The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

some info about pure-ftpd

Discussion in 'General Discussion' started by manokiss, Jul 3, 2005.

  1. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    Wondering if someone with some experience with pure-ftpd can clarify some things...

    I swicthed from pro to pure and some odd things are going on.....

    When i create an account it continue adding it on /etc/proftpd/username directory, wondering what is the relation between this directory and pureftpd, thats not the proftd dir?

    If i limit the ftp account quota and then i wanna change the value it keeping the same value, it not updating it, and if then i try delete the ftp account it deleting it but the quota bar continue there and with an odd username or numbers as the account name in the side of the bar.

    Any help on understand these odd things will be appreciated.

    Thank you in advance!
     
  2. eos1

    eos1 Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    http://bugzilla.cpanel.net/show_bug.cgi?id=1899
    hope this help... :)

    You need to clear the "ftpquota" file manually.
     
    #2 eos1, Jul 3, 2005
    Last edited: Jul 3, 2005
  3. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    ok, i know that but no make sense tell to the clients they must login and remove the file manualy because the control panel is buggy. Hope cpanel guys resolve it soon, i also added a note on a bugzila there:

    http://bugzilla.cpanel.net/show_bug.cgi?id=2389

    Thank you!
     
  4. manokiss

    manokiss Well-Known Member

    Joined:
    Mar 31, 2002
    Messages:
    571
    Likes Received:
    0
    Trophy Points:
    16
    I just saw the warning message in my WHm to switch to pure-ftpd.
    What is supposted we will do? switch to the bugy pure-ftpd? they fixed all the quota issues with it?

    ty!
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You either switch to pure-ftpd or stay with proftpd and run the risk of your server sufferring a root compromise - the choice seems simple.
     
  6. jbowers

    jbowers Registered
    PartnerNOC

    Joined:
    Nov 19, 2004
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    pure-ftp vuln

    If you won't release any information on the vulnerability so we know why we should switch, can you at least fix your scripts to switch FTP servers?
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    As has already been mentioned in other threads - if switching does not work, log a ticket with cPanel.
     
  8. Tina

    Tina Well-Known Member

    Joined:
    Jan 27, 2003
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Where is the ftpquota file

    Hi I am having a similar issue, where is the ftpquota file and how do you clear it. I checked the above link, a file location is not specified and how to clear it is not specified. I checked /etc and /scripts. Don't know where else to look. Thank you.
     
    #8 Tina, Jul 28, 2005
    Last edited: Jul 28, 2005
  9. eos1

    eos1 Well-Known Member

    Joined:
    Mar 11, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Nick stated "resolved in edge" on July 19th.
    I didn't confirm if it's fix or not...

    ftpquota file locates in every user's etc directory.
    /home/users/etc/ftpquota

    to clear it:
    just empty the file through SSH or FTP.
     
  10. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    Where exactly can I find evidence of this?

    I just love it when people say "its broken" but won't tell you why or how.

    I have seen no security issue release from proftp, if there is a problem they should know immediately.
    http://www.proftpd.org/

    I find it hard to make the switch without propper reason and explanation of issue. Though the Cpanel people say "Please note that all released versions of proftpd are belived to be affected and the exact problem is not yet known."

    So, either I stay with a fully working and seemingly just fine proFTPd, or I switch to pureftp and start having stupid things from customers like "why can I see all these hidden files?" or "how come I can't download my backup?" or my favorite pureFTP question "pureFTP sucks! Why aren't you using proFTPD?"

    I would really like an explaination, or make that stupid warning go away until it means something. Stop crying wolf until you can show that there is one.

    My $0.02
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    cPanel have made their position clear enough regarding this in this thread:
    http://forums.cpanel.net/showthread.php?t=41521

    If you need more information, you're only likely to get it (if at all) by contacting cPanel. If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being.
     
  12. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    But this statement:

    "If you want to risk your own server and customers, that's your choice, but to err on the side of caution the recommendation is to move to pure-ftpd, at least for the time being."

    Is like saying:

    "OJ is guilty, you just have to take my word for it"

    No judge or jury would convict on a statement like that, so right now, CPanel is sorta looking bad you know? You simply need to provide more evidence before making such a conviction.

    Sorry, but thats how I feel about it every time I log in to WHM and see that banner with no information to support it. :cool:
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, it's not saying that at all. If that were the case, they would have forced you to move to pure-ftpd, which they have not.

    As I have said, if you want to take this further you should take it up with cPanel.
     
  14. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    203
    Likes Received:
    1
    Trophy Points:
    16
    No problem man ;) Thanks for your input ;)

    We had 5 testers go over 13 boxes and couldn't gain root even knowing the tricks to get it.

    Though 8 out of 13 servers don't have Cpanel on them...

    I'm going to just ignore it, and when someone actually gains root on a box, we'll report back with some data and evidence to support Cpanel ;)

    I love proFTPd and have been using it forever it seems...and am an avid supporter of there product.

    I guess what really gets me is how it seems so biased in the Cpanel interface where you choose an FTP server the way its layed out, its like this is the final step to get people to use it.

    Anyways, thanks again man~
     
  15. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    OJ is guilty ..we all know that ..but let's say no one knew for sure. Would you let your 25 year old daughter party and hang out with him without warning her who he was and what he might be capable of? That's all cPanel is doing is telling people they have reason to believe that ProFTPD has a security flaw. They provide an easy solution to an alternative that does not seem to have the same issue. It's your choice what you want to do.
     
Loading...

Share This Page