Proftpd Configuraiton for anonymous Uploads

Issues related to applications and software problems
Post Reply
gw1500se
Posts: 222
Joined: 2012/05/07 13:53:35

Proftpd Configuraiton for anonymous Uploads

Post by gw1500se » 2021/04/02 15:46:55

I am trying to configure proftpd to allow anonymous uploads. I am able to login using 'anonymous' and can see the 'pub' and 'uploads' directories. I also can 'cd' into 'uploads'. I think I have either ownership or permissions wrong on the 'uploads' directory but I cannot find any place that says what to set them to. I tried various things after initially getting the error "permission denied" from the client on 'put'. However, my current settings result in "operation not permitted" from the client. Can someone tell me what to do to correct this? TIA.

This is my current directory settings:

Code: Select all

$ ls -lR /var/ftp
/var/ftp:
total 8
drwxr-xr-x 2 root root 4096 Apr  1 14:37 pub
drwxrwxr-x 2 ftp  ftp  4096 Mar 28 15:19 uploads

/var/ftp/pub:
total 0

/var/ftp/uploads:
total 0
I am using the default proftpd.conf except I specify the anon root as /var/ftp/pub. I am not running Selinux.

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Proftpd Configuraiton for anonymous Uploads

Post by lightman47 » 2021/04/02 18:47:56

also viewtopic.php?f=47&t=77345&p=325137&hil ... us#p325137

I may be totally messed or misunderstand this, but it seems you're trying to get your 'anonymous' user to write to system directories in /var (yikes!). Oughtn't they be writing instead to /home/anonymous/{some folders of your choice there}? Allowing the "world" into system directories -> I pucker at both ends.

If it were me, I'd go back to vsftp, turn on selinux, and get that all working. (I have vsftp working on several machines but admittedly don't allow the user 'anonymous' so I've no experience with that situation.). I'm hoping more experienced others can inject knowledge/correct me here ...

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Proftpd Configuraiton for anonymous Uploads

Post by tunk » 2021/04/02 21:03:18

Never setup an FTP server, but you could try this:
cd /var/ftp
chmod 777 uploads
This gives everyone full access to the directory.
That said, I think lightman47 has good advice.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Proftpd Configuraiton for anonymous Uploads

Post by TrevorH » 2021/04/02 23:48:01

You should not need to chmod 777 the directory, it's already owned by the ftp user and it has write access. Changing the permission to 777 just makes it vulnerable and won't fix the problem.

Try running setenforce 0 to put your system into selinux permissive mode and see if that fixes it. If it does then use the audit log to work out why it's being denied and fix it from that.

Useful resources for SELinux: https://wiki.centos.org/HowTos/SELinux | https://wiki.centos.org/TipsAndTricks/SelinuxBooleans | https://docs.fedoraproject.org/en-US/Fe ... ced_Linux/ | https://www.youtube.com/watch?v=bQqX3RWn0Yw | https://opensource.com/business/13/11/s ... licy-guide | http://freecomputerbooks.com/The-SELinu ... tions.html
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

gw1500se
Posts: 222
Joined: 2012/05/07 13:53:35

Re: Proftpd Configuraiton for anonymous Uploads

Post by gw1500se » 2021/04/03 13:34:30

Thanks but as I said in the OP, I am not running Selinux.

chemal
Posts: 776
Joined: 2013/12/08 19:44:49

Re: Proftpd Configuraiton for anonymous Uploads

Post by chemal » 2021/04/03 16:36:08

You need something like this in /etc/proftpd.conf:

Code: Select all

<Directory /var/ftp/uploads>
    <Limit ALL>
        AllowAll
    </Limit>
    <Limit WRITE>
        AllowAll
    </Limit>
</Directory /var/ftp/uploads>

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Proftpd Configuraiton for anonymous Uploads

Post by TrevorH » 2021/04/03 16:46:14

Thanks but as I said in the OP, I am not running Selinux.
If you're going to run a public anonymous ftp server I'd recommend you review that decision.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply