Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi all,
just thought i would throw this out there as a google search doesnt even come back with what i need.
I have setup proftp with a mysql auth on a debian box.
When i save files or try to modify them i get an error. Ie i dont have permission.
When i look at the permissions for the files, it has a 2001 user permission and a ftpgroup as the group permission.
I want it to be ftpuser and ftpgroup with readable and writable permissions for the user and group.
Would anyone know why this is happening and what i have done wrong please?
This is my second proftp box and i basiclly copied the config files over from the old box.
I can post config files etc if needed.
FIRST...
the GID...set whatever group ID...is marked. In other words, that first number...from left...in '2001' means that the ftpgroup runs it, because if ftpgroup is considered the 'owner' of the file, then that's who gets it. (the '2' in '2001'...: 2001 )
SECOND...
the second and third numbers...from left...in '2001' mean that NEITHER OWNER NOR GROUP HAVE ANY PERMISSIONS AT ALL on the file. The second and third refer to the owner...actual or whatever...and the group members, respectively. (the '00' in '2001'...: 2001 )
THIRD...
the fourth number...from left...in '2001' means that others have execute or search permission for files or directories, respectively. (the '1' in '2001'...: 2001 )
(...refer to the FreeBSD web page, look up the man page for 'chmod')
RECOMMENDATION...
Uncertain. I would...as root command...chown or chmod or whatever, if necessary. I honestly do not know what to say. Also, please read the man pages dealing with permissions, because I may be in error. I hope this helps
Thanks heaps, that makes things make clearer,
In my proftd.conf file i have
Umask 022 022
I am assuming that what is going on is probably dependent on this line.
I understand what you are saying but have no idea on how to modify/fix it so that it works the way i want.
I run a personal website of this box and wish to be able to modify using ftp remotely without having to ssh into the box each time to chmod and chown things all the time.
Any more thoughts?
Thanks heaps though, what u have said makes the problem a bit more clearer for me, hope im not sounding like too much of an idiot, permissions is one thing i have always struggled with in linux and i (unfortunately) do most of my work in windows as thats what customers want.
Quote:
Originally Posted by PenGUiN_6_1
Basically...
FIRST...
the GID...set whatever group ID...is marked. In other words, that first number...from left...in '2001' means that the ftpgroup runs it, because if ftpgroup is considered the 'owner' of the file, then that's who gets it. (the '2' in '2001'...: 2001 )
SECOND...
the second and third numbers...from left...in '2001' mean that NEITHER OWNER NOR GROUP HAVE ANY PERMISSIONS AT ALL on the file. The second and third refer to the owner...actual or whatever...and the group members, respectively. (the '00' in '2001'...: 2001 )
THIRD...
the fourth number...from left...in '2001' means that others have execute or search permission for files or directories, respectively. (the '1' in '2001'...: 2001 )
(...refer to the FreeBSD web page, look up the man page for 'chmod')
RECOMMENDATION...
Uncertain. I would...as root command...chown or chmod or whatever, if necessary. I honestly do not know what to say. Also, please read the man pages dealing with permissions, because I may be in error. I hope this helps
When i look at the permissions for the files, it has a 2001 user permission and a ftpgroup as the group permission.
Are you sure the permissions are 2001 (------S--x) and not 200 (--w-------)?
Quote:
I want it to be ftpuser and ftpgroup with readable and writable permissions for the user and group.
Are you using anonymous FTP or non-anonymous - from what you have said, I would guess that you are using virtual users (you mentioned mysql auth)?
The permission of 200 are what you would expect to see if you were using anonymous FTP uploads. The files are set so that they can be overwritten but nothing else. The purpose of this is to allow people to upload files to your computer without a password, by giving them write-only permissions to the files they create. This prevents people from uploading files and then serving them from your computer. Typically (ISTR) the default configuration for an FTP server would be to allow anonymous downloads and anonymous uploads (if the relevant directory exists). It could be that there is a configuration directive leftover from this default config.
Are you sure the permissions are 2001 (------S--x) and not 200 (--w-------)?
