vsftpd postinstall checks for user/group starting with ftp

Bug #677764 reported by Cyntek on 2010-11-20
38
This bug affects 4 people
Affects Status Importance Assigned to Milestone
vsftpd (Debian)
Fix Released
Unknown
vsftpd (Ubuntu)
Medium
Serge Hallyn
Nominated for Karmic by Serge Hallyn
Lucid
Medium
Unassigned
Maverick
Medium
Unassigned
Natty
Medium
Serge Hallyn

Bug Description

Binary package hint: vsftpd

?

ProblemType: Package
DistroRelease: Ubuntu 10.04
Package: vsftpd (not installed)
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic i686
AptOrdering:
 vsftpd: Install
 vsftpd: Configure
Architecture: i386
Date: Fri Nov 19 22:28:45 2010
ErrorMessage: subprocess installed post-installation script returned error exit status 1
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
SourcePackage: vsftpd
Title: package vsftpd (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

SRU comments:
Impact: Breaks install of vsftp if any existing user or group name begins with 'ftp'.
How bug addressed: The vsftpd.postinst script is patched so it accepts only whole names 'ftp', not names beginning with 'ftp'.
Patch: See attached debdiffs.
To reproduce: Create a user or group 'ftpfoo' before installing vsftpd
Regression Potential: This should have no impact as it only changes the string being checked for in existing users and groups. If there were a typo in the patch, it could break vsftpd installation.

Related branches

Cyntek (cyntek) wrote :
Serge Hallyn (serge-hallyn) wrote :

Thanks for reporting this bug and helping to make ubuntu
better. This is interesting - it looks as though the install
script thought that you already had a user and group named
ftp. I suspect you have a group which starts with 'ftp'. Can
you please provide the output of

 getent group | grep "^ftp"

To work around this, you should be able to simply create the
ftp user and group that it wanted to create. Then re-install
the package.

However, this is a real bug in the postinst script which will
need to be fixed. The '| grep "^${_USERNAME}"' must be
switched to "| grep "^${_USERNAME}:".

Changed in vsftpd (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
odonata (odonata) wrote :

Since the release of 10.04, I've been spending a lot of time transitioning a bunch of physical 32-bit boxes to virtual 64-bit servers. A couple of the new boxes were built, blown away and rebuilt for various reasons. The problem is I can't remember which box generated this problem and if it even exists anymore.

Having said that, I have a big cheat sheet with a bunch of "aptitude install" commands to quickly setup the majority of the programs that can be found on all of our servers. These commands are cut-and-pasted manually so we can fine tune each installation but it's still fast because we're able to knock out the majority of packages quickly.

In the /etc/vsftpd/vsftpd.conf file there is a line to set a non privileged user for vsftpd to run under:

#nopriv_user=ftpsecure

The usual steps are load vsftpd, edit vsftpd.conf, uncomment the line above, save the configuration file, create the user "ftpsecure", and then restart vsftpd.

Using the "history" command on one of my boxes shows this process:

root@itdevcode:~# history | grep ftp
   60 aptitude install vsftpd build-essential
   61 vi /etc/vsftpd.conf
   62 adduser ftpsecure --system --no-create-home --disabled-password
   63 restart vsftpd

It may be possible that I thought I had loaded vsftpd and created the "ftpsecure" user. Then I realized the vsftpd.conf was missing and tried to load the software. If the existence of the "ftpsecure" user caused the load to fail, then it would explain why I've loaded a bunch of boxes successfully and had a single one fail with an error. On this one install I could have done a step out of order.

summary: - package vsftpd (not installed) failed to install/upgrade: subprocess
- installed post-installation script returned error exit status 1
+ vsftpd postinstall checks for user/group starting with ftp
Changed in vsftpd (Debian):
status: Unknown → New
Changed in vsftpd (Debian):
status: New → Fix Released
Serge Hallyn (serge-hallyn) wrote :

This has been fixed in Debian and Natty. Need to SRU for lucid, maverick, and probably earlier.

