Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 183213 - net-ftp/vsftpd - uploaded files always 0600 if chown_uploads is set
Summary: net-ftp/vsftpd - uploaded files always 0600 if chown_uploads is set
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Roy Marples (RETIRED)
Depends on:
Reported: 2007-06-26 06:32 UTC by Serhij S. Stasyuk
Modified: 2007-06-27 13:13 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Serhij S. Stasyuk 2007-06-26 06:32:05 UTC
It seems to be very old bug, which is not fixed in mainstream, but fixed in most of distributions. Here is a quote of provided URL text (problem description with proposed patch):

From: Eric Lammerts <>
Subject: vsftpd: uploaded files always 0600 if chown_uploads is set
Date: Tue, 31 Aug 2004 06:20:13 -0400 (EDT)

Package: vsftpd
Version: 2.0.1-1

When I enable chown_uploads, all uploaded files have mode 0600, 
regardless of "anon_umask" or "file_open_mode" settings. In the source 
you can see that this is hardcoded ("vsf_sysutil_fchmod(new_file_fd, 
0600)" in postlogin.c). No mention of this is made in the manpage or 

IMHO, that fchmod should just be removed. If I want uploaded files to 
have 0600 permission, I could just use "anon_umask", that's the whole 
purpose of that option...

From: Bruno Cornec <>
Subject: Proposal of patch
Date: Wed, 2 May 2007 19:51:49 +0200


I'm not a Debian contributer, but a Mandriva one.
Here is the patch I made for the Mandriva cooker package.
Maybe it could be useful, or at least serve as a base for discussion:

--- vsftpd-2.0.5/postlogin.c.orig       2007-05-02 19:43:54.000000000
+++ vsftpd-2.0.5/postlogin.c    2007-05-02 19:44:28.000000000 +0200
@@ -1009,7 +1009,7 @@
   /* Are we required to chown() this file for security? */
   if (p_sess->is_anonymous && tunable_chown_uploads)
-    vsf_sysutil_fchmod(new_file_fd, 0600);
+    vsf_sysutil_fchmod(new_file_fd, (0777 & ~tunable_anon_umask));
     if (tunable_one_process_model)
       vsf_one_process_chown_upload(p_sess, new_file_fd);

Reproducible: Always

Steps to Reproduce:
Comment 1 Roy Marples (RETIRED) gentoo-dev 2007-06-26 17:59:22 UTC
Fixed, thanks
Comment 2 Serhij S. Stasyuk 2007-06-27 13:13:41 UTC
Thanks, works fine.