[Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used
Public bug reported: Hi, It seems that there is a bug about the overwrite protection. Server is : Distributor ID: Ubuntu Description:Ubuntu 12.04.4 LTS Release:12.04 Codename: precise Pure-Ftpd installed is : rc pure-ftpd 1.0.35-1 Secure and efficient FTP server ii pure-ftpd-common 1.0.35-1 Pure-FTPd FTP server (Common Files) ii pure-ftpd-ldap1.0.35-1 Secure and efficient FTP server with LDAP user authentication Options are : AltLog clf:/var/log/pure-ftpd/transfer.log AnonymousCantUpload yes AntiWarez yes AutoRename yes CreateHomeDir yes Daemonize yes DisplayDotFiles no DontResolve yes FortunesFile/etc/pure-ftpd/conf/.banner FSCharset UTF-8 IPV4Onlyyes KeepAllFilesyes LDAPConfigFile /etc/pure-ftpd/db/ldap.conf MinUID 1000 NoAnonymous no NoChmod yes NoRenameyes PAMAuthentication no PassivePortRange1 000 010 600 ProhibitDotFilesReadyes ProhibitDotFilesWrite yes PureDB /etc/pure-ftpd/pureftpd.pdb TLS 3 Umask 337 337 UnixAuthentication no VerboseLog yes Virtual users are chrooted : test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./ It system account is : vi /etc/passwd ftptest1:x:1002:1001::/dev/null:/etc Client is using : Filezilla 3.7.3 within Windows 7. PROBLEM For our business with partners, we have to protect data uploaded because no modifications have to be done once released on binaries. So deleting is not permitted, rewrite also in order to protect original data. Rights are also modified once uploaded (see umask 337 337)… All works fine until the following : If you upload the same file again (account test1), and choose « resume » within Filezilla, you first got a critical error BUT the file is deleted. Then you’re able to upload a file with same name and we are in fault regarding the protection of original data uploaded… Let me know if you need more details… ** Affects: pure-ftpd (Ubuntu) Importance: Undecided Status: New ** Tags: overwrite pure-ftpd -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1276144 Title: Pure-ftpd overwrite protection does not work if resume is used To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1276144/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used
On 02/04/2014 02:07 PM, Nicolas Le Bihan wrote: Public bug reported: Hi, It seems that there is a bug about the overwrite protection. Server is : Distributor ID: Ubuntu Description:Ubuntu 12.04.4 LTS Release:12.04 Codename: precise Pure-Ftpd installed is : rc pure-ftpd 1.0.35-1 Secure and efficient FTP server ii pure-ftpd-common 1.0.35-1 Pure-FTPd FTP server (Common Files) ii pure-ftpd-ldap1.0.35-1 Secure and efficient FTP server with LDAP user authentication Options are : AltLogclf:/var/log/pure-ftpd/transfer.log AnonymousCantUpload yes AntiWarez yes AutoRenameyes CreateHomeDir yes Daemonize yes DisplayDotFiles no DontResolve yes FortunesFile /etc/pure-ftpd/conf/.banner FSCharset UTF-8 IPV4Only yes KeepAllFiles yes LDAPConfigFile/etc/pure-ftpd/db/ldap.conf MinUID1000 NoAnonymous no NoChmod yes NoRename yes PAMAuthentication no PassivePortRange 1 000 010 600 ProhibitDotFilesRead yes ProhibitDotFilesWrite yes PureDB/etc/pure-ftpd/pureftpd.pdb TLS 3 Umask 337 337 UnixAuthenticationno VerboseLogyes Virtual users are chrooted : test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./ It system account is : vi /etc/passwd ftptest1:x:1002:1001::/dev/null:/etc Client is using : Filezilla 3.7.3 within Windows 7. PROBLEM For our business with partners, we have to protect data uploaded because no modifications have to be done once released on binaries. So deleting is not permitted, rewrite also in order to protect original data. Rights are also modified once uploaded (see umask 337 337)… Deletion is an operation which affects the directory, thus the file permissions doesn't matter. Maybe you need file system ACLs in your usecase. Regards Racke -- LinuXia Systems = http://www.linuxia.de/ Expert Interchange Consulting and System Administration ICDEVGROUP = http://www.icdevgroup.org/ Interchange Development Team -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1276144 Title: Pure-ftpd overwrite protection does not work if resume is used To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1276144/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