Changed in vsftpd (Ubuntu):
assignee: nobody → Serge Hallyn (serge-hallyn)
Serge Hallyn (serge-hallyn) wrote :
Serge Hallyn (serge-hallyn) wrote :
Changed in vsftpd (Ubuntu Lucid):
status: New → Confirmed
importance: Undecided → Medium
Changed in vsftpd (Ubuntu Maverick):
importance: Undecided → Medium
status: New → Confirmed
Changed in vsftpd (Ubuntu Natty):
status: Confirmed → Fix Released
description: updated
Imre Gergely (cemc) wrote :

Isn't this bug a duplicate of bug #629234 ?

To my novice eye, yes they do appear to be duplicates / related.

As a user, I became involved with this partiuclar bug by reporting a problem I had where an install of vsftpd failed along with some other packages (Bug# 634085). Because of this I gave the developers who sent me questions as much info as I could to help them gain insight into the problem. But other than that my knowledge is limited. At the time I reported my initial bug, I had no clue as to what had caused the failure. So I was unable to locate an existing bug that matched mine so I entered a new one.

----- Original message -----
From: "Imre Gergely" <email address hidden>
To: <email address hidden>
Date: Tue, 28 Dec 2010 16:21:46 -0000
Subject: [Bug 677764] Re: vsftpd postinstall checks for user/group starting with ftp

Isn't this bug a duplicate of bug #629234 ?

--
You received this bug notification because you are a direct subscriber
of a duplicate bug (634085).
https://bugs.launchpad.net/bugs/677764

Title:
  vsftpd postinstall checks for user/group starting with ftp

Status in “vsftpd” package in Ubuntu:
  Fix Released
Status in “vsftpd” source package in Lucid:
  Confirmed
Status in “vsftpd” source package in Maverick:
  Confirmed
Status in “vsftpd” source package in Natty:
  Fix Released
Status in “vsftpd” package in Debian:
  Fix Released

Bug description:
  Binary package hint: vsftpd

?

ProblemType: Package
DistroRelease: Ubuntu 10.04
Package: vsftpd (not installed)
ProcVersionSignature: Ubuntu 2.6.32-25.45-generic 2.6.32.21+drm33.7
Uname: Linux 2.6.32-25-generic i686
AptOrdering:
 vsftpd: Install
 vsftpd: Configure
Architecture: i386
Date: Fri Nov 19 22:28:45 2010
ErrorMessage: subprocess installed post-installation script returned error exit status 1
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
SourcePackage: vsftpd
Title: package vsftpd (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1

SRU comments:
Impact: Breaks install of vsftp if any existing user or group name begins with 'ftp'.
How bug addressed: The vsftpd.postinst script is patched so it accepts only whole names 'ftp', not names beginning with 'ftp'.
Patch: See attached debdiffs.
To reproduce: Create a user or group 'ftpfoo' before installing vsftpd
Regression Potential: This should have no impact as it only changes the string being checked for in existing users and groups. If there were a typo in the patch, it could break vsftpd installation.

To unsubscribe from this bug, go to:
https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/677764/+subscribe

Quoting Imre Gergely (<email address hidden>):
> Isn't this bug a duplicate of bug #629234 ?

No, it is not a duplicate of #629234.

Imre Gergely (cemc) wrote :

I'm still pretty sure it's the same one, only that the other one fixes a the .postinst script a little bit better, see comments #11 and #12.

Changed in vsftpd (Ubuntu Lucid):
assignee: nobody → Andres Rodriguez (andreserl)
status: Confirmed → In Progress
Changed in vsftpd (Ubuntu Lucid):
status: In Progress → Confirmed
assignee: Andres Rodriguez (andreserl) → nobody

Accepted vsftpd into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vsftpd (Ubuntu Maverick):
status: Confirmed → Fix Committed
tags: added: verification-needed
Martin Pitt (pitti) wrote :

There are two conflicting vsftpd uploads in the lucid-proposed queue:

 vsftpd (2.2.2-3ubuntu6.1) lucid-proposed; urgency=low
 .
   * debian/vsftpd.postinst: (LP: #709194)
     - Update conditional to fix upgrade issue when user exists, but group does not

 vsftpd (2.2.2-3ubuntu6.1) lucid-proposed; urgency=low
 .
   [ Andres Rodriguez ]
   * debian/vsftpd.upstart:
     - Fix typo. Thanks to JÃŒrgen Kreileder (LP: #577165)
     - Fix start of vsftpd even if not in standalone mode. Thanks to
       Stephane Chazelas (LP: #648202)
 .
   [ Dustin Kirkland, Serge Hallyn ]
   * debian/vsftpd.postinst: Check that the group exists first, then the user,
     then try adding the user to the group. (LP: #629234, LP: #677764)

I rejected them both. Please reupload a merged version. Thanks!

