Forcing 644 Permissions on Files with ProFTPd

Question

We have an Ubuntu 12.04 server set up with ProFTPd for users to upload files. Each user has their own account and are jailed to their directory.

Normally, everything works fine, they get 644 permissions on created/uploaded files, and 755 permissions on created/uploaded folders.

The problem is, occasionally some files will get uploaded with 600 permissions (or changed after uploading, I'm not sure?), so they are not readable to anyone but the owner. Is there any way to lock/force permissions to 644 on files?

I know I can take away permissions with umask but I don't want this, I want to stop the user reducing the permissions too much, so they shouldn't be able to go below 644 (rw- r-- r--)

Jure1873 · Accepted Answer · 2013-10-15T15:20:37.727

2

As far as I know you can't control ftp in the way you want, you could only limit chmod for some users entirely or allow it. There isn't a middle way. Maybe you could use auditd to monitor for changes and then take action on them, but that would be really complicated.

Edit: Limiting chmod in proftpd:

    <Limit SITE_CHMOD>
         DenyAll   
    </Limit>

edited Oct 15 '13 at 15:20

answered Oct 15 '13 at 15:14

Jure1873

3,702
1
22
28

Do you know if it's easy to disable chmod with ProFTPd? – BT643 Oct 15 '13 at 15:15
Yes, you just use the limit directive: DenyAll (I don't know how to format this in the comments) – Jure1873 Oct 15 '13 at 15:16
Thanks! :) I would have voted your answer up too, but I can't do that until I have 15 reputation :( – BT643 Oct 19 '13 at 17:49

Forcing 644 Permissions on Files with ProFTPd

1 Answers1