Re: [Bug 1276144] [NEW] Pure-ftpd overwrite protection does not work if resume is used

[Stefan Hornburg (Racke)]

On 02/04/2014 02:07 PM, Nicolas Le Bihan wrote:
> Public bug reported:
> 
> Hi,
> 
> It seems that there is a bug about the overwrite protection.
> 
> Server is :
> Distributor ID: Ubuntu
> Description:    Ubuntu 12.04.4 LTS
> Release:        12.04
> Codename:       precise
> 
> 
> Pure-Ftpd installed is :
> rc  pure-ftpd                         1.0.35-1                          
> Secure and efficient FTP server
> ii  pure-ftpd-common                  1.0.35-1                          
> Pure-FTPd FTP server (Common Files)
> ii  pure-ftpd-ldap                    1.0.35-1                          
> Secure and efficient FTP server with LDAP user authentication
> 
> 
> Options are :
> AltLog        clf:/var/log/pure-ftpd/transfer.log
> AnonymousCantUpload   yes
> AntiWarez     yes
> AutoRename    yes
> CreateHomeDir yes
> Daemonize     yes
> DisplayDotFiles       no
> DontResolve   yes
> FortunesFile  /etc/pure-ftpd/conf/.banner
> FSCharset     UTF-8
> IPV4Only      yes
> KeepAllFiles  yes
> LDAPConfigFile        /etc/pure-ftpd/db/ldap.conf
> MinUID        1000
> NoAnonymous   no
> NoChmod       yes
> NoRename      yes
> PAMAuthentication     no
> PassivePortRange      1 000 010 600
> ProhibitDotFilesRead  yes
> ProhibitDotFilesWrite yes
> PureDB        /etc/pure-ftpd/pureftpd.pdb
> TLS   3
> Umask 337 337
> UnixAuthentication    no
> VerboseLog    yes
> 
> 
>                 Virtual users are chrooted :
> test1:$1$hzsp30D0$bknAXCxCr1xL78SwaROOU1:1002:1001::/ftp/./test1/./::::::::::::
>                 It system account is :
> vi /etc/passwd
> ftptest1:x:1002:1001::/dev/null:/etc
> 
> 
> Client is using :
> Filezilla 3.7.3 within Windows 7.
> 
> 
> PROBLEM
> 
> For our business with partners, we have to protect data uploaded because no 
> modifications have to be done once released on binaries.
> So deleting is not permitted, rewrite also in order to protect original data. 
> Rights are also modified once uploaded (see umask 337 337)…

Deletion is an operation which affects the directory, thus the file permissions 
doesn't matter.
Maybe you need file system ACLs in your usecase.

Regards
        Racke

-- 
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1276144

Title:
  Pure-ftpd overwrite protection does not work if resume is used

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1276144/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs