2

I'm using proftpd on my server (ubuntu 16.04 x86_64).

I see that proftpd run under proftpd user:

$ ps aux | grep [p]roftpd
proftpd  26334  0.0  0.1 112656   716 ?        Ss   04:39   0:00 proftpd: (accepting connections)

proftpd write logs to /var/log/proftpd. But write to this directory can only root:

$ ls -la /var/log | grep [p]roftpd
drwxr-xr-x  2 root                adm      4096 Jun  1 04:39 proftpd
ls -la /var/log/proftpd
total 76
drwxr-xr-x 2 root adm     4096 Jun  1 04:39 .
drwxrwxr-x 7 root syslog  4096 Jun  1 04:39 ..
-rw-r----- 1 root adm        0 May 15 15:53 controls.log
-rw-r----- 1 root adm     7611 Jun  1 09:54 proftpd.log
-rw-r----- 1 root adm    23207 May 29 04:39 proftpd.log.1
-rw-r----- 1 root adm     3649 May 21 04:39 proftpd.log.2.gz
-rw-r----- 1 root adm      521 Jun  1 09:42 xferlog
-rw-r--r-- 1 root adm    17656 May 31 22:55 xferlog.1
-rw-r--r-- 1 root root       0 Jun  1 04:39 xferreport

  1. How proftpd write logs?

  2. Is it right way, that owner of proftpd directory is root. May be it should be proftpd?

  3. Why files (logs) has no permissions to read for other. Is it unsecure?

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Yura Shinkarev
  • 145
  • 8

1 Answers1

4

  1. ProFTPd, like many other services on Unix, uses syslog to do logging. syslog is a process running with superuser privileges. This means that ProFTPd itself never has to create files in the log directory.

  2. Yes. It is as it should be. DON'T CHANGE THIS

  3. In general, any logged user activities should only be accessible by the superuser. This is to protect the users' privacy. This is my personal opinion.

For further information about logging with ProFTPd, see http://www.proftpd.org/docs/howto/Logging.html

In general, assume that a service that you have installed behaves as intended, unless it obviously misbehaves. If it's a program installed from a package manager, then it has obviously undergone testing on the version of Unix that you run, and if you find a bug you should contact the package maintainer about this. Most of the time, though, "bugs" are usually the result of running on a highly customised system or with extreme or unusual configurations, and getting it wrong. A default install is very seldom wrong, and should only be "tweaked" once you really know what you're doing.

This goes especially for changing permissions or ownership on files and directories.

Kusalananda
  • 320,670
  • 36
  • 633
  • 936