permissions - vsftp "Access is denied" when writing as an authenticated user

21
2014-04
  • djechelon

    I have set up vsftpd for private FTP. Only authenticated users in the ftp group can login. Also, every user is chrooted to its home directory (/home/username)

    chroot_local_user=YES
    

    I can log in, browse, download, but I'm not allowed to upload files. I get 550 Access is denied message from Windows Explorer

    In order to tweak I did the following:

    I made sure that the directory is user-writable (chmod g-rwx o-rwx u+w -R /home/username), I chose to do g-rwx otherwise it could be accessible via SSH by people in the users group that don't get chrooted. I made sure that directory and children elements are owned by user (forced chown -R as root) but they didn't help.

    I found no useful thing in /var/log/messages file. I believed that vsftpd runs as the logged in user and I found confirmation running htop.

    What kind of permission problem could cause this behaviour? If I go with SFTP with the same user I can do everything I want!

    Thank you

  • Answers
  • Mr Shunz

    There should be an option named write_enable in the configuration file.

    As stated in the manpage:

    write_enable
       This controls whether any FTP commands which change the filesystem are allowed or not. These commands    
       are: STOR, DELE, RNFR, RNTO, MKD, RMD, APPE and SITE.
    
       Default: NO
    

    it defaults to NO, so that might be the cause.


  • Related Question

    permissions - Limit ftp users to only certain directories in Ubuntu
  • George

    There are several questions around limiting ftp users to certain directories. However, most of them refer to vsftpd, which I don't think I have installed on my system. I'm running Ubuntu 9.04. How can I tell what ftp service I have installed, and then limit certain users to only the /home/ftpuser directory instead of having full access to the file system?

    I think I can add them to a separate group and give that group access to the proper directories, but then do I have to remove that groups permissions from all other directories? It seems like there should be an easy way like setting the chroot_local_user value in the /etc/vsftpd/vsftpd.conf file, but that doesn't exist on my system.

    Update

    Here are the results of: dpkg --list |grep -i ftp:

    ii curl 7.18.2-8ubuntu4.1 Get a file from an HTTP, HTTPS or FTP server

    I can connect to this servier using sftp but there are no ftp servers installed. Do I have to install one?


  • Related Answers
  • CaseyIT

    I'd recommend using proftpd with Ubuntu.... I follwed these steps recently and it worked ver y well....

    Here's quick install steps:

    sudo apt-get install proftpd
    
    # Add this line in /etc/shells file (sudo gedit /etc/shells to open the file)
    /bin/false
    
    cd /home
    sudo mkdir FTP-shared
    sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false
    sudo passwd userftp
    cd /home
    sudo chmod 755 FTP-shared
    
    and edit your proftpd.conf file like that if it fit to your need 
    
    sudo gedit /etc/proftpd.conf
    or
    sudo gedit /etc/proftpd/proftpd.conf
    
    sudo /etc/init.d/proftpd start
    

    These steps are from this very helpful thread on ubuntuforums.org

  • pjz
    dpkg --list |grep -i ftp
    

    should show you the list of packages on your machine that include 'ftp' in the name. If there's not one, then you may not have any kind of FTP server installed.