Current time: 11-26-2024, 08:00 PM Hello There, Guest! (LoginRegister)


Post Reply 
Pro FTPd changes world permissions to "0" regardless of umask
Author Message
xincs Offline


Posts: 1
Joined: Feb 2008
Reputation: 0
Post: #1
Sad Pro FTPd changes world permissions to "0" regardless of umask
Hi there,

I am completely despaired with a strange permission-problem:

I've transferred a old ISPcp-installation to debian squeeze (64Bit/amd64) using ISPCp-1.0.7 - everything seems good:

But ProFTP (1.3.3a - 6squeeze1) ALWAYS changes world permissions of any uploaded file or directory to "0" > E.g. instead of 644 / 755 I always get 640 / 750 - world permissions seem completely unaffected by the umask setting and always result as "none/0" - If I cahnge Umask in the config file the owner and group permissions reflect the changes but world permissions remain "0"

I already decativated basically any module that I did not understand or need - effect remains the same: After transfer I can do an CHMOD in FTP without problems but this is too compilcated for the average user.

My Config is:

#
# ispCP OMEGA ProFTPd config file
#
#
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
Include /etc/proftpd/ispcp-aio.conf
# Include /etc/proftpd/ispcp/*.conf

ServerName "XXXXXXXXXXXXXXX"
ServerType standalone
DeferWelcome off
# DebugLevel 9

ShowSymlinks on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite on
UseReverseDNS off
IdentLookups off
AllowStoreRestart on
AllowForeignAddress on

Umask 022
LogFormat traff "%b %u"

TimeoutNoTransfer 1200
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir message

#LsDefaultOptions "-l"

DenyFilter \*.*/

DefaultRoot ~

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Port 21 is the standard FTP port.

Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)

MaxInstances 50

# Set the user and group that the server normally runs at.

User nobody
Group nogroup

# Normally, we want files to be overwriteable.

<Directory /*>
AllowOverwrite on
HideNoAccess on
</Directory>

<Limit ALL>
IgnoreHidden on
</Limit>

<Global>
RootLogin off
TransferLog /var/log/proftpd/xferlog
ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff
PathDenyFilter "\.quota$"
</Global>

<IfModule mod_delay.c>
DelayEngine off
</IfModule>

#
# ISPCP Managment;
#
SQLBackend mysql # enable for proFTPd >= 1.3
SQLAuthTypes Crypt
SQLAuthenticate on
SQLConnectInfo ispcp@localhost vftp XXXXXXXXXXX 30
SQLUserInfo ftp_users userid passwd uid gid homedir shell
SQLGroupInfo ftp_group groupname gid members
SQLMinID 2000

#
# ISPCP Quota management;
#

QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLock /var/run/proftpd/tally.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

#
# SSL via TLS
#
#<IfModule mod_tls.c>
# TLSEngine off # on for use of TLS
# TLSLog /var/log/proftpd/ftp_ssl.log # where to log to
# TLSProtocol SSLv23 # SSLv23 or TLSv1
# TLSOptions NoCertRequest # either to request the certificate or not
# TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile
# TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile
# TLSVerifyClient off # client verification
#</IfModule>


Debug logging of affected transfer::

XXXX - in dir_check_full(): path = '/htdocs/testfile', fullpath = '/var/www/virtual/xxxxxxxx/htdocs/inventory.zip'.
XXXX - in dir_check_full(): setting umask to 0022 (was 0022)
XXXX - dispatching CMD command 'STOR inventory.zip' to mod_xfer
XXXX - passive data connection opened - local : XXXX
...

One last information: the target is stored on NFS (v3, rw, async, no_root_squash)

So what??? Any ideas anybody??

Best regards,
Andreas
10-14-2011 09:25 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)