LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 12-29-2008, 09:02 AM   #1
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Rep: Reputation: 15
FTP Server


I am in the process of setting up an FTP server my system and ran into an issue and was wondering if someone could offer some advice.



Basically I have setup VSFTPD on our system to allow anonymous uploads/downloads to a directory (/var/ftp/uploads).



1. I can connect fine with credentials Username = ftp Password = ftp (the ftp folder and sub directories are owned by ftp user/group)

2. I can also transfer files transfer to/from the server.







The issue seems to be if I create a new file whether it be on my windows machine (then upload to the server) or even create a new file on the linux box, the new file has permission of rw-------- resulting in a failed transfer of the file if I try to transfer the file (via ftp). If I manually change the permissions (rwxrwxrwx) then I am able to then to transfer the files successfully.



Does anyone have any suggestions? At the end of the day the ultimate goal is for an anonymous user to be able to upload/download files from the server.


Not sure if it possible (or most efficient) to have some script/ program run to change the permission of a new file? This was the only idea that came to my mind.













Ray Bonds
 
Old 12-29-2008, 11:01 AM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
You are a little unclear about the files that have the bad permissions. Are these files uploaded to the server in some other way than through FTP? Because right before that you say you can successfully transfer files to and from the server over FTP.
 
Old 12-29-2008, 11:13 AM   #3
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Original Poster
Rep: Reputation: 15
The files are uploaded to the server through ftp.

What I meant by I "I can also transfer files transfer to/from the server." is that if i randomly choose a file of the system and set it in the uploads folder it will transfer. I did this for testing purposes just to see if i could transfer a file.
 
Old 12-29-2008, 11:29 AM   #4
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
So you can download a file that is placed in the FTP directory from the local filesystem, but cannot download a file that was actually uploaded through FTP?

In that case it sounds like a mask problem. Try adding the following to your vsftpd.conf file:

Code:
anon_umask=0022
 
Old 12-29-2008, 12:33 PM   #5
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Original Poster
Rep: Reputation: 15
I attempted to add anon_umask=0022 to the code. This however did not work.

To answer your question yes I can download a file already on the filesystem but can't download uploaded files.
 
Old 12-29-2008, 02:53 PM   #6
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Did you make sure to restart VSFTPD after changing the file to reload the configuration? Could you post your vsftpd.conf file?
 
Old 12-29-2008, 03:05 PM   #7
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Original Poster
Rep: Reputation: 15
Yes i restarted the system after making the change to the config file. Note you suggessted that I use 0022 (i tried this first then changed it to 022)




Code:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
#local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#

#anon_root=/home/ftp/
anon_root=/var/ftp/
#local_umask=022

anon_umask=022

# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
chown_uploads=YES
chown_username=ftp
#
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=ftp
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Imaging FTP Server
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and 
# listens on IPv4 sockets. This directive cannot be used in conjunction 
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
 
Old 12-29-2008, 04:23 PM   #8
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by villumanati View Post
Yes i restarted the system after making the change to the config file. Note you suggessted that I use 0022 (i tried this first then changed it to 022)
What are the permissions and owner on the /var/ftp and /var/ftp/uploads directories?

Code:
ls -al /var/ftp /var/ftp/uploads

Last edited by rweaver; 12-29-2008 at 04:24 PM.
 
Old 12-30-2008, 06:33 AM   #9
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Original Poster
Rep: Reputation: 15
Here is the output from running the following command

[root@ip3d dev]# ls -al /var/ftp /var/ftp/uploads

Code:
[root@ip3d dev]# ls -al /var/ftp /var/ftp/uploads
/var/ftp:
total 36
dr-xr-xr-x  5 ftp  ftp  4096 Dec 26 12:53 .
drwxr-xr-x 27 root root 4096 Dec 26 12:56 ..
dr-xr-xr-x  2 ftp  ftp  4096 Dec 23 15:55 downloads
dr-xr-xr-x  3 ftp  ftp  4096 Dec 23 15:56 .Trash-root
drwxrwxrwx  3 ftp  ftp  4096 Dec 29 15:55 uploads

