vsftpd local user treated as anonymous users in regards to permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vsftpd (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
Release: Ubuntu 18.04.1 LTS
Vsftpd: 3.0.3-9build1
Used this as reference: https:/
Situation:
I have the following configuration in /etc/vsftpd.conf (irrelevant & unmodified package defaults not included, assume the default values for those options)
anonymous_enable=NO
local_enable=YES
chroot_
allow_writeable
write_enable=YES
dirlist_enable=YES
download_enable=YES
- The local user I want to login with has a home directory set /home/username
- The local user has for the sake of the test his home directory user & group mod set to rwx.
- The user has a valid shell assigned.
- In the local users home directory I have created a folder and a file with user & group mod rwx. The user is owner of those files.
Note: this is not a real-life configuration, but the minimal that reproduce the bug for me.
Expected result:
- I can login as local user
- I am chrooted to /home/username
- I can upload files
- I can download files
- I can see files and directories I have created in his home directory
Actual result:
- I can login as local user
- I am chrooted to /home/username, proven by toggling allow_writeable
- I can NOT upload files
- I can not download files
- I can not see files and directories I have created in home directory
Additional discoveries:
When I set the option anon_world_
When I set it back to YES and set world mod to r, it also becomes visible.
Accordingly, all other anon_*-options enable uploads/
Also tested: Anonymous login is NOT possible
description: | updated |
description: | updated |
Hi,
I tried running this example through a VM, but was unable to reproduce the issue:
$ uvt-kvm create b release=bionic arch=amd64 label=daily
$ uvt-kvm ssh b
$ sudo apt update && sudo apt dist-upgrade -y && sudo apt install -y vsftpd local_user= YES _chroot= YES some_dir/ a_file. txt
$ echo "chroot_
allow_writeable
write_enable=YES
dirlist_enable=YES
" | sudo tee -a /etc/vsftpd.conf
$ sudo service vsftpd restart
$ sudo useradd -m -U -s /bin/bash testuser
$ sudo passwd testuser
$ sudo mkdir ~testuser/some_dir
$ sudo touch ~testuser/
$ sudo chown -R testuser ~testuser
$ echo "test" >test.txt
$ ftp localhost
Connected to localhost.
220 (vsFTPd 3.0.3)
Name (localhost:ubuntu): testuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x 2 1001 0 4096 Nov 14 12:30 some_dir
226 Directory send OK.
ftp> put test.txt
local: test.txt remote: test.txt
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
5 bytes sent in 0.00 secs (51.3980 kB/s)
ftp> cd some_dir
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 1001 0 0 Nov 14 12:30 a_file.txt
226 Directory send OK.
ftp> get a_file.txt
local: a_file.txt remote: a_file.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for a_file.txt (0 bytes).
226 Transfer complete.
ftp> exit
221 Goodbye.
If you have other configuration or steps that would help reproduce the issue, please post them so that I can help further.