HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   pure-ftpd process problem (http://www.howtoforge.com/forums/showthread.php?t=47707)

Trashi 2nd August 2010 18:17

pure-ftpd process problem
 
Hello.

I have small questions about the division of processes of pure-ftpd-mysql. I did use this tutorial partly.
My pure runs on a debian box as a stand-alone server.

Code:

root@server:/# top | grep pure
32132 root      16  0  7416  776  412 S    0  0.0  0:00.00 pure-ftpd

All users are in my mysql database available. I set a MYSQLDefaultUID/GID (pure,ftp) for all virtual users... root is _not_ able to login!
If I connect with any (virtual)user to pure I can watch the following:

Code:

root@vs241011:/etc# ps afuxww | grep pure
root    32132  0.0  0.0  7416  776 ?        Ss  11:23  0:00 pure-ftpd (SERVER)
pure    26096  0.0  0.0  7464  1728 ?        S    11:38  0:00  \_ pure-ftpd (IDLE)
root    26097  0.0  0.0  7424  532 ?        S    11:38  0:00      \_ pure-ftpd (PRIV)

You can find my pure-ftpd.conf here: http://pastebin.com/sYu4S44r
And my pure-ftpd_mysql.conf: http://pastebin.com/zJRLKYLJ

I hope someone knows what the second root user is doing there and why it is subordinated user pure, because I didnt find documentations or s.th. like this about the pure processes!?

Regards, Trashi.

dtonhofer 2nd July 2013 20:13

Solved! :)

From the pure-ftpd README
Quote:

------------------------ PRIVILEGE SEPARATION ------------------------

When privilege separation is enabled, each session will spawn two processes :
a "privileged" process running as root, but that can only do very basic
and trusted actions (binding a port and remove the ftpwho scoreboard) and
the "client" process. The "client" process definitely revokes all privileges
after authentication and chroot() and punctually communicates with the
parent over a private channel.

Privilege separation decreases performance of loaded servers, but it
increases security and reliability. Enabling it is recommended.


All times are GMT +2. The time now is 04:12.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.