/var/ftp/uploads:
total 663708
drwxrwxrwx 3 ftp  ftp       4096 Dec 29 15:55 .
dr-xr-xr-x 5 ftp  ftp       4096 Dec 26 12:53 ..
-rwxrwxrwx 1 ftp  ftp    1310930 Dec 26 14:33 #9 Grey 5%ETOH NoWash 20x A Blue Absorbance (Modified).tif
-rwxrwxrwx 1 root root         0 Dec 26 14:30 deleteMe.txt
-rwxrwxrwx 1 ftp  ftp  663617536 Dec 26 15:18 i386-disc2.iso
-rw------- 1 ftp  ftp    9905347 Dec 29 13:22 ImagesWithOverlayOTSU-false.zip
drwxrwxrwx 2 ftp  ftp       4096 Dec 26 15:17 lkj
-rw------- 1 ftp  ftp      90112 Dec 26 15:24 MachineSound_2.xls
-rw------- 1 ftp  ftp     163328 Dec 29 13:17 MachineSound_5.xls
-rw------- 1 ftp  ftp      77257 Dec 29 09:28 TA_E001_I001_M001_WI_SOCK (Threshold 0 - 162).jpg
-rw------- 1 ftp  ftp    3686554 Dec 29 13:16 TA_E001_I001_M001_WI_SOCK (W- Overlay).tif
-rw------- 1 ftp  ftp        788 Dec 29 09:28 TA_E001_I002_M001_WX_SOCK.TIF (COMPOSITE ROI 163 - 165).zip
-rw------- 1 root root         6 Dec 29 09:36 testFilesM.txt
-rw------- 1 root root         0 Dec 29 09:34 testFilesM.txt~
-rwxrwxrwx 1 ftp  ftp        132 Dec 26 13:41 testFile.zip
 
Old 12-30-2008, 08:10 AM   #10
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Well your permissions should be fine as long as you're trying to upload to the upload directory. Try adding these two lines to your config (don't remove any of the other lines.)

Code:
local_enable=YES
local_umask=022
Then stop and start the service again (make sure it is completely down in between.) Upload a file and see what permissions it gets.

(I know you don't want local users in the long run, but your options should be fine otherwise, I'm just testing for a bug I saw once.)

One other thing I might mention and it sounds kinda silly, but make sure you're editing the conf file that controls the actual service and not a sample or a duplicate in an alternate location.

Last edited by rweaver; 12-30-2008 at 08:15 AM.
 
Old 12-30-2008, 08:41 AM   #11
villumanati
Member
 
Registered: Jun 2008
Posts: 35

Original Poster
Rep: Reputation: 15
The problem has been semi-solved. I appreciate the input/suggestions from everyone.

I added anon_world_readable_only=NO to the file which allows me to download files that have been uploaded to the server.

Code:
[root@ip3d uploads]# ls -l
total 4
-rw------- 1 ftp ftp 0 Dec 30 09:20 deleteMe.txt

I am still baffled by how even after changing the
file_open_mode=0666
anon_umask=0022

in the config file
files uploaded to /var/ftp/uploads still have -rw------- permission.



Does anyone have any ideas?
 
  


Reply

Tags
file, permissions, transfer, vsftp


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
In plesk , I wish to have a backup cron job, ftp back up file to another ftp server? muskiediver Linux - General 6 07-16-2009 03:13 AM
How to monitor web server, FTP server, Mail server and database server vodka33us Programming 1 06-16-2008 04:20 AM
files not visible in ftp site (but present in the /var/ftp/folder of the server) dongrila Linux - Newbie 2 12-23-2007 10:09 PM
FTP Server Up and running... how do I hide ftp users from local login screen? joe1031 Mandriva 2 03-18-2005 04:24 PM
how can I restrict ftp users listing files from a pure-ftp server adrianmak Linux - Networking 2 12-31-2002 08:23 AM


All times are GMT -5. The time now is 09:16 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration