Configuring vsftpd in Ubuntu 10.04: How to Set Default Group for Uploaded Files


2 views

When using vsftpd on Ubuntu 10.04, you might notice that uploaded files inherit the primary group of the user who uploaded them. This behavior is controlled by the system's umask settings and vsftpd's configuration.

The key configuration parameter is local_umask in vsftpd.conf. Here's how to modify it:

# Edit vsftpd configuration
sudo nano /etc/vsftpd.conf

# Add or modify this line:
local_umask=002

This umask value (002) will make new files group-writable while preserving the group ownership.

For permanent group assignment, you'll need to combine several techniques:

# 1. Create a shared group
sudo groupadd ftpgroup

# 2. Add users to this group
sudo usermod -a -G ftpgroup username

# 3. Set proper permissions on the upload directory
sudo chown :ftpgroup /var/ftp/uploads
sudo chmod g+s /var/ftp/uploads

For more control, consider these additional settings:

# Force specific group ownership
force_local_logins_ssl=YES
force_local_data_ssl=YES
chown_uploads=YES
chown_username=ftpuser
chown_group=ftpgroup

If changes don't take effect:

  • Restart vsftpd: sudo service vsftpd restart
  • Check SELinux contexts if applicable
  • Verify directory permissions with ls -ld /path/to/directory

Here's a complete configuration for a shared development environment:

# /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

# Group settings
file_open_mode=0660
local_umask=007

When using vsftpd on Ubuntu 10.04, you might notice that files uploaded through FTP inherit the user's primary group rather than your desired shared group. This behavior occurs because:

  • vsftpd defaults to using the user's primary GID (from /etc/passwd)
  • The default umask (022) only affects permissions, not group ownership
  • PAM modules typically don't handle group switching for FTP sessions

Add these lines to your /etc/vsftpd.conf:

chown_uploads=YES
chown_username=yourusername
chown_groupname=yourgroupname

Then restart vsftpd:

sudo service vsftpd restart

For permanent changes, modify the user's primary group:

sudo usermod -g targetgroup username

Or add secondary groups:

sudo usermod -a -G targetgroup username

For more granular control, create /etc/pam.d/vsftpd with:

session    required     pam_umask.so umask=0002
session    required     pam_group.so

And in vsftpd.conf:

session_support=YES
file_open_mode=0664
local_umask=002

After making changes:

sudo tail -f /var/log/vsftpd.log

Test with:

ftp localhost