Ftp Client error in centos and where to change the umask for ftp users?

SarahGurung · 03-17-2012, 12:01 AM

Well inorder to give read, write and execute permission to the ftp users who are hosting their websites with us where whould we change their permission?

We are using vsftpd for ftp and in that configuration file the umask is set to 022?is that where i should change to 012 so that they can upload it?

Because when they tried uploading their website through ftp client it gave the following error:

Code:

Transfer channel cannot be opened. Reason: A connection attempt failed because the connected party 
did not properly respond after a long period of time.or established connection failed because connected 
host has failed to respond.

Error: Could not retrieve directory listing

But the problem is they can login and can even telnet our ftp server and ping it..
And we as the owner can upload the the files though so thought the issue was with the umask.

And in our iptables both port 20 and 21 is open but wen i see the listening ports,port 20 is not there..

bathory · 03-17-2012, 04:46 AM

Hi,

Quote:

Well inorder to give read, write and execute permission to the ftp users who are hosting their websites with us where whould we change their permission?

We are using vsftpd for ftp and in that configuration file the umask is set to 022?is that where i should change to 012 so that they can upload it?

Why do you want to give execute permissions to your users? Using umask 022 (meaning 755 file permissions), is the right thing to do. Note that the files created on the ftp server are loosing their execute rights for security reasons regardless the umask.
Anyway if you're sure that you want the execute rights on files transferred, you can let umask as is and add:

Code:

file_open_mode=0755

Quote:

Because when they tried uploading their website through ftp client it gave the following error:

Transfer channel cannot be opened. Reason: A connection attempt failed because the connected party
did not properly respond after a long period of time.or established connection failed because connected
host has failed to respond.

Error: Could not retrieve directory listing

I guess your firewall does not allow active ftp, so you have to configure vsftpd for passive mode and do the same for your ftp client.

Quote:

And in our iptables both port 20 and 21 is open but wen i see the listening ports,port 20 is not there..

Port 20 is not listening. It opens only for the data transfer.

SarahGurung · 03-18-2012, 10:07 PM

Well can you please tell me what should i do and how to enable passive ftp in vsftpd and also in ftp client?

bathory · 03-19-2012, 01:16 AM

Hi,

Use the following in vsftpd.conf

Code:

pasv_enable=YES
pasv_max_port=20000
pasv_min_port=21000
port_enable=YES

Of course you need to open ports 20000-21000 in your firewall.

Regarding clients, you should take a look at their configuration options. Some of them can fallback from active to passive.

Regards

SarahGurung · 03-19-2012, 04:56 AM

well how do i add those range of ports in the firewall?

And by firewall do you mean iptables?

Well i tried adding them in iptables but it wasn't added at the end,maybe the syntax was incorrect..

So can you please tell how should i go about it..

raj47 · 03-19-2012, 05:09 AM

Hi,

iptables -I INPUT -p tcp --dport 21 -j ACCEPT

This is will open port 21 for public else you have to take a look at your logs /var/log

Thanks
Puspharaj

SarahGurung · 03-19-2012, 05:46 AM

ya i know about that and it has been already added,..

I'm asking about the passive ports....how do i add that pasv_min_port and pasv-max_port which is actually a range in the firewall or the iptables?

bathory · 03-19-2012, 06:55 AM

Quote:

Originally Posted by SarahGurung

ya i know about that and it has been already added,..

I'm asking about the passive ports....how do i add that pasv_min_port and pasv-max_port which is actually a range in the firewall or the iptables?

Take a look here

chrism01 · 03-19-2012, 07:35 PM

You may find this informative for background understanding http://slacksite.com/other/ftp.html

SarahGurung · 03-20-2012, 04:19 AM

Wow thank you two of you....i went through the link given and did as told and it worked now, i mean the client uploaded the web.

But he said now he is getting the same error in the database server... Now i don't have any clue as to what port is required for that.... Can anyone help me again?

SarahGurung · 03-20-2012, 04:54 AM

thank you all...it worked now..