15

How do I set the default values of directories and files created to be 775 ? My understanding is that I need to modify the umask on VSFTPD, but how do I know what to change it to?

Castaglia
  • 3,239
  • 3
  • 19
  • 40
Ben
  • 3,630
  • 17
  • 62
  • 93

2 Answers2

21

Umask and final permissions that you need should add up to 777. Since you need 775 permissions, you need 777 - 775 = 002 as umask.

Saurabh Barjatiya
  • 4,643
  • 2
  • 29
  • 34
  • 2
    Beware that these are octal values, so `local_umask=002` may not give the expected results — you better prefix by a '0' : `local_umask=0002` (see `man vsftpd.conf`). – Skippy le Grand Gourou Jul 23 '15 at 11:12
  • @SkippyleGrandGourou, ``002`` is an octal value, isn't it? Why do you add another leading ``0``? – Jdamian Jan 18 '16 at 15:08
  • 2
    Well, it may not matter for `002` (can't remember my needs at the time), but it should for e.g. `022` (which will be treated as base 10 `22`) vs `0022`. Anyway, it didn't work for me without it… – Skippy le Grand Gourou Jan 18 '16 at 16:31
17

In case you are wondering where to set your umask, it can be set in the vsftpd config file (/etc/vsftpd.conf) as anon_umask for anonymous access and local_umask for users.

For the mask to work properly (even without anonymous access) it seems necessary to set anon_upload_enable=YES and anon_mkdir_write_enable=YES. If these are not set, writing, reading and executing will not be allowed for groups or others on files uploaded via ftp (even though the standard privileges may be set for something else).

In your case, if you need user-authenticated access, you should set the following:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=0002
anon_upload_enable=YES
anon_mkdir_write_enable=YES
file_open_mode=0777

Here, file_open_mode sets the default setting of files. 777 makes it readable, writeable and executable for anyone. With local_umask set to 002, this gives you 775, as you requested.

Notica that local_umask defaults to 077, disabling groups and others to access files in any way (hence it is set here).

Further reading: https://security.appspot.com/vsftpd/vsftpd_conf.html

Niels Abildgaard
  • 281
  • 2
  • 4