LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-15-2003, 03:20 AM   #1
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
vsftpd : process running as user nobody left after login ?


I just configured a vsftpd server, what looks a bit weird from my point of view is that if nobody has logged in we just have 1 process (= correct if not run through xinetd). But after logging in we have 3 processes.

During login:
root 22458 0.0 0.0 1548 352 pts/0 S 10:04 0:00 /server/ftp/sbin/vsftpd
root 17026 0.0 0.0 1548 464 ? S 10:17 0:00 /server/ftp/sbin/vsftpd
nobody 30035 0.0 0.1 1604 556 ? S 10:17 0:00 /server/ftp/sbin/vsftpd


After the login (username = markus):
root 22458 0.0 0.0 1548 352 pts/0 S 10:04 0:00 /server/ftp/sbin/vsftpd
nobody 17026 0.0 0.1 1604 576 ? S 10:17 0:00 /server/ftp/sbin/vsftpd
markus 13446 0.0 0.1 1616 596 ? S 10:17 0:00 /server/ftp/sbin/vsftpd


What's the nobody process for ?


My vsftpd.conf:
Code:
anonymous_enable=NO
async_abor_enable=YES
check_shell=NO
chroot_list_enable=YES
chroot_local_user=YES
connect_from_port_20=YES
hide_ids=YES
listen=YES
local_enable=YES
passwd_chroot_enable=YES
use_localtime=YES
write_enable=YES
xferlog_enable=YES
xferlog_std_format=YES


local_umask=027
local_max_rate=262144
max_per_ip=1
pasv_max_port=65535
pasv_min_port=64000


chroot_list_file=/etc/vsftpd.not_chrooted
ftpd_banner=Example FTP!
user_config_dir=/etc/vsftpd.user-configurations
xferlog_file=/var/log/xferlog
 
Old 01-15-2003, 06:19 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,988
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
lsof/strace -p $(pidof vsftpd|grep nobody|cut -d " "-f 2)?
 
Old 01-18-2003, 07:07 AM   #3
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
[root@testserver root]# ps auxw | grep vsftpd
root 16018 0.0 0.0 1548 352 ? S Jan17 0:00
/server/ftp/sbin/vsftpd
nobody 8361 0.0 0.1 1604 576 ? S 14:04 0:00
/server/ftp/sbin/vsftpd
markus 28540 0.0 0.1 1640 640 ? S 14:04 0:00
/server/ftp/sbin/vsftpd


[root@testserver root]# lsof -p 8361
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
vsftpd 8361 nobody cwd DIR 8,2 4096 98435 /usr/share/empty
vsftpd 8361 nobody rtd DIR 8,2 4096 98435 /usr/share/empty
vsftpd 8361 nobody txt REG 8,8 65964 257538
/server/ftp/sbin/vsftpd
vsftpd 8361 nobody mem REG 8,2 87341 180289
/lib/ld-2.2.93.so
vsftpd 8361 nobody mem REG 8,2 22351 180300
/lib/libcrypt-2.2.93.so
vsftpd 8361 nobody mem REG 8,2 1395734 180283
/lib/i686/libc-2.2.93.so
vsftpd 8361 nobody mem REG 8,2 42657 180322
/lib/libnss_files-2.2.93.so
vsftpd 8361 nobody 0u IPv4 53574 TCP
localhost:ftp->localhost:36958 (ESTABLISHED)
vsftpd 8361 nobody 1u IPv4 53574 TCP
localhost:ftp->localhost:36958 (ESTABLISHED)
vsftpd 8361 nobody 2u IPv4 53574 TCP
localhost:ftp->localhost:36958 (ESTABLISHED)
vsftpd 8361 nobody 3w REG 8,3 0 29291 /var/log/xferlog
vsftpd 8361 nobody 4u unix 0xddf8c9e0 72617 socket
vsftpd 8361 nobody 5u unix 0xddf8c3e0 72618 socket
 
Old 01-18-2003, 07:11 AM   #4
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Original Poster
Rep: Reputation: 46
Okay I thought the nobody process would do the logging for ALL, etc ... but look at this:


root 16018 0.0 0.0 1548 352 ? S Jan17 0:00
/server/ftp/sbin/vsftpd
nobody 2595 0.0 0.1 1604 576 ? S 14:09 0:00
/server/ftp/sbin/vsftpd
markus 18562 0.0 0.1 1640 640 ? S 14:09 0:00
/server/ftp/sbin/vsftpd
nobody 15821 0.0 0.1 1604 576 ? S 14:09 0:00
/server/ftp/sbin/vsftpd
markus 12756 0.0 0.1 1640 640 ? S 14:09 0:00
/server/ftp/sbin/vsftpd


Looks like for EACH ftp connection there will be 1 NOBODY process running ...
 
Old 01-18-2003, 02:49 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,988
Blog Entries: 54

Rep: Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743Reputation: 2743
Hmm. vsftpd-1.1.3/SECURITY/DESIGN from line 40 down handles about process separation.

From oneprocess.c:
* Code for the "one process" security model. The one process security model
* is born for the purposes of raw speed at the expense of compromising the
* purity of the security model.
* The one process model will typically be disabled, for security reasons.
* Only sites with huge numbers of concurrent users are likely to feel the
* pain of two processes per session.
*/

So. Uh. It's good? :-]

Seriously, if you want to see the capabilities of those processes, move over to the Apache thread. I'll show an extremely lame way to show what caps a process has :-]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Running Scripts at User Login? Setheck Linux - Software 6 09-27-2004 10:24 AM
Xwindows kicks back to login when left alone Wolfy Linux - Newbie 1 07-03-2004 04:58 AM
Unable to login as local user with vsftpd running on the server kairamr Linux - Newbie 1 06-09-2004 02:25 PM
Running a script at user login? brucebearau Debian 1 01-19-2004 04:28 AM
VSFTPD virtual user login using pam.d problem exalik Linux - Networking 3 11-07-2003 04:29 PM


All times are GMT -5. The time now is 10:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration