This is my first post on here so go easy on me. I am setting up an FTP server that allows both local and anonymous access. I am running into a problem. When I logon as anonymous and place a file in the 'incoming' directory I cannot do an 'ls' on that specific file name. I get the following....

200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
226 Transfer done (but failed to open directory).

Here is my vsftpd.conf file. Feel free to pick it apart

# config file /etc/vsftpd/vsftpd.conf

# General Configuration

listen=YES
tcp_wrappers=YES
nopriv_user=ftp_nopriv
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

# Mode and Access right

anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
anon_world_readable_only=YES
anon_umask=077
anon_root=/home/ftp/./pub

local_enable=YES
local_umask=022
write_enable=YES

# Security

dirmessage_enable=YES
banner_file=/etc/vsftpd/vsftpd_banner
connect_from_port_20=YES
idle_session_timeout=600
#data_connection_timeout=120
chroot_local_user=YES
passwd_chroot_enable=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd.ftpusers

# Denial of Service

max_clients=25
max_per_ip=5

anon_root=/home/ftp/./pub

suggests that you're chroot'ing the anonymous FTP user.
In order for that user to call directory listings, he will still need the "ls" program.
The chroot jail will however prevent him from accessing the normal ls (/bin/ls).
So, you'll need to (as root):
mkdir /home/ftp/bin
chown root:root /home/ftp/bin
chmod 755 /home/ftp/bin
cp /bin/ls /home/ftp/bin

You may want to copy some additional programs into the chroot jail too, if you want the anonymous user to run them.
Just be careful with the file/directory permissions. You don't want to give to much privilege to a user you don't know (ie "anonymous").

Thanks for the info and I tried this but it didn't work. I commented out the chroot of ftp in the vsftpd.conf file. So /home/ftp is the root directory for anonymous. Now when I ftp as 'anonymous' I can do an 'ls' and see the directorys under /home/ftp. I change to /home/ftp/pub and do an 'ls' and I can see everything under there. I change to /home/ftp/pub/incoming and put a file in there then try to 'ls' it and I get the following again...

200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
226 Transfer done (but failed to open directory).

Is it something to do with permissions on the /incoming directory?

Thanks....

Yes, it surely is.

tells you that.

To reach any subdirectory or file in a directory, you need execute permission on all it's parent directories, uptil the / directory.
So, you might want to check that first (ie check if the permissions on the "pub" directory have execute permission (x)).

Next, you'll need to read the contents of the incoming directory, so you'll also need read permission on the "incoming" directory itself too.

In short, try out the following:
and post back the results.

Here it is....

dr-xr-sr-x 12 root ftp 4096 /home/ftp/pub
drwxrwx-wt 2 sagna saga 4096 /home/ftp/pub/incoming

Thanks in advance

To what user is the anonymous FTP user mapped to?
I bet it's a user that doesn't belong to the group "saga" and that it's not the "sagna" user.
This would mean that the permissions in bold apply.
Those permissions, -wt, say that there is write permission and execute permission and that the sticky bit is set.
This means that:
-you can delete/move/rename files in the directory unless you're root or the owner of the files (sticky bit),
-you can go into subdirectories and access files in the "incoming" directory (ie put/get would work).
-but you can't read the contents of the files. So "ls" will fail to do so.

So, you'll need to give read permission (chmod o+r for instance) for anonymous FTP user to be able to read the contents of the files.

Hi,

I read ur vsftpd.conf file.

You are not having the read permission to "incoming"
directory since you have given the anon_umask=077
that means anonymous user is having the permission
(777-077)=700.Hence anonymous user cannot read or
write in the incoming directory.

So do one thing,
Comment the line
anon_umask=077 in the vsftpd.conf

and give the permission 777 to "incoming" directory.
and restart the vsftpd service.

It should work now.

Regards,
sharad.

sharad,
the misconfigured permissions on the "incoming" directory may indeed have come from the
umask settings (if the directory was created via FTP's mkdir command).

saxsd, the umask will apply to all files and directories that the anonymous user will create on the FTP server.
Why you are using this umask is a mistery to me too.
This would imply that, if the anonymous user was to upload a file or create a directory, nobody else would get permission to even read the file or enter the directory.
Of course, since you have root access and have access to the "sagna" user too, you can always delete/move/rename the files created by the anonymous user.
But, you would always be asked to confirm the deletion/move/... of a file/directory that has rwx------ permission (at the most) if you don't own it, which is kind of annoying.

In short, why wouldn't you allow some of your system's users to overwrite the files/directories created by the - untrusted - anonymous FTP user?
I'd advise a strategy like this one:
-set group ownership of the "incoming" directory to a group that you (as normal user) are part of;
-set the "setGID" bit on the "incoming" directory, so that any new files/directories immediately inherit that group ownership
-set the group permissions on "incoming" to rwx.
-set the umask to 007. This should allow for your normal user to read/write/delete the files created by
anonymous to be deleted by you, without having to "su".