed by foreign host.
|
Code: |
blackpearl ftp # ls -al
итого 4
drwxr-xr-x 5 root root 48 Окт 22 04:34 .
drwxr-xr-x 6 root root 64 Окт 22 20:54 ..
drwxrwx--- 12 ftpserg ftpwrite 4096 Окт 22 04:48 distfiles
drwxrwxrwx 2 ftpserg ftpwrite 35 Окт 24 15:06 incomming
drwxrwxr-x 8 ftpserg ftpwrite 78 Окт 24 14:56 pub |
Идеи будут?
P.S. С локальными юзерами все ок. Проблема с chown'ом файлов. Но как ее решить? o_O _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
lashzcore n00b
Joined: 07 May 2007 Posts: 15
|
Posted: Wed Nov 07, 2007 9:00 am Post subject: |
|
|
в телнет-логе видно, что проблема наступает при операции chown над сохраненнымй файлом. Попробуй в конфиге chownuploads=NO или проверь существоварине юзера "ftpserg". |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Wed Nov 07, 2007 5:53 pm Post subject: |
|
|
ftpserg существует. А chown'ить аплоадс мне нужно ) _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
calculator Apprentice
Joined: 16 Oct 2006 Posts: 183 Location: Russia, Moscow
|
Posted: Wed Nov 07, 2007 6:54 pm Post subject: |
|
|
Попробуй его руками запустить + log_ftp_protocol + syslog_enable сделать - может чего интересного скажет. |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Wed Nov 07, 2007 10:25 pm Post subject: |
|
|
Ничего интересного не сказало :/
Code: | Nov 8 00:23:25 blackpearl vsftpd: Thu Nov 8 00:23:25 2007 [pid 20489] [ftp] FTP command: Client "172.16.23.150", "STOR /incomming/addmoney.php"
Nov 8 00:23:29 blackpearl vsftpd: Thu Nov 8 00:23:29 2007 [pid 20497] CONNECT: Client "172.16.23.150"
|
Вот STOR, а дальше получаю дисконект и конекчусь снова. _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
fank l33t
Joined: 16 Oct 2004 Posts: 794 Location: Minsk, Belarus
|
Posted: Fri Nov 09, 2007 7:32 am Post subject: |
|
|
strace |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Sat Nov 10, 2007 8:35 pm Post subject: |
|
|
Code: | blackpearl home # strace /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
execve("/usr/sbin/vsftpd", ["/usr/sbin/vsftpd", "/etc/vsftpd/vsftpd.conf"], [/* 27 vars */]) = 0
brk(0) = 0x806a000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=21387, ...}) = 0
mmap2(NULL, 21387, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f5c000
close(3) = 0
open("/lib/libwrap.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\36"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=26776, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5b000
mmap2(NULL, 31740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f53000
mmap2(0xb7f59000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0xb7f59000
close(3) = 0
open("/lib/libnsl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2001\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=79544, ...}) = 0
mmap2(NULL, 92136, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f3c000
mmap2(0xb7f4f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12) = 0xb7f4f000
mmap2(0xb7f51000, 6120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f51000
close(3) = 0
open("/lib/libpam.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\31"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=38352, ...}) = 0
mmap2(NULL, 41212, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f31000
mmap2(0xb7f3a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0xb7f3a000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p\n\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9612, ...}) = 0
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f2d000
mmap2(0xb7f2f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7f2f000
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200!\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=63232, ...}) = 0
mmap2(NULL, 71880, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f1b000
mmap2(0xb7f29000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0xb7f29000
mmap2(0xb7f2b000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f2b000
close(3) = 0
open("/lib/libutil.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\n\0\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9624, ...}) = 0
mmap2(NULL, 12432, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f17000
mmap2(0xb7f19000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7f19000
close(3) = 0
open("/usr/lib/libssl.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\301\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=261956, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f16000
mmap2(NULL, 260888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ed6000
mmap2(0xb7f12000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3c) = 0xb7f12000
close(3) = 0
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\316"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0555, st_size=1335836, ...}) = 0
