Author Topic: problem vs creating folder  (Read 1088 times)

Offline mykolaq

  • New user
  • *
  • Posts: 5
    • View Profile
problem vs creating folder
« on: June 06, 2016, 11:27:49 am »
Hello! i've installed Proftp 1.3.5b on freenas jail, mounted cifs folder to jail ( cifs cause i want that users in internal network could manipulate vs files and directories by comfort way for them ) vs rights
Code: [Select]
drwxrwxr-x+ 19 proftpd  22647  19 Jun  6 11:23 FTPsubcontracters, where 22647 is id for group vs users, who can manipulate files and dirs. FTP users is in sql database, ftp users homes is in this share. My ftp conf is like this:
Code: [Select]
ServerName "NGC"
ServerType standalone
DefaultServer on
ServerIdent on "ftp"
DeferWelcome off
Port 21
Umask 002
TimeoutLogin 300
TimeoutIdle 36000
TimeoutNoTransfer 36000
TimeoutStalled 36000
TimeoutSession 0
User proftpd
Group proftpd
MaxInstances 100
MaxClientsPerHost 100
AllowRetrieveRestart on
AllowStoreRestart on
AllowOverwrite on
AllowOverride off
RootLogin off
IdentLookups off
UseReverseDNS off
DenyFilter \*.*/
TimesGMT off
DefaultRoot ~
RLimitCPU 1200 1200
RLimitMemory 256M 256M
RLimitOpenFiles 1024 1024
RequireValidShell off
PassivePorts 62000 62200
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
SystemLog /var/log/proftpd/proftpd.log
TransferLog /var/log/proftpd/xfer.log
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
Include /usr/local/etc/proftpd/modules.conf
<Global>
AuthOrder               mod_sql.c
SQLBackend              mysql
SQLConnectInfo proftpd@localhost root herepass
SQLEngine               on
SQLPasswordEngine       on
SQLAuthenticate         on
SQLAuthTypes            SHA1
SQLUserInfo             users userid passwd uid gid homedir shell
SQLGroupInfo            groups groupname gid members
SQLDefaultGID           22647
SQLDefaultUID           1001
SQLUserWhereClause      "disabled != 1"
SQLLog PASS             updatecount
SQLNamedQuery           updatecount UPDATE "login_count=login_count+1, last_login=now() WHERE userid='%u'" users

# Used to track xfer traffic per user (without invoking a quota)
SQLLog RETR             bytes-out-count
SQLNamedQuery           bytes-out-count UPDATE "bytes_out_used=bytes_out_used+%b WHERE userid='%u'" users
SQLLog RETR             files-out-count
SQLNamedQuery           files-out-count UPDATE "files_out_used=files_out_used+1 WHERE userid='%u'" users

SQLLog STOR             bytes-in-count
SQLNamedQuery           bytes-in-count UPDATE "bytes_in_used=bytes_in_used+%b WHERE userid='%u'" users
SQLLog STOR             files-in-count
SQLNamedQuery           files-in-count UPDATE "files_in_used=files_in_used+1 WHERE userid='%u'" users
</Global>
id 22647 - group can manipulate files-dirs (stored in AD)
id 1001 - proftpd user id (the same in jail and freenas)
Problem is that ftp users can not create folders, but can create files in their home folders. What can be wrong? :(

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5274
    • View Profile
    • http://www.castaglia.org/
Re: problem vs creating folder
« Reply #1 on: June 06, 2016, 06:59:25 pm »
What does proftpd debug logging, debug level 10, show when a user tries to create a directory in somewhere other than their home directory?

Offline mykolaq

  • New user
  • *
  • Posts: 5
    • View Profile
Re: problem vs creating folder
« Reply #2 on: June 07, 2016, 03:00:37 pm »
What does proftpd debug logging, debug level 10, show when a user tries to create a directory in somewhere other than their home directory?

