some info about pure-ftpd

**manokiss** · 07-03-2005 04:10 PM

Wondering if someone with some experience with pure-ftpd can clarify some things...

I swicthed from pro to pure and some odd things are going on.....

When i create an account it continue adding it on /etc/proftpd/username directory, wondering what is the relation between this directory and pureftpd, thats not the proftd dir?

If i limit the ftp account quota and then i wanna change the value it keeping the same value, it not updating it, and if then i try delete the ftp account it deleting it but the quota bar continue there and with an odd username or numbers as the account name in the side of the bar.

Any help on understand these odd things will be appreciated.

Thank you in advance!

**eos1** · 07-03-2005 04:26 PM

Originally Posted by manokiss

Wondering if someone with some experience with pure-ftpd can clarify some things...

I swicthed from pro to pure and some odd things are going on.....

When i create an account it continue adding it on /etc/proftpd/username directory, wondering what is the relation between this directory and pureftpd, thats not the proftd dir?

If i limit the ftp account quota and then i wanna change the value it keeping the same value, it not updating it, and if then i try delete the ftp account it deleting it but the quota bar continue there and with an odd username or numbers as the account name in the side of the bar.

Any help on understand these odd things will be appreciated.

Thank you in advance!

http://bugzilla.cpanel.net/show_bug.cgi?id=1899
hope this help...

You need to clear the "ftpquota" file manually.

**manokiss** · 07-03-2005 05:19 PM

ok, i know that but no make sense tell to the clients they must login and remove the file manualy because the control panel is buggy. Hope cpanel guys resolve it soon, i also added a note on a bugzila there:

http://bugzilla.cpanel.net/show_bug.cgi?id=2389

Thank you!

**manokiss** · 07-19-2005 01:53 PM

I just saw the warning message in my WHm to switch to pure-ftpd.
What is supposted we will do? switch to the bugy pure-ftpd? they fixed all the quota issues with it?

ty!

**chirpy** · 07-20-2005 04:08 AM

You either switch to pure-ftpd or stay with proftpd and run the risk of your server sufferring a root compromise - the choice seems simple.

**jbowers** · 07-22-2005 05:05 AM

If you won't release any information on the vulnerability so we know why we should switch, can you at least fix your scripts to switch FTP servers?

**chirpy** · 07-22-2005 05:10 AM

As has already been mentioned in other threads - if switching does not work, log a ticket with cPanel.

**Tina** · 07-28-2005 10:25 PM

Hi I am having a similar issue, where is the ftpquota file and how do you clear it. I checked the above link, a file location is not specified and how to clear it is not specified. I checked /etc and /scripts. Don't know where else to look. Thank you.

**eos1** · 07-29-2005 01:36 AM

Originally Posted by Tina

Hi I am having a similar issue, where is the ftpquota file and how do you clear it. I checked the above link, a file location is not specified and how to clear it is not specified. I checked /etc and /scripts. Don't know where else to look. Thank you.

Nick stated "resolved in edge" on July 19th.
I didn't confirm if it's fix or not...

ftpquota file locates in every user's etc directory.
/home/users/etc/ftpquota

to clear it:
just empty the file through SSH or FTP.

**djmerlyn** · 08-01-2005 03:12 PM

Originally Posted by chirpy

You either switch to pure-ftpd or stay with proftpd and run the risk of your server sufferring a root compromise - the choice seems simple.

Where exactly can I find evidence of this?

I just love it when people say "its broken" but won't tell you why or how.

I have seen no security issue release from proftp, if there is a problem they should know immediately.
http://www.proftpd.org/

I find it hard to make the switch without propper reason and explanation of issue. Though the Cpanel people say "Please note that all released versions of proftpd are belived to be affected and the exact problem is not yet known."

So, either I stay with a fully working and seemingly just fine proFTPd, or I switch to pureftp and start having stupid things from customers like "why can I see all these hidden files?" or "how come I can't download my backup?" or my favorite pureFTP question "pureFTP sucks! Why aren't you using proFTPD?"

I would really like an explaination, or make that stupid warning go away until it means something. Stop crying wolf until you can show that there is one.

My $0.02

**chirpy** · 08-01-2005 04:16 PM

cPanel have made their position clear enough regarding this in this thread:
http://forums.cpanel.net/showthread.php?t=41521

If you need more information, you're only likely to get it (if at all) by contacting cPanel. If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being.

**djmerlyn** · 08-01-2005 04:53 PM

Originally Posted by chirpy

cPanel have made their position clear enough regarding this in this thread:
http://forums.cpanel.net/showthread.php?t=41521

If you need more information, you're only likely to get it (if at all) by contacting cPanel. If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being.

But this statement:

"If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being."

Is like saying:

"OJ is guilty, you just have to take my word for it"

No judge or jury would convict on a statement like that, so right now, CPanel is sorta looking bad you know? You simply need to provide more evidence before making such a conviction.

Sorry, but thats how I feel about it every time I log in to WHM and see that banner with no information to support it.

**chirpy** · 08-01-2005 04:56 PM

No, it's not saying that at all. If that were the case, they would have forced you to move to pure-ftpd, which they have not.

As I have said, if you want to take this further you should take it up with cPanel.

**djmerlyn** · 08-01-2005 05:02 PM

No problem man

Thanks for your input

We had 5 testers go over 13 boxes and couldn't gain root even knowing the tricks to get it.

Though 8 out of 13 servers don't have Cpanel on them...

I'm going to just ignore it, and when someone actually gains root on a box, we'll report back with some data and evidence to support Cpanel

I love proFTPd and have been using it forever it seems...and am an avid supporter of there product.

I guess what really gets me is how it seems so biased in the Cpanel interface where you choose an FTP server the way its layed out, its like this is the final step to get people to use it.

Anyways, thanks again man~

**rpmws** · 08-01-2005 07:54 PM

Originally Posted by djmerlyn

But this statement:

"If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being."

Is like saying:

"OJ is guilty, you just have to take my word for it"

No judge or jury would convict on a statement like that, so right now, CPanel is sorta looking bad you know? You simply need to provide more evidence before making such a conviction.

Sorry, but thats how I feel about it every time I log in to WHM and see that banner with no information to support it.

OJ is guilty ..we all know that ..but let's say no one knew for sure. Would you let your 25 year old daughter party and hang out with him without warning her who he was and what he might be capable of? That's all cPanel is doing is telling people they have reason to believe that ProFTPD has a security flaw. They provide an easy solution to an alternative that does not seem to have the same issue. It's your choice what you want to do.

LinkBack

Thread Tools