Andres Rodriguez (andreserl) wrote :

I have tested the Maverick SRU from -proposed and everything works as expected

Martin Pitt (pitti) on 2011-03-08
tags: added: verification-done
removed: verification-needed
C de-Avillez (hggdh2) wrote :

tested the SRU: installation completes without error with 'ftpfoo' and 'ftpbar' defined as users (and respective groups).

Marking verification-done.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vsftpd - 2.3.0~pre2-4ubuntu2.1

---------------
vsftpd (2.3.0~pre2-4ubuntu2.1) maverick-proposed; urgency=low

  [ Andres Rodriguez ]
  * debian/vsftpd.upstart: Fix start of vsftpd even if not in standalone mode.
    Thanks to Stephane Chazelas (LP: #648202)

  [ Serge Hallyn ]
  * debian/vsftpd.postinst: Use complete name match when checking for existing
    ftp user/group, to avoid install failure. (LP: #677764)
 -- Andres Rodriguez <email address hidden> Wed, 02 Mar 2011 12:11:46 +0100

Changed in vsftpd (Ubuntu Maverick):
status: Fix Committed → Fix Released
Serge Hallyn (serge-hallyn) wrote :

The fix for this bug in lucid was un-done.

Clint Byrum (clint-fewbar) wrote :

APPROVED: the package version 2.2.2-3ubuntu6.2 uploaded to lucid-proposed should be accepted.

Martin Pitt (pitti) wrote :

Accepted vsftpd into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vsftpd (Ubuntu Lucid):
status: Confirmed → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Imre Gergely (cemc) wrote :

Package from -proposed tested and installs correctly on Lucid, see below:

=== BEFORE (does not install when ftpfoo user present):
root@utest-lls32:~# useradd ftpfoo
root@utest-lls32:~# apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  vsftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/140kB of archives.
After this operation, 471kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package vsftpd.
(Reading database ... 35120 files and directories currently installed.)
Unpacking vsftpd (from .../vsftpd_2.2.2-3ubuntu6.1_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up vsftpd (2.2.2-3ubuntu6.1) ...
vsftpd user (ftp) already exists, doing nothing.
chown: invalid group: `root:ftp'
dpkg: error processing vsftpd (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 vsftpd
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@utest-lls32:~# id ftpfoo
uid=1001(ftpfoo) gid=1001(ftpfoo) groups=1001(ftpfoo)
root@utest-lls32:~# id ftp
id: ftp: No such user

=== AFTER:
root@utest-lls32:~# useradd ftpfoo
root@utest-lls32:~# apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  vsftpd
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 0B/140kB of archives.
After this operation, 471kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package vsftpd.
(Reading database ... 35120 files and directories currently installed.)
Unpacking vsftpd (from .../vsftpd_2.2.2-3ubuntu6.2_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up vsftpd (2.2.2-3ubuntu6.2) ...
Adding user ftp to group ftp
vsftpd start/running, process 2353

root@utest-lls32:~# id ftpfoo
uid=1001(ftpfoo) gid=1001(ftpfoo) groups=1001(ftpfoo)
root@utest-lls32:~# id ftp
uid=104(ftp) gid=112(ftp) groups=112(ftp)

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vsftpd - 2.2.2-3ubuntu6.2

---------------
vsftpd (2.2.2-3ubuntu6.2) lucid-proposed; urgency=low

  * debian/vsftpd.upstart:
    - Fix typo. Thanks to Jürgen Kreileder (LP: #577165)
    - Fix start of vsftpd even if not in standalone mode. Thanks to
      Stephane Chazelas (LP: #648202)

  [ Dustin Kirkland, Serge Hallyn ]
  * debian/vsftpd.postinst: Check that the group exists first, then the user,
    then try adding the user to the group. (LP: #629234, LP: #677764)
 -- Andres Rodriguez <email address hidden> Wed, 13 Apr 2011 18:34:25 -0400

Changed in vsftpd (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.