0
votes

This is a really strange one. I have a Ubuntu server setup (12.04) with proFTPD, and I have turned on SFTP. I have a user I want to be able to edit a set of files. The files are owned by the user www-data and the group www-data. The files have permissions 664. The user is in the group www-data, and is able to view, and edit the files when connected over ssh through the shell. However, over SFTP, the user can view these files, but attempting to edit them causes SFTP to report permission denied, and then causes the file to be zero sized. The user is however, able to delete and move the files. Can anyone think of any reason why this might be happening? I have also tried changing the group ownership of the file to another group, and adding the user to that group, but the same issue occurs.

The issue does not occur over regular FTP with proFTPD.

Edit: As requested, the full text of the error (this is over sftp command line interactive mode):

Uploading /Users/leonaves/Desktop/testfile to /testfile
remote open("/testfile"): Permission denied

Edit 2: ls -l output for home directory of user:

ls -l output

Edit 3: SFTP log shows the following:

error changing permissions of '/testfile' to 0100644: Operation not permitted
1
"attempting to edit them causes SFTP to report permission denied" Please edit your question to include the complete text of this error message. It would also be helpful to show the "ls -l" output for this www-data directory (the directory itself) and for these files that you're trying to overwrite.Kenster
@Kenster Error message added, will screenshot and add ls -l output shortly.Leon Aves
@Kenster Added ls-l outputLeon Aves
What are the permissions on the directory containing testfile?Kenster
drwxr-xr-x and owned by the user trying to upload and that users group, it is their home directory.Leon Aves

1 Answers

3
votes

So, the issue was that for whatever reason, proFTPD was trying to set the permissions on the file before uploading to 0644, and it couldn't as the user was not the owner. The reason it was trying to set these permissions is details in the proFTPD docs (http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPOptions):

When an SFTP client uploads a file or creates a directory, the desired permissions on the path are sent to the server as part of the upload. (This is different from FTP, which does not include the file permissions in an upload.)

Now, I'm not sure if it was my clients (I tried multiple SFTP clients) purposefully trying to set these permissions, or if it was somehow the default setting for proFTPD, but using the IgnoreSFTPUploadPerms option (detailed in the above linked section of the docs), I was able to stop this affecting file transfers:

If you need more FTP-like functionality for any reason and wish to have mod_sftp silently ignore any permissions sent by the SFTP client, use this option.