LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 03-25-2012, 11:50 PM   #1
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Rep: Reputation: Disabled
Question FTP Server vsftpd Works for GET but not PUT despite Settings


That is to say, I read through all the comments in the file vsftpd.conf concerning setting flags for enabling PUT, such as write_enable=YES, anon_upload_enable=YES, anon_mkdir_write_enable=YES

and also:

anon_root=/var/ftp/opendir
cmds_allowed=EPSV,PASV,RETR,QUIT,USER,PASS,QUIT,CWD,PORT,LIST,NLST,STOR,TYPE,PWD,SYST,FEAT
file_open_mode=0777
guest_enable=YES
dirlist_enable=YES
anon_other_write_enable=YES
no_anon_password=YES
log_ftp_protocol=YES
anon_umask=0777

So I assume this is all the settings I need. Or am I missing some setting?

Yes, I know these would be horribly insecure on the open internet, but this IS inside a firewall. But the big question is: why don't these things work? Since I can do a GET, I assume the ports are open where they need to be, but I cannot do a PUT, nor can I create a directory from the FTP client.

Strangely, it does not seem to be using the setting for opendir: the GET is working from the default anonymous user's root.

I had a Wireshark capture file showing what happens, but I can't find it now. If this isn't enough info to debug the problem, I can do another, but for now, is this enough info?

BTW: the FTP server is running on a Fedora 14 machine, the client runs on a machine inside the same LAN. Version# for vsftpd is 2.3.4.

Last edited by mejohnsn; 03-26-2012 at 08:08 PM. Reason: fixed typo for 'concerning'
 
Old 03-26-2012, 01:50 AM   #2
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu
Posts: 1,389

Rep: Reputation: 97
I guess the anon_umask should be 0222
 
Old 03-26-2012, 02:14 AM   #3
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi, mejohnsn

I would show you this thread to check your _umask settings
which obviously are not working right for you (hint: 077 -> 022)
 
Old 03-26-2012, 08:07 PM   #4
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by j-ray View Post
I guess the anon_umask should be 0222
You are not the only one to make such a guess, and I -have- seen that setting frequently recommended for similar problems. But when I changed it to 0222, saved the file and restarted vsftpd, the new setting did not solve the problem: I still get "550 Permission denied" (yes, I forgot to say in my original post that that was the message I was getting) when I try to delete a file, and "553 Could not create file" when trying to PUT a file ("ftp -d" shows this is done with the STOR command, which is in my list 'cmds_allowed').

Now just for an additional data point, I went into /var/ftpd/opendir on my FTP server and changed the permissions on the file with "chmod a+w [filename]". I still could not delete it.

Oh, and just in case it is relevant on the directory opendir itself, the permissions are: "drw-r--r-x. 4 root root 4096 Mar 26 10:05 opendir"

One final note: I see in vsftpd.conf, they recommend changing the mask to 022 "if your users expect that". But what DOES this really mean? Does a user running ftp on the command line in Mac OS X 10.6 expect 022?

But when I reread that, I realized you must have meant '022', not '0222'. But the results when using 022 are exactly the same. And I did remember to save the edit and restart the server.

So now what?
 
Old 03-27-2012, 02:07 AM   #5
j-ray
Senior Member
 
Registered: Jan 2002
Location: germany
Distribution: ubuntu
Posts: 1,389

Rep: Reputation: 97
so if only root has access to "opendir" then, of course, you will get "permission denied" warnings. You have to make the directory writable for the ftp user group or chown it to the anonymous user, I think.
 
Old 03-27-2012, 02:37 AM   #6
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
mejohnsn:

try to make a directory RWX for all users and you will see that permissions are your trouble now.
Code:
chmod -vR 777  /path/to/directory
You have to set permissions on directories, where you want the FTP users to be able to write /delete etc., to that user (and group).
If there are many users accessing the same directory, then make it writable for all of the groups to be able to write to it (code chmod above)

good luck
 
Old 03-27-2012, 11:56 PM   #7
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by j-ray View Post
so if only root has access to "opendir" then, of course, you will get "permission denied" warnings. You have to make the directory writable for the ftp user group or chown it to the anonymous user, I think.
"Of course"? But anonymous is not a Linux user. Yet that is how the user logs on. And vsftpd is running as root (I start it by logging in as root and then "vsftpd &"). So why wouldn't vsftpd have access? What user's permissions could be relevant if not root's?

The same question goes for lithos, who makes much the same point, but recommends just enabling it for all users. For now at least, I want only anonymous login, so this doesn't sound quite right.

