It seems to be very old bug, which is not fixed in mainstream, but fixed in most of distributions. Here is a quote of provided URL text (problem description with proposed patch):
From: Eric Lammerts <firstname.lastname@example.org>
Subject: vsftpd: uploaded files always 0600 if chown_uploads is set
Date: Tue, 31 Aug 2004 06:20:13 -0400 (EDT)
When I enable chown_uploads, all uploaded files have mode 0600,
regardless of "anon_umask" or "file_open_mode" settings. In the source
you can see that this is hardcoded ("vsf_sysutil_fchmod(new_file_fd,
0600)" in postlogin.c). No mention of this is made in the manpage or
IMHO, that fchmod should just be removed. If I want uploaded files to
have 0600 permission, I could just use "anon_umask", that's the whole
purpose of that option...
From: Bruno Cornec <Bruno.Cornec@hp.com>
Subject: Proposal of patch
Date: Wed, 2 May 2007 19:51:49 +0200
I'm not a Debian contributer, but a Mandriva one.
Here is the patch I made for the Mandriva cooker package.
Maybe it could be useful, or at least serve as a base for discussion:
--- vsftpd-2.0.5/postlogin.c.orig 2007-05-02 19:43:54.000000000
+++ vsftpd-2.0.5/postlogin.c 2007-05-02 19:44:28.000000000 +0200
@@ -1009,7 +1009,7 @@
/* Are we required to chown() this file for security? */
if (p_sess->is_anonymous && tunable_chown_uploads)
- vsf_sysutil_fchmod(new_file_fd, 0600);
+ vsf_sysutil_fchmod(new_file_fd, (0777 & ~tunable_anon_umask));
Steps to Reproduce:
Thanks, works fine.