I've just installed proftpd-basic and gadmin-proftpd to help a friend who
wants to use it and I'm quite disappointed about it.
It's actually much worse than what the original bug report says. First,
even before gadmin-proftpd has finished starting up, it rewrites the
proftpd.conf file with all comments removed: if this happens to be the
first proftpd installation in your life, you're left wondering who wrote a
configuration file with no comments and so many blank lines in it. It's no
consolation that gadmin-proftpd helpfully advises you it has saved a backup
in its own configuration directory, as that copy is *already* stripped of
comments.
Then, in one of the three (!) friendly message boxes gadmin-proftpd opens
at first startup, it advises you that it has enabled TLS in the
configuration to allow secure FTP; of course it hasn't created the SSL
certificates yet, as the user hasn't had a chance to fill in the required
information. Unfortunately, if you press "Apply" at this point, it writes
the TLS settings to the configuration and then restarts ProFTPd, which
promptly refuses to load a broken configuration and terminates. Short of
creating the certificates if you actually want TLS -- which requires you to
look for the necessary parameters in the configuration window, fill them in
and click "Apply" -- you have to edit the configuration file and remove the
useless TLS settings, or at least I wasn't able to remove the offending
settings using the gadmin-proftpd GUI. If one wanted to edit the
configuration file, he wouldn't have installed a GUI in the first place,
methinks.
Let me talk some more of what gadmin-proftpd does to the configuration
file: if one had a look at the configuration after a fresh installation,
he'd notice that a) it had comments in it, but we've already talked about
that, and b) it's not a monolithic configuration file, but it's actually
made of several files that are included from proftpd.conf, in a manner
similar to the Apache configuration; this is probably meant to make
upgrades easier. Now, this isn't really a problem since we're supposed to
edit the config with gadmin-proftpd from now on, but it would be great if
the configuration could remain nicely split into different files.
Apart from this, gadmin-proftpd is all too eager to call update-rc.d when
it reconfigures the service. As far as I can tell this is COMPLETELY
USELESS, although probably not dangerous, but as an added bonus it takes a
few seconds to complete on a system that has been migrated to dependency
based boot sequencing.
Let me save the best part for the end, however: I wanted to see how this
thing worked because I wanted to help a friend set up virtual users, so
after I opened gadmin-proftpd, the first thing I did was click on "Enable
virtual users", then I went to the user list and added a virtual user named
"flavio" just like my system user. If that sounds strange, consider this:
I'd like to log in as "flavio" in FTP too, but it's good practice to have a
different password for relatively vulnerable services like FTP. Notice that
I hadn't saved the configuration at this point: I suppose gadmin-proftpd
didn't take notice that I wanted to enable virtual users, so it helpfully
told me that a system user with the same name already existed, yet it added
it to the user list. I said "oh well, I'll create a different user then"
and proceeded to delete the user. At this point, gadmin-proftpd deleted the
system user named "flavio" without any warning: I hope you'll agree that
this is completely unacceptable. Fortunately I noticed that /etc/passwd was
changed and restored it from a backup, or I would have been VERY
disappointed the next time I tried to log in.
I'd advise you to add proper warnings before deleting a user and to make it
VERY clear when it's a system user that's being deleted, not just a virtual
user.
--
Ciao, Flavio
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