mmap2(NULL, 1352440, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d8b000
mmap2(0xb7ebd000, 86016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x131) = 0xb7ebd000
mmap2(0xb7ed2000, 13048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ed2000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@a\1\000"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1225368, ...}) = 0
mmap2(NULL, 1230288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c5e000
mmap2(0xb7d85000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x127) = 0xb7d85000
mmap2(0xb7d88000, 9680, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7d88000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7c5d000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7c5dae0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7d85000, 8192, PROT_READ) = 0
mprotect(0xb7ebd000, 32768, PROT_READ) = 0
mprotect(0xb7f12000, 4096, PROT_READ) = 0
mprotect(0xb7f19000, 4096, PROT_READ) = 0
mprotect(0xb7f29000, 4096, PROT_READ) = 0
mprotect(0xb7f2f000, 4096, PROT_READ) = 0
mprotect(0xb7f3a000, 4096, PROT_READ) = 0
mprotect(0xb7f4f000, 4096, PROT_READ) = 0
mprotect(0xb7f59000, 4096, PROT_READ) = 0
mprotect(0x8061000, 4096, PROT_READ) = 0
mprotect(0xb7f7d000, 4096, PROT_READ) = 0
munmap(0xb7f5c000, 21387) = 0
brk(0) = 0x806a000
brk(0x808b000) = 0x808b000
stat64("/etc/vsftpd/vsftpd.conf", {st_mode=S_IFREG|0644, st_size=4644, ...}) = 0
open("/etc/vsftpd/vsftpd.conf", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=4644, ...}) = 0
mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f5e000
mprotect(0xb7f61000, 4096, PROT_NONE) = 0
mprotect(0xb7f5e000, 4096, PROT_NONE) = 0
read(3, "#\n# Example vsftpd config file\n#"..., 4644) = 4644
mprotect(0xb7f5e000, 4096, PROT_READ) = 0
munmap(0xb7f5e000, 16384) = 0
close(3) = 0
getuid32() = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
rt_sigaction(SIGCHLD, {0x8056260, ~[RTMIN RT_1], 0}, NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0
rt_sigaction(SIGHUP, {0x8056240, ~[RTMIN RT_1], 0}, NULL, 8) = 0
bind(3, {sa_family=AF_INET, sin_port=htons(21), sin_addr=inet_addr("172.16.23.125")}, 16) = 0
listen(3, 32) = 0
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0
accept(3, {sa_family=AF_INET, sin_port=htons(60403), sin_addr=inet_addr("172.16.23.150")}, [16]) = 4
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb7c5db28) = 8378
close(4) = 0
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0
accept(3, 0xbfb9df34, [28]) = ? ERESTARTSYS (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, NULL, WNOHANG) = 8378
waitpid(-1, NULL, WNOHANG) = -1 ECHILD (No child processes)
sigreturn() = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [HUP], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, 8) = 0
accept(3, <unfinished ...> |
_________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
fank l33t
Joined: 16 Oct 2004 Posts: 794 Location: Minsk, Belarus
|
Posted: Sun Nov 11, 2007 8:18 am Post subject: |
|
|
Quote: | strace /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf |
Quote: | --- SIGCHLD (Child exited) @ 0 (0) --- |
man strace |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Mon Nov 12, 2007 10:31 am Post subject: |
|
|
ничего интересно там не нашел. Может поможешь, раз такой умный _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
fank l33t
Joined: 16 Oct 2004 Posts: 794 Location: Minsk, Belarus
|
Posted: Mon Nov 12, 2007 1:10 pm Post subject: |
|
|
Quote: | Может поможешь, раз такой умный |
тот, кто те сказал, что я умный, нагло врет
просто включи опцию -ff, а еще лучше запусти сабж, потом strace -p PID, потом воспроизводи ошибку
это я к тому, что ребенок умер, а мы этого не видим, здесь только папочкино безобразие =)
если сабж рождает дитенка полноценного с PID'ом, то за ним можно и последить |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Mon Nov 12, 2007 7:44 pm Post subject: |
|
|
Quote: | [pid 12158] fstat64(6, {st_mode=S_IFREG|0664, st_size=0, ...}) = 0
[pid 12158] fchown32(6, 1001, -1) = -1 EPERM (Operation not permitted)
[pid 12158] fcntl64(0, F_GETFL) = 0x2 (flags O_RDWR)
[pid 12158] fcntl64(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 12158] write(0, "500 OOPS: ", 10) = 10
[pid 12158] write(0, "fchown", 6) = 6
[pid 12158] write(0, "\r\n", 2) = 2
[pid 12158] exit_group(1) = ?
Process 12158 detached
[pid 12161] <... read resumed> "", 1) = 0
[pid 12161] fcntl64(0, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
[pid 12161] fcntl64(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0
[pid 12161] write(0, "500 OOPS: ", 10) = 10
[pid 12161] write(0, "priv_sock_get_result", 20) = 20
[pid 12161] write(0, "\r\n", 2) = 2
[pid 12161] exit_group(1) = ?