Hello!
Code: [Select]
2016-06-07 17:59:03,015 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching PRE_CMD command 'MKD testfolder' to mod_core
2016-06-07 17:59:03,015 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching PRE_CMD command 'MKD testfolder' to mod_core
2016-06-07 17:59:03,015 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching CMD command 'MKD testfolder' to mod_core
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): in dir_check_full(): path = '/testfolder', fullpath = '/mnt/FTPsubcontracters/test/testfolder'.
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): AllowOverride for path '/testfolder' denies .ftpaccess files
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): in dir_check_full(): setting umask to 0002 (was 0002)
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): NOTICE: directory '/.dstwwPaYfEtY' has unexpected mode 0775 (expected 0700)
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): chmod(/.dstwwPaYfEtY) failed: Operation not permitted
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching POST_CMD_ERR command 'MKD testfolder' to mod_sql
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching LOG_CMD_ERR command 'MKD testfolder' to mod_sql
2016-06-07 17:59:03,016 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching LOG_CMD_ERR command 'MKD testfolder' to mod_log
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching PRE_CMD command 'MKD /testfolder' to mod_core
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching PRE_CMD command 'MKD /testfolder' to mod_core
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching CMD command 'MKD /testfolder' to mod_core
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): in dir_check_full(): path = '/testfolder', fullpath = '/mnt/FTPsubcontracters/test/testfolder'.
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): AllowOverride for path '/testfolder' denies .ftpaccess files
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): in dir_check_full(): setting umask to 0002 (was 0002)
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): NOTICE: directory '/.dst9eWpVg890' has unexpected mode 0775 (expected 0700)
2016-06-07 17:59:03,018 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): chmod(/.dst9eWpVg890) failed: Operation not permitted
2016-06-07 17:59:03,019 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching POST_CMD_ERR command 'MKD /testfolder' to mod_sql
2016-06-07 17:59:03,019 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching LOG_CMD_ERR command 'MKD /testfolder' to mod_sql
2016-06-07 17:59:03,019 ftpserver proftpd[99996] 192.168.3.224 (192.168.3.22[192.168.3.22]): dispatching LOG_CMD_ERR command 'MKD /testfolder' to mod_log
^C2016-06-07 17:59:07,407 ftpserver proftpd[99961] 192.168.3.224: ProFTPD terminating (signal 2)

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5274
    • View Profile
    • http://www.castaglia.org/
Re: problem vs creating folder
« Reply #3 on: June 07, 2016, 05:43:42 pm »
Looks like this is the root cause:

    NOTICE: directory '/.dstwwPaYfEtY' has unexpected mode 0775 (expected 0700)
    chmod(/.dstwwPaYfEtY) failed: Operation not permitted

This directory name comes from the code added for mitigating this bug:

  http://bugs.proftpd.org/show_bug.cgi?id=3841

But that code can encounter issues with network-mounted filesystems like CIFS, which don't really map Unix permissions as proftpd would want.

If you can, I'd recommend trying proftpd-1.3.6rc2, which tries to handle these filesystems better in this regard.

Offline mykolaq

  • New user
  • *
  • Posts: 5
    • View Profile
Re: problem vs creating folder
« Reply #4 on: June 08, 2016, 01:53:04 pm »
Looks like this is the root cause:

    NOTICE: directory '/.dstwwPaYfEtY' has unexpected mode 0775 (expected 0700)
    chmod(/.dstwwPaYfEtY) failed: Operation not permitted

This directory name comes from the code added for mitigating this bug:

  http://bugs.proftpd.org/show_bug.cgi?id=3841

But that code can encounter issues with network-mounted filesystems like CIFS, which don't really map Unix permissions as proftpd would want.

