[SOLVED] VSFTPD permission problem

[dmor]

Hello all!

I've encounterd very annoying problem with VSFTPD.

I'm talking about fresh installation of VSFTPD on RHEL5.1.
I've enabled the anonymous user (default) and also enabled the option: anon_upload_enable=YES in order to allow the anonymous ftp user to upload files to the server.

I've created a new folder under /var/ftp with the name of incoming.
As we all know, the anonymous user by default mapped to the unix user 'ftp', so I changed the owner:group and permission of the incoming directory to the following:

[root@vm1 ~]# ls -ld /var/ftp/incoming/
drwx------ 2 ftp ftp 4096 Mar 20 13:30 /var/ftp/incoming/

As you can see, the ftp user has full permission on the directory.

Now, a very strange thing happens.
When I logged in as the ftp/anonymous user I can cd to the incoming directory and upload files without any problem B-U-T, when I want to read the files in the directory I get an error message.

NOW FOR THE Solution I've found that is very very very wiered:

I've found out that when I give read access to Other on the incoming directory all work's fine.

[root@vm1 ~]# ls -ld /var/ftp/incoming/
drwx---r-- 2 ftp ftp 4096 Mar 20 13:53 /var/ftp/incoming/

I've searched the web so much and cannot find any answer or refernce about it...

The anonymous ftp unix user is 'ftp' and as you can see he has full permissions, and for some reason it's looks like the server don't read the 'ftp' user R (read) permission and need Read permission on the Other object...

I cannot figure out this issue...

Any ideas?

See the following examples, before giving the read permission to the Other object and after:

BEFORE:

[root@vm1 ~]# ftp localhost
Connected to localhost.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,58,99)
150 Here comes the directory listing.
drwx------ 2 14 50 4096 Mar 20 11:53 incoming
drwxr-xr-x 12 0 0 4096 Mar 05 2008 pub
226 Directory send OK.
ftp> cd incoming
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (127,0,0,1,110,121)
150 Here comes the directory listing.
226 Transfer done (but failed to open directory).
ftp>

AFTER:

[root@vm1 ~]# ftp localhost
Connected to localhost.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,114,193)
150 Here comes the directory listing.
drwx---r-- 2 14 50 4096 Mar 20 11:53 incoming
drwxr-xr-x 12 0 0 4096 Mar 05 2008 pub
226 Directory send OK.
ftp> cd incoming
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (127,0,0,1,249,151)
150 Here comes the directory listing.
-rw------- 1 14 50 136 Mar 20 11:30 1.txt
-rw------- 1 14 50 136 Mar 20 11:53 2.txt
226 Directory send OK.
ftp>

SELinux is disabled on the ftp server.

Thanks in advance.

dmor.

[dmor]

anon_world_readable_only=NO