# running pure-ftp as non-root user

## m.mascherpa

hi,

i've been using pureftpd for some time and i like

it a lot. it's powerful and secure.

BUT, recently i had a look at my processes owners

and i noticed pureftpd server as well as the other

threads are run as root. And there's no option

to have it switch to a lower privilege after binding

the port.

does anyone know any fast way to fix this?

i can imagine solution to this but they're all very

hacky and not elegant...  :Smile: 

----------

## bsolar

Ciao,

credo puoi risolvere la cosa editando /etc/init.d/pure-ftpd.

Aggiungi a 'start-stop-daemon' l'opzione '-c' (o '--chuid') e specifica l'username.

Inoltre

```
man start-stop-daemon
```

potrebbe interessarti.

----------

## darktux

 *bsolar wrote:*   

> Ciao,
> 
> credo puoi risolvere la cosa editando /etc/init.d/pure-ftpd.
> 
> Aggiungi a 'start-stop-daemon' l'opzione '-c' (o '--chuid') e specifica l'username.
> ...

 

You should've replyed in english so that when someone asks the same question, already has the answear..   :Rolling Eyes: 

----------

## bsolar

 *darktux wrote:*   

>  *bsolar wrote:*   Ciao,
> 
> credo puoi risolvere la cosa editando /etc/init.d/pure-ftpd.
> 
> Aggiungi a 'start-stop-daemon' l'opzione '-c' (o '--chuid') e specifica l'username.
> ...

 

Yeah I'm sorry...

btw have you tried? I'm trying but I cannot get it work... I'm investigating...   :Evil or Very Mad: 

----------

## darktux

I understood your reply, but haven't tried it yet, I'll probably go through that tomorrow.

----------

## m.mascherpa

thanks bsolar, but this is one of the options i already though

about, and it's unfeasible because the ftp daemon needs to

be started with root privileges to open the privileged port 21.

so i can't start it in the way you suggested.

actually i can't think of any way that doesn't involve

editing the source code...  :Sad:   :Sad:   :Sad: 

----------

## darktux

Yhea, you always have to use root to open low ports, but the processes can later on be spawned to unpriveliged users, just like Apache, or qmail, or proftpd, or.......... You got the   :Idea: 

I guess we will just have to wait for more news from pureftpd I guess..

----------

## bsolar

From the PureFTPD README:

```
   ------------------------ PRIVILEGE SEPARATION ------------------------

When privilege separation is enabled, each session will spawn two processes :

a "privileged" process running as root, but that can only do very basic

and trusted actions (binding a port and remove the ftpwho scoreboard), and

the "client" process. The "client" process definitely revokes all privileges

after authentication and chroot(), and punctually communicates with the

parent over a private channel.

Privilege separation decreases performance of loaded servers, but it

increases theorical security.

Some old broken operating systems may allow the ptrace() system call

on processes that revoked privileges. On these platforms, enabling

privilege separation is a bad idea if untrusted users also have shell

access. Use the src/ptracetest program to check this. At least

Solaris, MicroBSD, OpenBSD, FreeBSD and Linux are known to be safe.
```

----------

## darktux

Cool   :Cool: 

----------

## bsolar

 *darktux wrote:*   

> Cool  

 

Yeah, but how?   :Shocked: 

----------

## m.mascherpa

oh my...

and i thought i'd read the whole README...

sorry for asking.

besides, i found this words that might be VERY interesting

in my case:

 *Quote:*   

> 
> 
> On Linux systems, you will notice that the server is always running as root.
> 
> This is intentional, and more secure that servers who are changing their
> ...

 

so it turns out that pureftpd works the same way apache does,

as darktux was pointing out.

thanks guys  :Smile: 

----------

## bsolar

Something I didn't know, so that wasn't useless at all.  :Cool: 

Btw. this was introducted in the last version and the developers are doing a major reimplementation oriented to the new feature.

We'll see...  :Rolling Eyes: 

----------

## meetra

--with-privsep

enable privilege separation.

add this line to the ebuild you like, or just ./configure --with-privsep (and the other options).

----------

## m.mascherpa

 *meetra wrote:*   

> --with-privsep
> 
> enable privilege separation.
> 
> add this line to the ebuild you like, or just ./configure --with-privsep (and the other options).

 

yep.

--with-everything doesn't include this feature,

we must activate it manually.

maybe it's the case to notice the ebuild mantainer

to include this option, maybe with an ebuild-spcific

USE flag or something.  :Smile: 

----------

## darktux

 *mush wrote:*   

>  *meetra wrote:*   --with-privsep
> 
> enable privilege separation.
> 
> add this line to the ebuild you like, or just ./configure --with-privsep (and the other options). 
> ...

 

Yhea! USE="security-please" emerge pure-ftpd   :Wink: 

----------

