Troubleshooting vsFTPd File Permission Issues: Uploaded Files Getting 000 or 1411 Permissions on Ubuntu


2 views

When configuring vsFTPd on Ubuntu servers, many administrators encounter unexpected file permission behavior after uploads. The described scenario shows:

  • Files receiving 000 permissions despite local_umask=022
  • Modified settings (file_open_mode=777 and local_umask=002) resulting in 1411 permissions
  • Directories working correctly (775) while files fail

The working configuration should combine these elements in /etc/vsftpd.conf:

# Basic permission settings
local_umask=022
file_open_mode=0666

# Security enhancements
chroot_local_user=YES
allow_writeable_chroot=YES

# Permission enforcement
local_enable=YES
write_enable=YES

Several factors influence the final permissions:

# Calculation formula:
Final Permissions = (file_open_mode AND (NOT local_umask))

# Example with default values:
0666 AND (NOT 022) = 0644

The 1411 permission (--xr---wtx) suggests a conflict between:

  1. The process umask
  2. Filesystem ACLs
  3. Parent directory permissions

First, verify system-level umask settings:

# Check current umask
umask

# Temporary test (as root):
umask 002
service vsftpd restart

Then implement this enhanced configuration:

# vsftpd.conf
local_umask=002
anon_umask=002
file_open_mode=0775
dmask=002

For web servers, consider adding a post-upload hook script:

#!/bin/bash
# /usr/local/bin/ftp_fixperms
find /var/www/ -type f -exec chmod 664 {} \;
find /var/www/ -type d -exec chmod 775 {} \;

Add to vsftpd.conf:

post_upload_script=/usr/local/bin/ftp_fixperms

When permissions still misbehave:

# 1. Check process umask:
grep Umask /proc/$(pgrep vsftpd)/status

# 2. Verify filesystem mount options:
mount | grep www

# 3. Examine SELinux/AppArmor:
aa-status
getenforce

When using vsFTPd on Ubuntu 12.10 x64, uploaded files receive unexpected permissions (0 or 1411) despite configured umask settings. While directories get the expected 775 permissions, files end up with broken access rights.

# Current vsftpd.conf settings
local_umask=022
file_open_mode=777

The technical background suggests these settings should produce:

  • Files: 777 - 022 = 755 (rwxr-xr-x)
  • Directories: 777 - 022 = 755

Several factors could interfere:

# Check these potential conflicts:
anonymous_enable=NO
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES

For Ubuntu systems, these settings work reliably:

# Working configuration
local_umask=002
file_open_mode=0666
anon_umask=002
force_local_data_ssl=NO
force_local_logins_ssl=NO

Key technical details:

  1. file_open_mode=0666 ensures base file permissions
  2. local_umask=002 subtracts correctly for user/group write
  3. SSL settings prevent permission conflicts

After making changes:

sudo service vsftpd restart
ftp> put testfile.txt
ls -la testfile.txt
# Should show -rw-rw-r-- (664)

For specific permission requirements:

# For strict 644/755 structure
local_umask=022
file_open_mode=0644
directory_mode=0755

Remember to:

sudo chown -R www-data:www-data /var/www/
sudo chmod -R 755 /var/www/
sudo find /var/www/ -type f -exec chmod 644 {} \;