Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VRootAlias not working (unix permissions ???) #59

Open
ivanleoncz opened this issue Oct 24, 2014 · 4 comments
Open

VRootAlias not working (unix permissions ???) #59

ivanleoncz opened this issue Oct 24, 2014 · 4 comments
Assignees
@Castaglia

Comments

@ivanleoncz
Copy link

Hi Castaglia.

First off all, thanks for you support with all ProFTPD docummentation. I have learned a LOT with your contributions.

There is just one thing that is really giving me headaches.. VRootAlias

Here they are:

this one I can access, list/create files/directories

VRootAlias /tmp ~/tmp-vroot-alias

and this I CAN JUST ACCESS... I cannot list/create files/directories

VRootAlias /storage/0001a/10001a/encoding/input ~/0001a-input

FTP USER:
encodingcom:x:514:500::/storage/encodingcom:/sbin/nologin

And here they are in the filesystem (EXT4 - LVM).

/tmp (WORKING)

Directory
drwxrwxrwt. 3 root root 4096 Oct 14 21:58 tmp

Directory Files
-rw-r--r--. 1 encodingcom storage 0 Oct 10 01:40 teste
-rw-------. 1 root root 0 Sep 5 14:47 yum.log
-rw-------. 1 root root 4195 Sep 5 15:30 yum_save_tx-2014-09-05-15-30XPmgVj.yumtx
-rw-------. 1 root root 15507 Sep 16 18:14 yum_save_tx-2014-09-16-18-14eymISj.yumtx
-rw-------. 1 root root 268 Sep 25 16:16 yum_save_tx-2014-09-25-16-163gt7om.yumtx

/storage/0001a/10001a/encoding/input (NOT WORKING)

drwxrwxrwx. 2 encodingcom storage 4096 Oct 14 21:38 input

Directory Files
-rwxrwxrwx. 1 encodingcom storage 0 Oct 14 21:39 123
-rwxrwxrwx. 1 encodingcom storage 5 Oct 8 15:42 asgard

Running proftpd with -dn10 (no daemonize + debug 10), I've got this message when I sent a refresh command in the encoding/input directory, thorugh FileZilla. I belive that Filezilla tries to list the directory, but debug mode informs about filename too long (???)

  • mod_facts/0.1: error stat'ing '/0001a-input/asgard': File name too long

The proftpd.log records this message when a I try to crate a file..

  • [15/Oct/2014:01:50:08 +0000] 192.168.50.237 user:encodingcom [PASV - 227] pid:1740
  • [15/Oct/2014:01:50:08 +0000] 192.168.50.237 user:encodingcom [STOR - 550] pid:1740

I have set SELINUX as disabled in my CentOS.

About the /storage directory, I have created another directory inside of it, and performed a VRootAlias inside a VirtualHost, as well as inside this VirtualHost, I've also created a VRootAlias to the same CURSED /storage/0001a/10001a/encoding/input. The cursed, is still cursed.. and the new VRootAlias, works fine. Why?

/storage/teste (VRootAlias working)

Directory
drwxr-xr-x. 3 root root 4096 Oct 14 21:40 teste

Directory files
-rwxrwxrwx. 1 root root 0 Oct 14 21:39 123
-rwxrwxrwx. 1 root root 0 Oct 10 03:32 1234
-rw-r--r--. 1 root root 0 Oct 10 04:55 123456
-rwxr-xr-x. 1 root root 5 Oct 14 21:40 asgard
drwxrwxrwx. 2 root root 4096 Oct 10 03:32 qaz

Also, here is my config file. PLEASE, help me :(.

+++++++++++++++++++++++++++++++++++++
ServerName "VM Ivan"
ServerIdent on "testing proftpd"
ServerAdmin ivan.leon@azion.com
DefaultServer on
DefaultAddress 192.168.50.59

SocketbindTight on

Umask 022

DefaultRoot ~ !adm
VRootEngine on
VRootAlias /tmp ~/tmp-vroot-alias
VRootAlias /storage/0001a/10001a/encoding/input ~/0001a-input

Log options

LogFormat default "%h %l %u %t "%r" %s %b --- %J"

LogFormat default "%t %a user:%U [%m %f %s] pid:%P"
LogFormat auth "%v [%P] %h %t "%r" %s"

UseReverseDNS off

MaxInstances 200
MaxClientsPerUser 35

AuthPAMConfig proftpd
AuthOrder mod_auth_unix.c

AuthOrder mod_auth_unix.c mod_sql.c

User nobody
Group nobody

UseSendfile off

Timeout options

TimeoutLogin 120

Fake permissions

DirFakeUser on ~
DirFakeGroup on ftp

Store options

DeleteAbortedStores on
HiddenStores on

<VirtualHost 192.168.50.99>
ServerAdmin ivan.leon@azion.com
ServerName "FTP encodingcom VH"
ServerIdent on "VH for VRootAlias"

