You are not logged in.
I created a little vsftp server to quickly share files in the network, but I'm having trouble figuring how the permissions for the anonymous user work.
Here's the relevant part of my config:
nopriv_user=nobody-ftp
#This is the name of the user that is used by vsftpd when it wants to be totally unprivileged.
#Note that this should be a dedicated user, rather than nobody.
ftp_username=user
#This is the name of the user we use for handling anonymous FTP.So I created some directories, each with a file inside:
drwxr-x--- 2 ftp ftp ftp
drwxr-x--- 2 user nobody-ftp mix
drwxr-x--x 2 nobody-ftp nobody-ftp nobody
#IMPORTANT: Any user can execute the nobody directory
drwxr-xr-x 2 root root public
drwxr-x--- 2 user user userHere's the confusing part:
CD into ftp/: can enter, but cannot list files
CD into mix/: can enter, but cannot list files
CD into noody/: can enter, but cannot list files
CD into public/: can enter and can list files
CD into user/: can enter, but not list files.
So vsftpd appears to execute directories with the users: ftp and user. However, it cannot read the contents of the directories. That implies that there is a third user that is NOT nobody-ftp (nobody directory could not be read) that is used for reading directories, which seems rather inconsistent with the configuration if it is attempting to read with the nopriv_user.
Could some one explain what is going on here for me?
EDIT: One correction, I forgot that the user is part of the ftp group. So vsftpd only executes with the "user" account only.
Last edited by easton741 (2015-09-03 00:08:34)
Offline
Considering that this is a rather unusual behavior, should I pursue the possibility that this is a bug and report it to the developer?
I've never had to do this before because this is normally a human error thing for me and this is a rather mature project, but there appears to be no logic behind why a user who can execute a directory is unable to read it as well, given the proper permissions.
Offline
I sent a bug report to the dev. I hope it explains the problem well and can be fixed!
Here is the report:
#####COPY OF THE EMAIL#####
#
#
#Scarybeasts,
#
#There appears to be an issue with the anonymous user.
#vsftpd executes directories with the FTP user, just like
#the configuration default. However, it cannot read the
#contents of the directories, even if they are owned by
#the FTP user or group. The anonymous user can only read
#directories if the 'other' class has permission.
#Enclosed is a detailed way to reproduce the apparent
#error (with comments).
#
#Respectfully,
#
#Easton
#
#####Basic System Information#####
~ » uname -a
Linux X120e 4.1.6-1-ARCH #1 SMP PREEMPT Mon Aug 17 08:52:28 CEST 2015 x86_64 GNU/Linux
~ » vsftpd -v
vsftpd: version 3.0.3
~ » sudo systemctl start vsftpd.service
[sudo] password for user:
#####vsftpd Config#####
#
#I tried to strip down the config to as basic as possible
#in order to simplify things for you
#
~ » sudo cat /etc/vsftpd.conf
anon_upload_enable=YES
listen=YES
no_anon_password=YES
write_enable=YES
#####FTP Server Permissions & File Tree#####
#
#Special Note: each directory has a file in it, the
#test directory is owned by nobody:ftp, and the public
#directory has read permissions for everyone.
#
~ » ls -l /srv/ftp/
total 20
drwxr-x--- 2 user ftp 4096 Sep 1 20:39 download
drwxr-xr-x 2 root root 4096 Sep 1 20:53 public
-rw-r--r-- 1 ftp ftp 130 Aug 30 16:43 README.TXT
drwxr-x--x 2 nobody ftp 4096 Sep 1 20:40 test
drwxr-x--- 2 ftp ftp 4096 Sep 1 20:40 upload
~ » find /srv/ftp
/srv/ftp
/srv/ftp/public
/srv/ftp/public/file
/srv/ftp/test
/srv/ftp/test/file
/srv/ftp/upload
/srv/ftp/upload/file
/srv/ftp/download
/srv/ftp/download/file
/srv/ftp/README.TXT
#####Connecting to the server via localhost#####
#
#This is where things get interesting. I connect to the
#server and try to list all the files & directories with
#find, but the only file visible is ./public/file
#
#I also tried this on Filezilla & gFTP
#
~ » lftp ftp:@localhost
lftp ftp@localhost:~> find
./
./README.TXT
./download/
./public/
./public/file
./test/
./upload/
#####Uploading a file#####
#
#Here I uploaded a file to the ./upload directory and
#try to confirm that it is there through the ftp client
#
lftp ftp@localhost:/> put ~/newfile -o ./upload/newfile
lftp ftp@localhost:/> ls upload/
##Nothing##
lftp ftp@localhost:/> exit
#####Double Checking#####
#
#After leaving the ftp client, I double check to see if
#any was actually uploaded and see that it indeed was.
#
~ » ls -l /srv/ftp/upload/
total 0
-rw-r--r-- 1 root root 0 Sep 1 20:40 file
-rw------- 1 ftp ftp 0 Sep 1 21:10 newfileOffline