After all: isn't it an insecure thing to do, to make the directory accessible to others? vsftpd is running as root. Or is this itself also a bad idea, perhaps even a bigger security problem? I thought not, since this "standalone mode" is what the vsftpd man page recommends. But please feel free to let me know if this is not longer up to date.

Thanks to both you and lithos for keeping up with this: I may yet try the "chmod -vR 777" to see what that does, though as you no doubt have noticed, I am puzzled which user I should really be doing this for when I have only 'anonymous'.
 
Old 03-28-2012, 01:52 AM   #8
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Hi,

since you want "anonymous" and have write permissions, you actually have no choice but to set the directory / files permissions to 777 (that is to let everybody read/write).

And just for the vsftpd configuration file, I noticed there is missing:
Code:
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
there is actually good example of vsftpd config here
and also here

good luck

Last edited by lithos; 03-28-2012 at 02:06 AM.
 
Old 03-28-2012, 02:18 AM   #9
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
If you give 777 permission to the login directory for anonymous user then it will not be able to login and return with error as by default anonymous user cannot login to any directory which has write permission

if you want anonymous user to read and write then let the user create a directory inside the directory where it logs in which should be writable by everyone.
and make the following changes in config file

Code:
#vi vsftpd.conf
anon_upload_enable=YES
anon_mkdir_write_enable=YES
Code:
#service vsftpd restart
I think lithos edited his entry which I was unaware of but one thing which I think he missed is anonymous user cannot create any files in the logged in directory with write permission.

Last edited by deep27ak; 03-28-2012 at 02:23 AM.
 
Old 03-28-2012, 02:22 AM   #10
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Quote:
Originally Posted by deep27ak View Post
....

I think lithos edited his entry which I was unaware of
It tends to be my weakness I know of, but somehow I'm unable to Solve it :-)

best regards.
 
Old 03-28-2012, 03:01 AM   #11
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Unhappy

Quote:
Originally Posted by lithos View Post
Hi,

since you want "anonymous" and have write permissions, you actually have no choice but to set the directory / files permissions to 777 (that is to let everybody read/write).

And just for the vsftpd configuration file, I noticed there is missing:
Code:
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
there is actually good example of vsftpd config here
and also here

good luck
??? I followed the instructions at your "actually good example" site, changing the directory to chmod 755, and I get the following error:

ftp 192.168.0.8
Connected to 192.168.0.8.
220 Welcome to internal FTP service. For this LAN only.
Name (192.168.0.8:[name witheld]): anonymous
500 OOPS: vsftpd: refusing to run with writable anonymous root
ftp: Login failed
ftp>

Come to think of it, there was one change I made to the directions in the above: I assumed I could make the directory they refer to as 'upload' the same as my opendir (recall that I set the config var anon_root to /var/ftp/opendir). But when I follow the directions even more literally, making a separate '/var/ftp/upload' directory, I still get an error, only this time I get it upon trying the put command:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put small.cap
local: small.cap remote: small.cap
229 Entering Extended Passive Mode (|||33629|).
553 Could not create file.
ftp>


I also get the same error when I make the following two modifications to the procedure 1) per your other suggestion, chmod 777 instead of 755 2) try to cd into upload from within ftp:


ftp> cd upload
550 Failed to change directory.

BTW: now my directories on the server look like:

dr-xrw-rw-. 4 ftp ftp 4096 Mar 26 10:05 opendir
drwxr-xr-x. 2 root root 4096 Mar 3 2011 pub
drwxrwxrwx. 2 ftp ftp 4096 Mar 28 00:26 upload

Finally, please note that in my very first post I pointed out I already have the following settings:

write_enable=YES, anon_upload_enable=YES, anon_mkdir_write_enable=YES

Last edited by mejohnsn; 03-28-2012 at 03:06 AM. Reason: emphasis I already have certain settings.
 
Old 03-28-2012, 03:13 AM   #12
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Quote:
Originally Posted by mejohnsn View Post
??? I followed the instructions at your "actually good example" site, changing the directory to chmod 755, and I get the following error:

ftp 192.168.0.8
Connected to 192.168.0.8.
220 Welcome to internal FTP service. For this LAN only.
Name (192.168.0.8:[name witheld]): anonymous
500 OOPS: vsftpd: refusing to run with writable anonymous root
ftp: Login failed
ftp>

Come to think of it, there was one change I made to the directions in the above: I assumed I could make the directory they refer to as 'upload' the same as my opendir (recall that I set the config var anon_root to /var/ftp/opendir). But when I follow the directions even more literally, making a separate '/var/ftp/upload' directory, I still get an error, only this time I get it upon trying the put command:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put small.cap
local: small.cap remote: small.cap
229 Entering Extended Passive Mode (|||33629|).
553 Could not create file.
ftp>


I also get the same error when I make the following two modifications to the procedure 1) per your other suggestion, chmod 777 instead of 755 2) try to cd into upload from within ftp:


ftp> cd upload
550 Failed to change directory.

