Defumask and upload directive in ftp

maverick_here · March 10, 2014, 9:45am

Hi,

I'm aware that this question has been raised earlier and the solution provided has not helped me. So, the issue is that I'm trying to set a defumask to files transferred via ftp to be 002 so that the group may have write permissions to the files uploaded. We have local/system users uploading files.

No matter what combination of defumask and upload directive I try the permission of the uploaded file is 644. The users umask is 002. My ftpaccess file is as follows

# ident "@(#)ftpaccess  1.2     03/05/14 SMI"
#
# FTP server configuration file, see ftpaccess(4).
#

class           realusers       real            *
class           guestusers      guest           *
class           anonusers       anonymous       *

loginfails      3
passwd-check    trivial         warn
private         no
shutdown        /etc/ftpd/shutdown.msg
# email         user@hostname
# guestuser     username
# rhostlookup   no

keepalive       yes
recvbuf         65536           real,guest,anonymous
sendbuf         65536           real,guest,anonymous
# flush-wait    no              anonymous
# passive       ports           0.0.0.0/0       32768   65535
# timeout       data            600
# timeout       idle            300

banner          /etc/ftpd/banner.msg
greeting        brief
message         /etc/ftpd/welcome.msg   login
message         .message                cwd=*
readme          README*                 login
readme          README*                 cwd=*
# quota-info    *

chmod           no              anonymous
delete          no              anonymous
overwrite       no              anonymous
rename          no              anonymous
umask           no              anonymous

compress        yes             realusers guestusers anonusers
tar             yes             realusers guestusers anonusers

path-filter     guest,anonymous /etc/ftpd/filename.msg  ^[[:alnum:]._-]*$ ^[.-]

noretrieve      relative        class=anonusers         /
allow-retrieve  relative        class=anonusers         /pub

upload          class=anonusers    *    *         no  nodirs
# upload        class=anonusers    *    /incoming yes ftpadm ftpadm 0440 nodirs

# log           commands        real,guest,anonymous
# log           security        real,guest,anonymous
# log           transfers       real,guest,anonymous    inbound,outbound
# xferlog       format  %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr

# limit-time    anonymous       30
# limit         anonusers       10      Wk0730-1800       /etc/ftpd/toomany.msg
# limit         anonusers       50      SaSu|Any1800-0730 /etc/ftpd/toomany.msg

I have undone the changes I made to the file. It is vanila. Any suggestions

Perderabo · March 10, 2014, 11:13am

Post the output of:

cat /etc/release
inetadm -l ftp

maverick_here · March 10, 2014, 11:27am

I'm sorry I forgot to mention the details in my earlier post

[root@########]$cat /etc/release
                   Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC
  Copyright (c) 1983, 2011, Oracle and/or its affiliates. All rights reserved.
                            Assembled 23 August 2011

and

SCOPE    NAME=VALUE
         name="ftp"
         endpoint_type="stream"
         proto="tcp6"
         isrpc=FALSE
         wait=FALSE
         exec="/usr/sbin/in.ftpd -a"
         user="root"
default  bind_addr=""
default  bind_fail_max=-1
default  bind_fail_interval=-1
default  max_con_rate=-1
default  max_copies=-1
default  con_rate_offline=-1
default  failrate_cnt=40
default  failrate_interval=60
default  inherit_env=TRUE
default  tcp_trace=FALSE
default  tcp_wrappers=FALSE
default  connection_backlog=10

Perderabo · March 10, 2014, 12:19pm

Well I have update 4 while you have update 10. Your ftpd does have -a set just like mine. I used ftp to put a test file in /tmp... in had no group write bit set. I deleted it.
I added "defumask 007" to ftpaccess and retried the test. This time I had group write set. If this doesn't work for you I don't know why.

maverick_here · March 10, 2014, 1:15pm

Ok, now there is a interesting development. When I upload files to /tmp ,the permissions are 664 as I wanted. However, when the user is uploading the files to his home directory they get the permissions as 644.

Ex : User1 is ftp'ing to the server, logged in successfully. He is uploading a file ( which is 777 ) to his current location ( home dir ) and the permission comes up to be 644. I have checked the umask on the user it is 002 and when he created files locally in his home directory they end up 664.

Perderabo · March 10, 2014, 2:56pm

Stuff uploaded to my home directory is also following the defumask setting just as well as /tmp does.