If you can, I'd recommend trying proftpd-1.3.6rc2, which tries to handle these filesystems better in this regard.
Thank you, you were right, it's bug. But i have some strange messages while starting:
Code: [Select]
2016-06-08 16:47:59,553 ftpserver proftpd[71594]: mod_dso/0.5: unable to load 'mod_sql.c'; check to see if '/usr/local/libexec/mod_sql.la' exists
2016-06-08 16:47:59,553 ftpserver proftpd[71594]: mod_dso/0.5: module 'mod_sql.c' already loaded
2016-06-08 16:47:59,554 ftpserver proftpd[71594]: mod_dso/0.5: unable to load 'mod_sql_mysql.c'; check to see if '/usr/local/libexec/mod_sql_mysql.la' exists
2016-06-08 16:47:59,554 ftpserver proftpd[71594]: mod_dso/0.5: module 'mod_sql_mysql.c' already loaded
2016-06-08 16:47:59,554 ftpserver proftpd[71594]: mod_dso/0.5: unable to load 'mod_sql_passwd.c'; check to see if '/usr/local/libexec/mod_sql_passwd.la' exists
2016-06-08 16:47:59,554 ftpserver proftpd[71594]: mod_dso/0.5: module 'mod_sql_passwd.c' already loaded
my proftpd modules
Code: [Select]
2016-06-08 16:51:51,602 ftpserver proftpd[72758]: mod_dso/0.5: module 'mod_sql_passwd.c' already loaded
ProFTPD Version: 1.3.6rc2 (devel)
  Scoreboard Version: 01040003
  Built: Wed Jun 8 2016 16:45:43 MSK

Loaded modules:
  mod_auth_pam/1.2
  mod_sql_passwd/0.9
  mod_sql_mysql/4.0.8
  mod_sql/4.3
  mod_ident/1.0
  mod_dso/0.5
  mod_facts/0.6
  mod_delay/0.7
  mod_site.c
  mod_log.c
  mod_ls.c
  mod_auth.c
  mod_auth_file/1.0
  mod_auth_unix.c
  mod_rlimit/1.0
  mod_xfer.c
  mod_core.c

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5274
    • View Profile
    • http://www.castaglia.org/
Re: problem vs creating folder
« Reply #5 on: June 08, 2016, 02:45:29 pm »
Those startup messages can happen if you build proftpd with static modules (i.e. you have mod_sql, mod_sql_mysql, mod_sql_passwd in your --with-modules list), and your proftpd.conf tries to load them as if they were shared/DSO modules (i.e. you have "LoadModule mod_sql.c" or similar in your proftpd.conf).

Offline mykolaq

  • New user
  • *
  • Posts: 5
    • View Profile
Re: problem vs creating folder
« Reply #6 on: June 08, 2016, 03:17:26 pm »
Those startup messages can happen if you build proftpd with static modules (i.e. you have mod_sql, mod_sql_mysql, mod_sql_passwd in your --with-modules list), and your proftpd.conf tries to load them as if they were shared/DSO modules (i.e. you have "LoadModule mod_sql.c" or similar in your proftpd.conf).
Understood and commented these lines  :)  Thank you for help  :)
 It seems all is ok, except i could not compiled mod_ctrls support, cause i had an error
Code: [Select]
[mod_ctrls.c:1263:58: error: use of undeclared identifier 'ctrls_acl_t'
    ctrls_acttab[i].act_acl = pcalloc(ctrls_pool, sizeof(ctrls_acl_t));
                                                         ^
mod_ctrls.c:1286:58: error: use of undeclared identifier 'ctrls_acl_t'
    ctrls_acttab[i].act_acl = pcalloc(ctrls_pool, sizeof(ctrls_acl_t));
                                                         ^
mod_ctrls.c:1326:8: error: unknown type name 'ctrls_acttab_t'
static ctrls_acttab_t ctrls_acttab[] = {
       ^

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5274
    • View Profile
    • http://www.castaglia.org/
Re: problem vs creating folder
« Reply #7 on: June 08, 2016, 04:29:12 pm »
That build error happens if you do not have the --enable-ctrls configure option; you might also find another error earlier in the process mentioning this.

Offline mykolaq

  • New user
  • *
  • Posts: 5
    • View Profile
Re: problem vs creating folder
« Reply #8 on: June 09, 2016, 07:04:44 am »
That build error happens if you do not have the --enable-ctrls configure option; you might also find another error earlier in the process mentioning this.
Tnank you :)
If you will be in Moscow, i offer you a cup o beer  :D

 

sighted planning