BTW: now my directories on the server look like:

dr-xrw-rw-. 4 ftp ftp 4096 Mar 26 10:05 opendir
drwxr-xr-x. 2 root root 4096 Mar 3 2011 pub
drwxrwxrwx. 2 ftp ftp 4096 Mar 28 00:26 upload

Finally, please note that in my very first post I pointed out I already have the following settings:

write_enable=YES, anon_upload_enable=YES, anon_mkdir_write_enable=YES
Isn't it something which I have mentioned in my post??
 
Old 03-28-2012, 05:02 AM   #13
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Code:
dr-xrw-rw-. 4 ftp ftp 4096 Mar 26 10:05 opendir
your "opendir" has wrong permissions (no execute, which blocks any attempt to chdir into it)

should have:
Code:
drwxr-xr-x. 4 ftp ftp 4096 Mar 26 10:05 opendir

like your "pub" dir
drwxr-xr-x. 2 root root 4096 Mar 3 2011 pub
which you set with : chmod 755 opendir
as root user

Last edited by lithos; 03-28-2012 at 05:03 AM.
 
Old 03-28-2012, 05:14 PM   #14
mejohnsn
Member
 
Registered: Sep 2009
Posts: 172

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by lithos View Post
Code:
dr-xrw-rw-. 4 ftp ftp 4096 Mar 26 10:05 opendir
your "opendir" has wrong permissions (no execute, which blocks any attempt to chdir into it)

should have:
Code:
drwxr-xr-x. 4 ftp ftp 4096 Mar 26 10:05 opendir

like your "pub" dir
drwxr-xr-x. 2 root root 4096 Mar 3 2011 pub
which you set with : chmod 755 opendir
as root user
Hi, lithos-

This would mean that all the time I thought I was logging into /var/ftp/opendir I was really logging into /var/ftp/pub, which possibility I will look into. But how would it explain why I could log in as anonymous, could see the files, but could not change directory into /var/ftp/upload? That is where I got the error, and it DOES have the 'x' permission.

Also, did the CentOS page example you gave earlier work because they left anon_root to the default '/var/ftp/'? It has occurred to me that that is a significant difference between what they did and I did. So when I typed 'cd upload' it was trying to go to 'var/ftp/opendir/upload'? That directory did not exist.

Since the time I wrote the above I verified that even with those permissions, I am able to get into the opendir directory. The pub directory is empty, but I see files when I type 'dir' after logging in as anonymous: they are the same files I see when I ssh to the server and go to /var/ftp/opendir.

Last edited by mejohnsn; 03-29-2012 at 08:45 PM. Reason: New info
 
Old 03-30-2012, 05:03 AM   #15
mikey99
Member
 
Registered: Nov 2008
Location: UK
Distribution: RHEL, Fedora
Posts: 68

Rep: Reputation: 12
This sounds like an SELinux problem.

First, your permissions on your upload directory should be 730, group owned by ftp.

Code:
# mkdir /var/ftp/uploads
# chgrp ftp /var/ftp/uploads
# chmod 730 /var/ftp/uploads
Second, the directory needs to have the correct SELinux file context,

Code:
# semanage fcontext -a -t public_content_rw_t "/var/ftp/uploads(/.*)?"
# restorecon -R /var/ftp/uploads
Finally, set the SELinux boolean to allow the ftp daemon to do anonymous write to directories marked as public_content_rw_t

Code:
# setsebool -P allow_ftpd_anon_write on
Let me know if this solves your problem.

Mike.
 
  


Reply

Tags
fedora, ftp, vsftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where do I put DNS settings for my DHCP server? IanVaughan Linux - Networking 1 02-10-2010 09:39 AM
FTP server with vsftpd rushenas Linux - Server 1 12-20-2007 03:36 AM
vsftpd not running..i can connect ftp via anonymous..not able put/get files Saravana Pandi Linux - Networking 1 06-06-2006 07:17 AM
how to put files on the ftp server bry21 Linux - Networking 5 01-25-2006 12:11 AM
FTP server help -Vsftpd BinkyFiz Linux - Software 0 02-28-2005 06:56 PM


All times are GMT -5. The time now is 04:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration