PureFTP: Can not enable chmodding through conf file (FreeBSD 8.1)

G

ghostcorps

Hi Guys

I am using PureFTP on a webserver and we have noticed that changing the CHMOD values is disabled by default.

I have followed the instructions HERE to create a config file but after the command line (below) is generated (by pure-config.pl) and run, I am still unable to modify the CHMOD values:

Code: 
#/usr/local/sbin/pure-config.pl /etc/pure-ftpd.conf
Running: /usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -E -fftp
-F/usr/local/etc/pure-ftp.fortune -H -I15 -lpuredb:/etc/pureftpd.pdb -lunix
-L10000:8 -m4 -s -U133:022 -u100 -k99 -Z -Y1

Is there something obvious that I am missing?


Also, I am wondering if after running this command, will PureFTP retain these settings upon reboot?


Thanks for your time :)
 
Hello,

In pure-ftpd from ports chmod is not disabled by default:

But if you uncomment the following line in /usr/local/etc/pure-ftpd.conf:
Code: 
# Disallow the CHMOD command. Users can't change perms of their files.

#NoChmod                     yes
users will not be able to use CHMOD on their own files/directories.
 
Thanks Quintessence

But I want to enable users to be able to change the CHMOD values, perhaps it is a different issue. But without making any modifications, they can not, hence why I understood it to be blocked by default. I had uncommented that line before I posted and changed the value to 'no' with no effect.

Could there be any other reason? I know the users can change the CHMOD values via ssh for example, so I doubt it is a permissions problem.

What do you think?
 
Hello again

I have confirmed that the config file is being parsed at boot :)

But unfortunately it still can't chmod. I figure it must be a problem with pure-ftps permissions, but how can that be?
 
ghostcorps said:
Thanks Quintessence

But I want to enable users to be able to change the CHMOD values, perhaps it is a different issue. But without making any modifications, they can not, hence why I understood it to be blocked by default. I had uncommented that line before I posted and changed the value to 'no' with no effect.

Could there be any other reason? I know the users can change the CHMOD values via ssh for example, so I doubt it is a permissions problem.

What do you think?
Click to expand...

Hello,

They are able to use CHMOD of their own files in their home directories by default if you installed pure-ftpd from the ports collection. There is no need to make any modification in the default config file.
All you have to do is to enable it by placing:
Code: 
pureftpd_enable="YES"
in /etc/rc.conf and start the daemon:
# /usr/local/etc/rc.d/pure-ftpd start .

Just installed some version from ports:
Code: 
pure-ftpd-1.0.29_1  A small, easy to set up, fast and very secure FTP server
Then I logged with test user which I created, create directory, and CHMOD of directory:
Code: 
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir test

ftp> mkdir test2
257 "test2" : The directory was successfully created
ftp> ls -l
229 Extended Passive mode OK (|||58860|)
150 Accepted data connection
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 .
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 ..
drwxrwxrwx    2 alaala     alaala            512 Feb  2 16:50 te
drwxr-xr-x    2 alaala     alaala            512 Feb  4 10:23 test
drwxr-xr-x    2 alaala     alaala            512 Feb  4 10:25 test2
226-Options: -a -l 
226 5 matches total
ftp> chmod [B]700[/B] test2
200 Permissions changed on test2
ftp> ls -l
229 Extended Passive mode OK (|||17921|)
150 Accepted data connection
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 .
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 ..
drwxrwxrwx    2 alaala     alaala            512 Feb  2 16:50 te
drwxr-xr-x    2 alaala     alaala            512 Feb  4 10:23 test
[B]drwx------ [/B]   2 alaala     alaala            512 Feb  4 10:25 test2
226-Options: -a -l 
226 5 matches total
ftp> chmod [B]777[/B] test
200 Permissions changed on test
ftp> ls -l
229 Extended Passive mode OK (|||54795|)
150 Accepted data connection
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 .
drwxr-xr-x    5 alaala     alaala            512 Feb  4 10:25 ..
drwxrwxrwx    2 alaala     alaala            512 Feb  2 16:50 te
[B]drwxrwxrwx [/B]   2 alaala     alaala            512 Feb  4 10:23 test
drwx------    2 alaala     alaala            512 Feb  4 10:25 test2
226-Options: -a -l 
226 5 matches total

My ftp test user:
Code: 
alaala:$1$xDE5.rbK$nurA2yZdJgcKv2d28bVLP1:1011:1011::0:0:User &:/storage/ftptest/alaala:/usr/sbin/nologin
 
Thanks :)

So for some reason Pure-ftp itself is not allowed to change the permissions?

How can I even start to troubleshoot that?
 
Hello,
What you mean pure-ftpd itself? User, which is you start service with or?

You can start by removing your current pure-ftpd (which seems you were installed it from source - and by default as you can read in the documentation, chmod is disabled) and installing it from the ports collection (where chmod is enabled by default).
 
Thanks Quintessence,

I assume that Pure-ftpd does not have the permission to change chmod values, which is why it can not grant that ability to users underneath it. Is this possible?

I had installed pure-ftpd from the ports to begin with. It starts at boot through the rc.conf and looking at top is seems to be run as/by root.


Do you know if Pure-ftpd is still supported? I have been to the site and all the submissions
I make to the mail list are bounced back.

I would use Pro-ftpd, but that has a whole host of other issues and specifically it does not provide tls or the ability to block it's own name.
 
Hello,

Do not create your custom config file with pure-config.pl. Just install pure-ftpd from ports and use its default config file which is placed in /usr/local/etc/, not /etc.

I believe it is supported, but really there is no bug with chmod, it is working ok.
 
Thanks for your patience :)

I'll give it a go and get back to you, I should say though, that the reason I looked into the config file was because we wanted chmod to work.
 
You must log in or register to reply here.
Back
Top