Process 12161 detached
<... accept resumed> 0xbfa01d94, [28]) = ? ERESTARTSYS (To be restarted)
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, NULL, WNOHANG) = 12158
waitpid(-1, NULL, WNOHANG) = -1 ECHILD (No child processes)
sigreturn() = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, [CHLD], NULL, = 0
rt_sigprocmask(SIG_BLOCK, [HUP], NULL, = 0
rt_sigprocmask(SIG_UNBLOCK, [CHLD], NULL, = 0
rt_sigprocmask(SIG_UNBLOCK, [HUP], NULL, = 0
|
_________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
fank l33t
Joined: 16 Oct 2004 Posts: 794 Location: Minsk, Belarus
|
Posted: Tue Nov 13, 2007 9:51 am Post subject: |
|
|
Quote: | chown_username=ftpserg |
а кем представлен в системе анонимус? |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Tue Nov 13, 2007 2:21 pm Post subject: |
|
|
юзером ftp судя по всему. _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
fank l33t
Joined: 16 Oct 2004 Posts: 794 Location: Minsk, Belarus
|
Posted: Tue Nov 13, 2007 4:00 pm Post subject: |
|
|
значит, насколько я понимаю, при chroot процессе смена владельца локальным юзером в принципе невозможна
Quote: | chroot_local_user=YES |
by design
возможно, стоит внимательней прочитать документацию
больше у меня мыслей нету, сорри |
|
Back to top |
|
|
calculator Apprentice
Joined: 16 Oct 2006 Posts: 183 Location: Russia, Moscow
|
Posted: Tue Nov 13, 2007 8:16 pm Post subject: |
|
|
Что то знакомое. Это поможет? |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Tue Nov 13, 2007 8:32 pm Post subject: |
|
|
fank wrote: | значит, насколько я понимаю, при chroot процессе смена владельца локальным юзером в принципе невозможна
Quote: | chroot_local_user=YES |
by design
возможно, стоит внимательней прочитать документацию
больше у меня мыслей нету, сорри |
Был переезд на новое железо. На старом все работало отлично. Все перенес, конфиг взял тоже со старого. Врятли тут что-то в конфиге.
calculator хм.. ща погуглим ) _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Tue Nov 13, 2007 9:44 pm Post subject: |
|
|
Хм... а собственно где оно в ядре находится? такого модуля у меня нет :/ _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
calculator Apprentice
Joined: 16 Oct 2006 Posts: 183 Location: Russia, Moscow
|
Posted: Tue Nov 13, 2007 9:49 pm Post subject: |
|
|
Code: | # grep -r -i capability --include Makefile /usr/src/linux/
/usr/src/linux/security/Makefile:obj-$(CONFIG_SECURITY_CAPABILITIES) += commoncap.o capability.o |
|
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Wed Nov 14, 2007 6:49 pm Post subject: |
|
|
Code: | blackpearl linux # grep SECURITY .config.my.new
CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
CONFIG_XFS_SECURITY=y
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_CAPABILITIES=m
CONFIG_SECURITY_ROOTPLUG=m
|
Code: | blackpearl ~ # modprobe capability
FATAL: Module capability not found.
|
_________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
calculator Apprentice
Joined: 16 Oct 2006 Posts: 183 Location: Russia, Moscow
|
Posted: Wed Nov 14, 2007 7:36 pm Post subject: |
|
|
Чудес то небывает:
Code: | # modinfo capability
filename: /lib/modules/2.6.23-gentoo-hg3/kernel/security/capability.ko
license: GPL
description: Standard Linux Capabilities Security Module
srcversion: E3718F19749B3CA54D735BE
depends: commoncap
vermagic: 2.6.23-gentoo-hg3 mod_unload PENTIUMIII
parm: disable:To disable capabilities module set disable = 1 (int)
# zgrep CONFIG_SECURITY_CAPABILITIES /proc/config.gz
CONFIG_SECURITY_CAPABILITIES=m |
|
|
Back to top |
|
|
serg_sk Guru
Joined: 10 Jul 2004 Posts: 315 Location: Ukraine
|
Posted: Thu Nov 15, 2007 11:17 am Post subject: |
|
|
Хм.. очень интересно, если включать
Code: | CONFIG_EXT2_FS_SECURITY=y
CONFIG_EXT3_FS_SECURITY=y
CONFIG_REISERFS_FS_SECURITY=y
CONFIG_JFS_SECURITY=y
CONFIG_XFS_SECURITY=y |
то выбирай CONFIG_SECURITY, не выбирай, а я ядро собирается без него.
Короче сделал так:
Code: | # CONFIG_EXT2_FS_SECURITY is not set
# CONFIG_EXT3_FS_SECURITY is not set
# CONFIG_REISERFS_FS_SECURITY is not set
# CONFIG_JFS_SECURITY is not set
# CONFIG_XFS_SECURITY is not set
CONFIG_SECURITY=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_SECURITY_CAPABILITIES=m
CONFIG_SECURITY_ROOTPLUG=m
# CONFIG_SECURITY_SELINUX is not set
|
Подгрузил capability, но vsftpd все равно ругается. Та же ошибка. _________________ Sorry for my bad englilsh.
irc.freenode.net #fluxbox-ru - Fluxbox russian speaking channel. |
|
Back to top |
|
|
calculator Apprentice
Joined: 16 Oct 2006 Posts: 183 Location: Russia, Moscow
|
Posted: Thu Nov 15, 2007 11:49 am Post subject: |
|
|
Пока идей больше нет |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|