wKkaY
05-31-2004, 09:51 AM
hi, i'm using WHM 9.2.0 cPanel 9.2.0-S29 and FreeBSD 5.2.1.
i just found out that the entries in my /etc/proftpd/passwd.vhosts file had no passwords, meaning anyone can login with any password provided they already know a username.
after some checking, i found that /usr/local/cpanel/bin/mkvhostspasswd contains this piece of code:
chomp($system = `/bin/uname -s`);
if ($system =~ /freebsd/i) {
open(PWF,"/etc/master.passwd");
} else {
open(PWF,"/etc/shadow");
}
in FreeBSD, uname is in /usr/bin, and not /bin, so the FreeBSD check which follows that fails. because of that, no passwords are read from /etc/master.passwd and subsequently passwd.vhosts is filled with empty passwords.
the solution i did was simple, which was simply symlinking /usr/bin/uname -> /bin/uname.
if you're using this combination (fbsd + cpanel), i'm interested to know whether:
1) your mkvhostspasswd has the same code snippet as above
2) /bin/uname already exists
cheers :)
i just found out that the entries in my /etc/proftpd/passwd.vhosts file had no passwords, meaning anyone can login with any password provided they already know a username.
after some checking, i found that /usr/local/cpanel/bin/mkvhostspasswd contains this piece of code:
chomp($system = `/bin/uname -s`);
if ($system =~ /freebsd/i) {
open(PWF,"/etc/master.passwd");
} else {
open(PWF,"/etc/shadow");
}
in FreeBSD, uname is in /usr/bin, and not /bin, so the FreeBSD check which follows that fails. because of that, no passwords are read from /etc/master.passwd and subsequently passwd.vhosts is filled with empty passwords.
the solution i did was simple, which was simply symlinking /usr/bin/uname -> /bin/uname.
if you're using this combination (fbsd + cpanel), i'm interested to know whether:
1) your mkvhostspasswd has the same code snippet as above
2) /bin/uname already exists
cheers :)