pure-ftpd symlink not working

Question

I've got a setup where pure-ftpd is allowing symlink.

what works

/var/www/some_website/symlink_to_logs works and resolves to /var/log/some_website_logs/

(this is to show that symlinks are allowed and resolved). Also, creating symlinks to other folders such as /home/temp/ would work fine

what doesn't work

/var/www/some_website/symlink_to_backups that resolves to /var/log/some_website_backups/

that gives a Permission denied error when browsing with a FTP client (Filezilla).

permissions are set to be at least r (as in r-wr-wr--) to /var , /var/log and /var/log/some_website_backups so why the error?

any thoughts would be greatly appreciated as i'm currently stuck.

edit : the error shows up when browsing using a FTP client (Filezilla)

edit 2 : i tried mounting the folder with mount --bind in the FTP dir (so it'd show up as another directory) and i still get Permission denied.

edit 3 : namei -m symlink_to_backups

      f: symlink_to_backups
         lrwxrwxrwx symlink_to_backups-> /var/log/some_website_backups
            drwxr-xr-x /
            drwxr-xr-x var
            drwxr-xr-- log
            drw-rw-r-- some_website_backups

`[ERROR] Can't open symlink_to_backups: Permission denied` is the only relevant syslog entry to be found when adding `yes` to `/etc/pure-ftpd/conf/VerboseLog` — Bogdan, Nov 05 '12 at 14:41
So what does `namei -m /var/log/some-website/symlink_to_backups` say ? — adaptr, Nov 05 '12 at 15:11
also, `namei symlink_to_logs` produces similar output to `namei symlink_to_backups` — Bogdan, Nov 05 '12 at 15:20
...that's not what I asked for. Which should be obvious, since it doesn't show permissions — adaptr, Nov 05 '12 at 15:20

score 2 · Accepted Answer · answered Nov 05 '12 at 15:26

2

drw-rw-r-- some_website_backups

As you can see, the leaf directory does not have execute permissions - for anybody.

answered Nov 05 '12 at 15:26

adaptr

16,479
21
33

that fixed it (adding +x to leafs). can you please explain why directory listing needs execute rights ? – Bogdan Nov 05 '12 at 15:29
1

Because the execute bit for a directory means "you may descend here". Unless the program trying to get access knows the **exact** filename inside that directory, all operations will fail, since it cannot enter it to retrieve a list of files. – adaptr Nov 05 '12 at 15:30
@adaptr actually, that's a little backwards. If you have `r` but not `x` on a directory, you can read the directory to get the list of files, but can't open any of them because you aren't allowed to *be in* the directory. If you have `x` but not `r`, you can't get a list of files, but you can open a file if you know its name. It's like a house: `r` means the curtains are open and you can look through the window and see what books are on the shelf, but without `x` the doors are locked and you can't get in to read any. – DerfK Nov 05 '12 at 17:13

pure-ftpd symlink not working

1 Answers1