Set Umask: FILE (base mode 666) + DIRECTORY (base mode 777)

Umask   0002    0002

jail the user to its home directory (encodingcom)

DefaultRoot ~

proftp virtual chroot

VRootEngine on

VRootAlias log file, for all operations realated with aliases

VRootLog    /var/log/proftpd/vroot.log

allow symlinks

VRootOptions    allowSymlinks

last parameters are directories which will point to folders outside of the home directory

VRootAlias  /storage/0001a/10001a/encoding/input    ~/0001a-input       
VRootAlias  /storage/0001a/10001a/encoding/output   ~/0001a-output

VRootAlias  /storage/2093w/12093w/encoding/input    ~/2093w-input   
VRootAlias  /storage/2093w/12093w/encoding/output   ~/2093w-output

VRootAlias  /storage/2312x/12312x/encoding/input    ~/2312x-input
VRootAlias  /storage/2312x/12312x/encoding/output   ~/2312x-output

VRootAlias  /storage/2386u/12386u/encoding/input    ~/2386u-input   
VRootAlias  /storage/2386u/12386u/encoding/output   ~/2386u-output

VRootAlias  /storage/teste              ~/storage-teste

VRootAlias  /storage/9000/19000/encoding        ~/9000
VRootAlias  /storage/9000/19000/encoding/input  ~/9000-input
VRootAlias  /storage/9000/19000/encoding/output ~/9000-output

list all files including those whose names start with "."

ListOptions -a

<Directory ~>

    <Limit ALL>
        AllowAll
    </Limit>

</Directory>

ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
ExtendedLog /var/log/proftpd/proftpd.log ALL default

DebugLevel 10

AllowOverwrite yes

AllowAll

AllowAll

+++++++++++++++++++++++++++++++++++++
@Castaglia
Copy link
Member

What are the permissions on all of the directories leading up to /storage/0001a/10001a/encoding/input?
That is, what does the following show?

$ ls -aldn /storage /storage/0001a /storage/0001a/10001a /storage/0001a/10001a/encoding

@Castaglia Castaglia self-assigned this Nov 10, 2014
@ivanleoncz
Copy link
Author

Hello, Castaglia.

Thanks for your attention. This topic is given me headaches. I still cannot make VRootAlias work normally.

[20:28:17] root@vm-st:~# id 0001a
uid=805(0001a) gid=801(storage) groups=801(storage)

[20:28:19] root@vm-st:~# ls -aldn /storage /storage/0001a /storage/0001a/10001a /storage/0001a/10001a/encoding
drwxr-xr-x 18 0 0 4096 Oct 14 17:30 /storage
drwxr-xr-x 4 805 801 4096 Sep 24 21:18 /storage/0001a
drwxr-xr-x 10 805 801 4096 Oct 24 17:12 /storage/0001a/10001a
drwxr-xr-x 4 805 801 4096 Sep 10 12:36 /storage/0001a/10001a/encoding

@Castaglia
Copy link
Member

What's the full path to the home directory for the user that is having this issue?

@ivanleoncz
Copy link
Author

/storage/encodingcom

[13:11:49] root@vm-st:/storage# ll
total 80
drwxr-xr-x 4 0001a storage 4096 Sep 24 21:18 0001a
drwxr-xr-x 4 0044b storage 4096 Nov 4 2011 0044b
drwxr-xr-x 5 0045b storage 4096 Dec 20 2013 0045b
drwxr-xr-x 3 0052b storage 4096 Sep 18 17:56 0052b
drwxr-xr-x 4 0058b storage 4096 Nov 7 2012 0058b
drwxr-xr-x 4 0062b storage 4096 Oct 24 14:10 0062b
drwxr-xr-x 3 2055y storage 4096 Jul 16 18:29 2055y
drwxr-xr-x 3 2093w storage 4096 Aug 29 18:06 2093w
drwxr-xr-x 3 2312x storage 4096 Jan 13 2014 2312x
drwxr-xr-x 3 2386u storage 4096 Aug 6 2013 2386u
drwxr-xr-x 5 2747t storage 4096 Nov 26 2013 2747t
drwxr-xr-x 3 2760i storage 4096 Nov 28 19:26 2760i
drwxr-xr-x 3 4628k storage 4096 Sep 24 20:37 4628k
drwxr-xr-x 2 7149o storage 4096 Oct 15 14:09 7149o
drwxr-xr-x 3 9604i storage 4096 Apr 29 2013 9604i
drwxr-xr-x 2 encodingcom storage 4096 Oct 14 18:17 encodingcom
drwxr-xr-x 2 root root 16384 Dec 23 2013 lost+found

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Castaglia Castaglia

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Castaglia @ivanleoncz