You are not logged in.
- Topics: Active | Unanswered
#1 2011-05-27 17:25:26
- jbm
- Member
- From: California
- Registered: 2011-05-14
- Posts: 2
vsftpd: chown non-anonymous uploads?
Hello,
I'm having a problem with the permissions on files uploaded to a server via vsftpd. I haven't used permissions in a very fine-grained way before, but over the last couple days I've done quite a bit of searching and experimenting but I'm still stuck.
At my work we have an FTP server that our clients use to upload files to us which we later retrieve. This role is currently filled by a Windows machine running locally in our office, but recently I've set up a Linode VPS to take over. We have "business" DSL that doesn't exactly come with an SLA, so the server being unavailable whenever our local connection was down was becoming a problem.
I need to make is so that uploaded files can be read, moved, and deleted by a separate (non-super) user. Once they've been uploaded, we basically just want to download them and move them to an archive on the VPS.
I've tried a number of combinations of directory ownership, group membership, umask, etc, but I always end up with root and the user who uploaded the file being the only two users who can perform these operations. vsftpd supports chown-ing files at upload, but it only works if the uploads are anonymous, which these are not.
Any help with this will be greatly appreciated.
Thanks,
jbm
Offline
#2 2011-05-27 21:10:52
- briest
- Member
- From: Katowice, PL
- Registered: 2006-05-04
- Posts: 468
Re: vsftpd: chown non-anonymous uploads?
Without diving deep in vsftpd documentation (IIRC it cannot do it by itself, I am not sure though), you may try some solutions external to ftp daemon:
- change ownership of uploaded files using cron or incron
- consider using ACLs
or even
- move your data directory to permission-less filesystem, like FAT 
Offline
#3 2011-05-27 21:57:15
- panosk
- Member
- From: Athens, Greece
- Registered: 2008-10-29
- Posts: 241
Re: vsftpd: chown non-anonymous uploads?
Hi,
This is the configuration file of a vsftpd server I setup on a friend's company a few years ago. Bare in mind that the OS was Debian, vsftpd was configured with virtual users, and the permissions were setup in a way that would allow samba users to have full rights over the whole FTP directory. As long as I can remember, fine tuning the permissions took me some time too. Ftp users have full rights on an upload directory and read only access on a download directory. Both directories are inside the user's root ftp folder. Maybe this can give you some clues (but the virtual users setup changes some things).
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=000
file_open_mode=0777
anon_upload_enable=YES
anon_umask=0000
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd_login.db
virtual_use_local_privs=YES
pam_service_name=vsftpd
guest_enable=YES
guest_username=virtual
user_sub_token=$USER
local_root=/mnt/FTP/$USEROffline