Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I am in the process of setting up an FTP server my system and ran into an issue and was wondering if someone could offer some advice.
Basically I have setup VSFTPD on our system to allow anonymous uploads/downloads to a directory (/var/ftp/uploads).
1. I can connect fine with credentials Username = ftp Password = ftp (the ftp folder and sub directories are owned by ftp user/group)
2. I can also transfer files transfer to/from the server.
The issue seems to be if I create a new file whether it be on my windows machine (then upload to the server) or even create a new file on the linux box, the new file has permission of –rw-------- resulting in a failed transfer of the file if I try to transfer the file (via ftp). If I manually change the permissions (–rwxrwxrwx) then I am able to then to transfer the files successfully.
Does anyone have any suggestions? At the end of the day the ultimate goal is for an anonymous user to be able to upload/download files from the server.
Not sure if it possible (or most efficient) to have some script/ program run to change the permission of a new file? This was the only idea that came to my mind.
You are a little unclear about the files that have the bad permissions. Are these files uploaded to the server in some other way than through FTP? Because right before that you say you can successfully transfer files to and from the server over FTP.
What I meant by I "I can also transfer files transfer to/from the server." is that if i randomly choose a file of the system and set it in the uploads folder it will transfer. I did this for testing purposes just to see if i could transfer a file.
So you can download a file that is placed in the FTP directory from the local filesystem, but cannot download a file that was actually uploaded through FTP?
In that case it sounds like a mask problem. Try adding the following to your vsftpd.conf file:
Yes i restarted the system after making the change to the config file. Note you suggessted that I use 0022 (i tried this first then changed it to 022)
Code:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
#anon_root=/home/ftp/
anon_root=/var/ftp/
#local_umask=022
anon_umask=022
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=ftp
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftp
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Imaging FTP Server
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
Well your permissions should be fine as long as you're trying to upload to the upload directory. Try adding these two lines to your config (don't remove any of the other lines.)
Code:
local_enable=YES
local_umask=022
Then stop and start the service again (make sure it is completely down in between.) Upload a file and see what permissions it gets.
(I know you don't want local users in the long run, but your options should be fine otherwise, I'm just testing for a bug I saw once.)
One other thing I might mention and it sounds kinda silly, but make sure you're editing the conf file that controls the actual service and not a sample or a duplicate in an alternate location.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
