FS#38291 - [vsftpd] 3.0.2-2 systemctl stop does not kill the child processess
Attached to Project:
Community Packages
Opened by Regis (Regis) - Thursday, 26 December 2013, 22:57 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Friday, 27 December 2013, 17:59 GMT
Opened by Regis (Regis) - Thursday, 26 December 2013, 22:57 GMT
Last edited by Bartłomiej Piotrowski (Barthalion) - Friday, 27 December 2013, 17:59 GMT
|
Details
Description:
When calling "systemctl stop vsftpd", only the main process of vsftpd is killed. The child processes (which are created when an FTP client connects to the server) remain active, and thus the server stays online (while systemctl reports that the daemon is down). Replacing "KillMode=process" by "KillMode=control-group" in file "/usr/lib/systemd/system/vsftpd.service" solves the problem. Additional info: * package version: 3.0.2-2 Security Issue * Severity has been set to "Medium" because of a security issue: an administrator may think the server is offline while it is still reachable. Steps to reproduce: 1/ start the server ("systemctl start vsftpd") 2/ Use an FTP client and connect to the server 3/ stop the server ("systemctl stop vsftpd") 4/ Use the already-connected FTP client: the server is still reachable. |
This task depends upon
Closed by Bartłomiej Piotrowski (Barthalion)
Friday, 27 December 2013, 17:59 GMT
Reason for closing: Not a bug
Friday, 27 December 2013, 17:59 GMT
Reason for closing: Not a bug
This isn't uncommon behavior, either. It's usually known as "draining" the server. I'd say you'd be unlikely to find a distro that doesn't ship this sort of behavior by default for sshd, and it's likely common for FTP daemons as well.
Lastly, if you want this behavior, fine. You can easily override the setting.
# mkdir /etc/systemd/system/vsftpd.service.d
# printf '[Service]\nKillMode=control-group' > /etc/systemd/system/vsftpd.service.d/killmode.conf