Are you using anonymous FTP or non-anonymous - from what you have said, I would guess that you are using virtual users (you mentioned mysql auth)?
The permission of 200 are what you would expect to see if you were using anonymous FTP uploads. The files are set so that they can be overwritten but nothing else. The purpose of this is to allow people to upload files to your computer without a password, by giving them write-only permissions to the files they create. This prevents people from uploading files and then serving them from your computer. Typically (ISTR) the default configuration for an FTP server would be to allow anonymous downloads and anonymous uploads (if the relevant directory exists). It could be that there is a configuration directive leftover from this default config.
This is the full details of a file i have uploaded using ftp.
See attached picture.
Weird, isnt it.
And no, its not setup for anon usage, its setup so that each user has there own directory (which is common) but the auth is done using a mysql table for quota limits.
No, it definitely has 022 twice.
Could this be a part of my problem?
I thought it might be, because I couldn't quite understand syntax for proftpd's umask directive. However, all that it appears that proftpd will use the first umask for files and the second for directories - if only one is supplied it uses the first for both. So the second umask of 022 is redundant, but it won't cause any problems.
This is the full details of a file i have uploaded using ftp.
See attached picture.
Weird, isnt it.
And no, its not setup for anon usage, its setup so that each user has there own directory (which is common) but the auth is done using a mysql table for quota limits.
The picture makes everything much clearer, the permissions of the file are 0644 - which is fine and what you would expect. 2001 relates to user who owns file. Ownership and permissions are two separate things, though looking back at your post, it should have been obvious that you had ownership and permissions confused (it certainly is with hindsight).
Looking at your screen shot, the file is owned by the user 2001 and the group ftpgroup. 2001 is not a user name, but a user id (or uid). Normally the uid of a file is used to lookup the user name from '/etc/passwd' and then more friendly user name is shown (the same is done for group names using '/etc/group') - unless you specifically request numeric values (e.g. using 'ls -n').
The only reason why you would be seeing 2001 is that the files uid is 2001 and there is no user 2001 in your '/etc/passwd'. The fact that you are using a MySQL database for the authentication, is key here, as you will be using virtual users*. In this case, the mysql database is used for matching the username give to proftpd to a uid. So you will need to go into your mysql database and find all virtual users who have a uid of 2001 and replace that value with the uid of the ftpuser in you '/etc/passwd' - alternatively, if you don't already have a user called 'ftpuser' in your /etc/passwd, you could create one and give it the uid 2001.
* virtual users means that your ftp server is not using the system wide user and group information in '/etc/passwd', '/etc/shadow' and '/etc/group' - rather it is using the information from you MySQL database.
The picture makes everything much clearer, the permissions of the file are 0644 - which is fine and what you would expect. 2001 relates to user who owns file. Ownership and permissions are two separate things, though looking back at your post, it should have been obvious that you had ownership and permissions confused (it certainly is with hindsight).
Looking at your screen shot, the file is owned by the user 2001 and the group ftpgroup. 2001 is not a user name, but a user id (or uid). Normally the uid of a file is used to lookup the user name from '/etc/passwd' and then more friendly user name is shown (the same is done for group names using '/etc/group') - unless you specifically request numeric values (e.g. using 'ls -n').
The only reason why you would be seeing 2001 is that the files uid is 2001 and there is no user 2001 in your '/etc/passwd'. The fact that you are using a MySQL database for the authentication, is key here, as you will be using virtual users*. In this case, the mysql database is used for matching the username give to proftpd to a uid. So you will need to go into your mysql database and find all virtual users who have a uid of 2001 and replace that value with the uid of the ftpuser in you '/etc/passwd' - alternatively, if you don't already have a user called 'ftpuser' in your /etc/passwd, you could create one and give it the uid 2001.
* virtual users means that your ftp server is not using the system wide user and group information in '/etc/passwd', '/etc/shadow' and '/etc/group' - rather it is using the information from you MySQL database.
Thank you, i now have a clear understanding of where i went wrong, thanks heaps. Will let u know how i fixed it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.