Friday, June 10, 2016

permissions - Proftpd with mariadb (mysql) backend unable to upload




I have proftpd running with a mariadb (mysql) backend.



I have created a user midas in the ftp database.



At the moment of first login, proftpd (running as user proftpd and group proftpd) creates a home directory for this user located at /var/ftp/.



This works fine, I see the directory being created:




[root@vps ftp]# ls -la

total 24
drwxr-xr-x. 5 proftpd proftpd 4096 10 jul 19:19 .
drwxr-xr-x. 22 root root 4096 10 jul 12:56 ..
drwxrwxr-x. 2 proftpd proftpd 4096 10 jul 19:34 midas


On the client side, issueing the put commando returns a 550: Permission denied




ftp> put ~/website.zip remotewebsite.zip

local: /home/midas/website.zip remote: remotewebsite.zip
200 PORT command successful
550 remotewebsite.zip: Permission denied


To verify that I am in the correct directory, and that proftpd DOES have write access to this folder, I created an empty file somefile.:



[proftpd@vps midas]$ touch somefile
--> returns no errors and shows up for my user midas clientside.





ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
-rw-rw-r-- 1 1001 1001 0 Jul 10 17:48 somefile
226 Transfer complete


I am sure I'm missing some very basic understanding here, but I must confess this is the first time I'm working with virtual users.
Any pointers towards a solution would be very much appreciated.



Answer



The dot at the end of the permissions set, makes me think you have a SELinux security context enabled :



drwxrwxr-x.  2 proftpd proftpd 4096 10 jul 19:34 midas
^--dot


Either disable SELinux or make it permissive within file /etc/selinux/config (both not recommended), or better, set the security context :



setsebool -P allow_ftpd_full_access on


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...