debian-sf-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Debian-sf-devel] [Patch #274] Chroot removed and anonftp fix


From: nobody
Subject: [Debian-sf-devel] [Patch #274] Chroot removed and anonftp fix
Date: Wed, 24 Apr 2002 12:59:00 -0400

Patch #274 has been updated. 

Project: 
Category: None
Status: Postponed
Summary: Chroot removed and anonftp fix

Follow-Ups:

Date: 2002-Apr-23 01:20
By: osvaldsson

Comment:
Removed all Chroot stuff.

Removed download dir and fixed that into the anonftp dir so that the project 
files could both be downloaded through ftp and http.
I also fixed the anon-ftp login.

I put the cvsroot as /cvsroot as changing that means a lot more recoding and 
text editing, if that is to be then it has to be a sepperate phase.

I also removed hardcoded paths where I could in the code I was editing.


-------------------------------------------------------

Date: 2002-Apr-23 19:03
By: ru2def

Comment:
please elaborate the reason for this patch ... i'm not seeing why this would be 
beneficial? (not that i really have any say in the package, i'm just trying to 
understand :) ... the chroot'd envrionment allows for greater security of your 
user accounts, the FTP server (can't get to system files), etc... also makes it 
easy to put all SF user accounts on their own partition, or separate 
partitions, without mucking about in /home (which is more for *local* users) 
... also makes offsite backup more convenient (just tar up the chroot space) ...
-------------------------------------------------------

Date: 2002-Apr-23 21:45
By: osvaldsson

Comment:
This patch was submited after a discussion with the maintainers.

The ftp server is still chrooted.
The current setup breaks the CVS access and the anonftp didn't point at 
anything at all.
The only thing the current setup did was chroot the anoncvs access, and has 
seperate upload dirs for each user, I don't think that is necesary and having 
all users upload to a common upload dir (unable to change files, just upload) 
wich is btw. in its own chroot within proftpd like the anonftp doesn't affect 
security at all.

Did you look at the patch at all?


-------------------------------------------------------

Date: 2002-Apr-24 18:59
By: lo-lan-do

Comment:
I'm going to postpone this patch for now, for two reasons:

- first, this patch is not compliant with the Debian Policy 
(http://www.debian.org/doc/debian-policy/), in particular Section 10.1 (I'm 
referring to the /cvsroot directory).  Changing the CVS repository location to 
/var/lib/sourceforge/cvsroot could do the trick, but then there's the 
documentation to update in www/cvs/index.php.

- second, there's no upgrade path.  That's something we absolutely must 
provide: a newer package must be able to install over an older package so that 
the older one is "mutated" into the newer one.  In particular, I'm thinking of 
moving the users' homes and the CVS repositories.

I will try to fix these issues, but it you happen to do it before I can manage 
to, then I'll apply an updated patch.  Be aware that I won't apply this patch 
"as is".
-------------------------------------------------------

-------------------------------------------------------
For more info, visit:

http://savannah.gnu.org/patch/?func=detailpatch&patch_id=274&group_id=259



reply via email to

[Prev in Thread] Current Thread [Next in Thread]