Article 6CMDA Pure FTP Server let's me download files from "Bind Mounted HTML" folder but will thrown 533 Error to STOR command when uploading Index.html

Pure FTP Server let's me download files from "Bind Mounted HTML" folder but will thrown 533 Error to STOR command when uploading Index.html

by
RaulChiarella
from LinuxQuestions.org on (#6CMDA)
Yesterday I finished configuring a FTP Server using Pure-FTPd. The method I am using is the "Virtual Users" method.

The commands below are basically what I executed it in order to make it work:

Code:PureFTPd (Debian 10)

Instalar FTP usando o Pure-FTPd no Debian 10:

sudo apt install -y pure-ftpd-common pure-ftpd # Install Pure-FTPd
sudo ss -lnpt | grep pure-ftpd # Check what port is Pure-FTPd is running

Initial Steps for Preparing Pure-FTPd to work:

System User and Group:

sudo su -
groupadd ftpgroup # Create FTP Group
useradd -g ftpgroup -d /dev/null -s /etc ftpuser # Create Emulated System User for Virtual FTP User
mkdir /home/ftpusers # Create Base Home dir for Virtual Users

chown root:root /home/ftpusers -R # Set root Permissions so Pure-FTPd can create folders Automatically
chgrp ftpgroup /home/ftpusers # Set permissions to FTP Group for Virtual Users Permissions
chmod g+rx /home/ftpusers

PureFTPd Config

echo "yes" > /etc/pure-ftpd/conf/Daemonize # Run as Daemon
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous # Prohibit Anonymous
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone # Enable chroot
echo iyesi > /etc/pure-ftpd/conf/VerboseLog # Enable Verbose Logging
echo yes > /etc/pure-ftpd/conf/CreateHomeDir # Create Folders Automatically
echo no > /etc/pure-ftpd/conf/PAMAuthentication # ??? Check Later
echo no > /etc/pure-ftpd/conf/UnixAuthentication # ??? Check Later - Disable login, maybe?

>/var/log/pure-ftpd/transfer.log && chmod 755 /var/log/pure-ftpd/transfer.log # Enable Logging

Config. Pure-FTPd => /etc/pure-ftpd/pure-ftpd.conf

# This limits accounts to only what is in the Pure-FTPd database
AUTH="-lpuredb:/etc/pure-ftpd/pureftpd.pdb"

# Disallow anonymous connections. Only accept authenticated users.
NoAnonymous yes

# File creation mask. <umask for files>:<umask for dirs> - Use 177:077 if youire paranoid.
Umask 003:002

# Enable Passive mode to avoid Firewall NAT problems.
PassivePortRange 40000 60000

Config. Common Pure-FTPd => vi /etc/default/pure-ftpd-common

id -u ftpuser # Get UID/GID of FTP User first.
Change UPLOADUID/UPLOADGID on pure-ftpd-common file.

Those commands are needed for some reason, otherwise, user canit login:
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/40PureDB
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure

Virtual User PureFTPd

pure-pw useradd victor -u ftpuser -g ftpgroup -d /home/ftpusers/victor
pure-pw passwd victor -m

Reload PureFTPd
pure-pw mkdb -f /etc/pure-ftpd/pureftpd.passwd -F /etc/pure-ftpd/pureftpd.pdb # Update PureFTPd Database
service pure-ftpd restartBut, after this, my next need was to make a HTML folder from a NGINX installation available to the client transfer his files over FTP. As of the commands above, and his Chrooted FTP Folder - Everything is working fine! If i try to upload anything to his FTP folder, using MobaXTerm or other FTP Client, I can do it.

But, if I try to upload it to the HTML binded folder I created using the commands below, it does not let me:

Code:CHRoot HTML Folder

mkdir -p /home/ftpusers/victor/sites # Create Websites Folder for Victor
mount --bind /var/www/html /home/ftpusers/victor/sites # Bind Mount because Link command does not work

Config. for FSTab in order to mount it at boot:

/mnt/data/html /var/www/html none nofail,bind 0 0
/var/www/html /home/ftpusers/victor/sites none nofail,bind 0 0
groups www-data # Check what groups NGINX user is in
chown -R :<group> /var/www/html # Just to be sure letis redo HTML Permission for NGINX.
chmod -R g+w /var/www/html # Group can Edit/Write

usermod -a -G www-data ftpuser # Add our FTP User to NGINX Group
groups ftpuser # Now FTP User is in the same groups as NGINX User

Read and Write tests for FTP using cURL => All Tests worked when the owners were ftpuser ftpgroup.

When Owners were www-data www-data it does not let my FTP User replace and upload files... Even tho, I added the FTP User above as being in the group that is owning the files.

curl ftp://localhost:21/testfile_read -u 'victor:ftp_password' -O # Read Permissions from Outside HTML folder
curl ftp://localhost:21/sites/testfile_html_read -u 'victor:ftp_password' -O # Read Permissions from Inside HTML folder.

curl -T testfile_write ftp://localhost:21/ -u 'victor:ftp_password' # Write Permissions from Outside HTML folder.
curl -T testfile_html_write ftp://localhost:21/sites/ -u 'victor:ftp_password' # Write Permissions from Inside HTML folder.https://i.stack.imgur.com/fb9B3.png
https://i.stack.imgur.com/fmme0.png

So, it looks like it is a problem with the permissions for www-data and the binded folder itself... But it does not make sense since I added the FTP User to the group that can edit/write already...

I am getting crazy, please, can someone help me?

TL;DR: I need help allowing an FTP user to read and write to a binded HTML folder within their chrooted FTP folder. Currently, I'm getting a 553 error (Permission denied) when trying to upload files to the binded HTML folder, even though I added the FTP user to the www-data group.

In summary, I want to give the FTP user the necessary permissions to access and modify the binded HTML folder. Despite adding the user to the www-data group, I'm encountering a 553 error when attempting to upload files to that folder. Any assistance would be greatly appreciated.
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments