It seems to be very old bug, which is not fixed in mainstream, but fixed in most of distributions. Here is a quote of provided URL text (problem description with proposed patch): From: Eric Lammerts <eric@lammerts.org> To: submit@bugs.debian.org Subject: vsftpd: uploaded files always 0600 if chown_uploads is set Date: Tue, 31 Aug 2004 06:20:13 -0400 (EDT) Package: vsftpd Version: 2.0.1-1 When I enable chown_uploads, all uploaded files have mode 0600, regardless of "anon_umask" or "file_open_mode" settings. In the source you can see that this is hardcoded ("vsf_sysutil_fchmod(new_file_fd, 0600)" in postlogin.c). No mention of this is made in the manpage or FAQ. IMHO, that fchmod should just be removed. If I want uploaded files to have 0600 permission, I could just use "anon_umask", that's the whole purpose of that option... ========= From: Bruno Cornec <Bruno.Cornec@hp.com> To: 269193@bugs.debian.org Subject: Proposal of patch Date: Wed, 2 May 2007 19:51:49 +0200 Hello, I'm not a Debian contributer, but a Mandriva one. Here is the patch I made for the Mandriva cooker package. Maybe it could be useful, or at least serve as a base for discussion: --- vsftpd-2.0.5/postlogin.c.orig 2007-05-02 19:43:54.000000000 +0200 +++ vsftpd-2.0.5/postlogin.c 2007-05-02 19:44:28.000000000 +0200 @@ -1009,7 +1009,7 @@ /* Are we required to chown() this file for security? */ if (p_sess->is_anonymous && tunable_chown_uploads) { - vsf_sysutil_fchmod(new_file_fd, 0600); + vsf_sysutil_fchmod(new_file_fd, (0777 & ~tunable_anon_umask)); if (tunable_one_process_model) { vsf_one_process_chown_upload(p_sess, new_file_fd); Reproducible: Always Steps to Reproduce:
Fixed, thanks
Thanks, works fine.
