Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Oct 2003 14:46:03 -0500
From:      "Charles Howse" <chowse@charter.net>
To:        <freebsd-questions@freebsd.org>
Cc:        chris@scary.beasts.org
Subject:   Vsftpd not chown'ing uploads
Message-ID:  <000001c3891d$d3a6b280$04fea8c0@moe>
next in thread | raw e-mail | index | archive | help 

Hi,
I've Googled half the day for a soultion to this, no joy.
I'm CC'ing the author in case no one in the list knows the answer.

I don't want the user 'virtual' to be able to delete the files they
upload.
When 'virtual' uploads a file, it winds up belonging to: virtual wheel,
and he can delete the file.  He cannot delete files in any other
directory.
Virtual is *not* a member of the wheel group.

How can I configure things so that 'virtual' can upload files, see them,
but not delete them?

Details:

I'm using vsftpd-1.2.0 on FBSD 4.8-RELEASE-p10.
I've created a symlink in /var called 'ftp' that points to /usr/ftp for
disk space reasons.

The directory structure in /usr/ftp is as follows:

[charles@curly ~]$ ls -l /usr/ftp
total 12
drwxr-xr-x    8 root     wheel         512 Sep 23 06:16 Applications
drwxr-xr-x    2 root     wheel        2048 Sep 23 06:18 Bash Scripts
drwxr-xr-x    2 root     wheel        1024 Sep 23 06:18 Tech Docs
drwxrwxrwx    2 root     wheel         512 Oct  2 13:15 Uploads
drwxr-xr-x    4 root     wheel         512 Sep 23 06:19 Utilities
drwxr-xr-x   11 root     wheel         512 Sep 23 06:21 eBooks

[charles@curly ~]$ cat /etc/inetd.conf | grep vsftpd
ftp     stream  tcp     nowait  root    /usr/local/libexec/vsftpd
vsftpd

The only login I allow outsiders is: user: virtual.

[charles@curly ~]$ cat /etc/passwd | grep virtual
virtual:*:1000:1000:Virtual User:/var/ftp:/usr/local/bin/bash

My vsftpd.conf:

[charles@curly ~]$ cat /usr/local/etc/vsftpd.conf
# Access rights
anonymous_enable=NO
local_enable=YES
write_enable=YES
# Security
chown_uploads=YES
chown_username=nobody
chroot_local_user=YES
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
banner_file=/usr/local/etc/vsftpd.banner
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000





Thanks,
Charles

Got a computer with idle CPU time?
Join SETI@home and help make history!
http://setiathome.ssl.berkeley.edu/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c3891d$d3a6b280$04fea8c0>