|
vsftpd : process running as user nobody left after login ?
I just configured a vsftpd server, what looks a bit weird from my point of view is that if nobody has logged in we just have 1 process (= correct if not run through xinetd). But after logging in we have 3 processes.
During login: root 22458 0.0 0.0 1548 352 pts/0 S 10:04 0:00 /server/ftp/sbin/vsftpd root 17026 0.0 0.0 1548 464 ? S 10:17 0:00 /server/ftp/sbin/vsftpd nobody 30035 0.0 0.1 1604 556 ? S 10:17 0:00 /server/ftp/sbin/vsftpd After the login (username = markus): root 22458 0.0 0.0 1548 352 pts/0 S 10:04 0:00 /server/ftp/sbin/vsftpd nobody 17026 0.0 0.1 1604 576 ? S 10:17 0:00 /server/ftp/sbin/vsftpd markus 13446 0.0 0.1 1616 596 ? S 10:17 0:00 /server/ftp/sbin/vsftpd What's the nobody process for ? My vsftpd.conf: Code:
anonymous_enable=NO |
lsof/strace -p $(pidof vsftpd|grep nobody|cut -d " "-f 2)?
|
[root@testserver root]# ps auxw | grep vsftpd
root 16018 0.0 0.0 1548 352 ? S Jan17 0:00 /server/ftp/sbin/vsftpd nobody 8361 0.0 0.1 1604 576 ? S 14:04 0:00 /server/ftp/sbin/vsftpd markus 28540 0.0 0.1 1640 640 ? S 14:04 0:00 /server/ftp/sbin/vsftpd [root@testserver root]# lsof -p 8361 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME vsftpd 8361 nobody cwd DIR 8,2 4096 98435 /usr/share/empty vsftpd 8361 nobody rtd DIR 8,2 4096 98435 /usr/share/empty vsftpd 8361 nobody txt REG 8,8 65964 257538 /server/ftp/sbin/vsftpd vsftpd 8361 nobody mem REG 8,2 87341 180289 /lib/ld-2.2.93.so vsftpd 8361 nobody mem REG 8,2 22351 180300 /lib/libcrypt-2.2.93.so vsftpd 8361 nobody mem REG 8,2 1395734 180283 /lib/i686/libc-2.2.93.so vsftpd 8361 nobody mem REG 8,2 42657 180322 /lib/libnss_files-2.2.93.so vsftpd 8361 nobody 0u IPv4 53574 TCP localhost:ftp->localhost:36958 (ESTABLISHED) vsftpd 8361 nobody 1u IPv4 53574 TCP localhost:ftp->localhost:36958 (ESTABLISHED) vsftpd 8361 nobody 2u IPv4 53574 TCP localhost:ftp->localhost:36958 (ESTABLISHED) vsftpd 8361 nobody 3w REG 8,3 0 29291 /var/log/xferlog vsftpd 8361 nobody 4u unix 0xddf8c9e0 72617 socket vsftpd 8361 nobody 5u unix 0xddf8c3e0 72618 socket |
Okay I thought the nobody process would do the logging for ALL, etc ... but look at this:
root 16018 0.0 0.0 1548 352 ? S Jan17 0:00 /server/ftp/sbin/vsftpd nobody 2595 0.0 0.1 1604 576 ? S 14:09 0:00 /server/ftp/sbin/vsftpd markus 18562 0.0 0.1 1640 640 ? S 14:09 0:00 /server/ftp/sbin/vsftpd nobody 15821 0.0 0.1 1604 576 ? S 14:09 0:00 /server/ftp/sbin/vsftpd markus 12756 0.0 0.1 1640 640 ? S 14:09 0:00 /server/ftp/sbin/vsftpd Looks like for EACH ftp connection there will be 1 NOBODY process running ... |
Hmm. vsftpd-1.1.3/SECURITY/DESIGN from line 40 down handles about process separation.
From oneprocess.c: * Code for the "one process" security model. The one process security model * is born for the purposes of raw speed at the expense of compromising the * purity of the security model. * The one process model will typically be disabled, for security reasons. * Only sites with huge numbers of concurrent users are likely to feel the * pain of two processes per session. */ So. Uh. It's good? :-] Seriously, if you want to see the capabilities of those processes, move over to the Apache thread. I'll show an extremely lame way to show what caps a process has :-] |
| All times are GMT -5. The time now is 11:58 AM. |