dietpi-software: ProFTPD: config updates

MichaIng · MichaIng · commit c213150daa3f · 2025-11-01T18:43:56.000+01:00
Skip IdentLookups directives. The module is disabled by default since Bullseye (was was builtin , hence no need to disable it by directive that is supported only if the module has been explicitly enabled by the admin.

Furthermore, fix root user denial: Users listed in /etc/ftpusers non-intuitively are NOT allowed to use ProFTPD. We obviously thought it is the other way round, when commenting the "root" line. Skip that step and in case uncomment or re-add the line on dietpi-update. This however is not critical in terms of security, since the config contains "RootLogin off" anyway. But no reason to add the 2nd layer ASAP.
diff --git a/.conf/dps_94/conf b/.conf/dps_94/conf
@@ -8,7 +8,6 @@ Include /etc/proftpd/modules.conf
 # Set "off" to disable IPv6 support which is problematic on IPv4 only boxes.
 UseIPv6 on
 # If set "on" you can experience a longer connection delay in many cases.
-IdentLookups off
 UseReverseDNS off
 
 ServerName "DietPi FTP"
diff --git a/.update/patches b/.update/patches
@@ -2642,6 +2642,13 @@ Patch_9_19()
 	# Software updates, migrations and patches
 	if [[ -f '/boot/dietpi/.installed' ]]
 	then
+		# ProFTPD
+		if [[ -f '/etc/ftpusers' ]] && grep -q '^[[:blank:]]*aSOFTWARE_INSTALL_STATE\[94\]=2' /boot/dietpi/.installed
+		then
+			G_DIETPI-NOTIFY 2 'Do not allow root user to use ProFTPD'
+			G_CONFIG_INJECT 'root' 'root' /etc/ftpusers
+		fi
+
 		# Pi-hole v6 migration
 		# - /etc/pihole/pihole.toml indicates that Pi-hole has been upgraded to v6 already.
 		# - The /var/www/pihole symlink indicates that an instance installed via dietpi-software has not been migrated yet.
diff --git a/dietpi/dietpi-software b/dietpi/dietpi-software
@@ -3663,12 +3663,6 @@ _EOF_
 			# Config
 			G_BACKUP_FP /etc/proftpd/proftpd.conf
 			dps_index=$software_id Download_Install 'conf' /etc/proftpd/proftpd.conf
-
-			# Do not allow root access via FTP
-			G_EXEC sed --follow-symlinks -i 's/^[[:blank:]]*root/#root/' /etc/ftpusers
-
-			# Fix ident lookup: https://github.com/MichaIng/DietPi/issues/4666
-			G_EXEC sed --follow-symlinks -i '/IdentLookups/c\<IfModule mod_ident.c>\nIdentLookups off\n</IfModule>' /etc/proftpd/proftpd.conf
 		fi
 
 		if To_Install 96 nmbd smbd # Samba Server
