Hey all, I have VSFTP up and going and I'm now in the process of tweaking it alittle. I was reading the man pages and from what I gather when I add the following line to my vsftpd.conf file:

file_open_mode=0644

all uploaded files should have 644 as there permissions. However, they don't. All uploaded files have only 600 as their permissions. Anyone have any clues? I'm sure its reading the conf file.

Thanks in advance,
Brock

Might it be the umask? Is there a umask setting in the config file, or do you have a umask set on the filesystem in question? (it would have to be a Windows FS like vfat or ntfs, though, for that last bit to apply)

Also look at the user you're logging into FTP as -- does any shell startup file in that user's home directory set the umask to anything?

According to the man pages there is a setting for the local users umask


# The value that the umask for file creation is set to for local
# users. NOTE! If you want to specify octal values, remember
# the "0" prefix otherwise the value will be treated as a base 10
# integer!
local_umask=077


But I'm unsure what this means? I though the default would be fine.

Thanks for the reply
Brock

If you have umask set to 077, then that's the problem. ;)

When you call the kernel function to create a file, you pass it a permission bit set to assign to the new file. However, the kernel doesn't just blindly assign those permissions -- it modifies them by masking out any bits that are set in the umask first.

The reason it does this is twofold: First, it needs to have a way for the user to modify the default permissions assigned to new files and directories (that's the umask setting). Second, it needs a way for programs themselves to tell it what permissions they would like to have (that's why creat(...) takes a permission bitmask).

Without the creat(...) bitmask, there wouldn't be any way of separating files that should be executable when created (such as gcc output files) from files that shouldn't (such as text editor files, by default anyway). But without the process level umask, there wouldn't be any way to tell the kernel "don't you dare create any files that are readable by anyone else, unless I specifically modify the permissions later".

With local_umask set to 077, no files created by vsftpd will ever have any permissions for anyone other than their owner (which is the third digit from the right, or the first one here).

You probably want a umask of 022 or 0022 instead, which would make sure that group and world can't write the files, but they can read and execute them (by default anyway; this probably also depends on the file_open_mode setting).

Thanks bwkaz, I had no clue what a umask was. The numbers confused me, but I get it now. Thanks.

Brock