*New 12.1 series Release:
2020-04-17: XigmaNAS 12.1.0.4.7542 - released

*New 11.3 series Release:
2020-04-16: XigmaNAS 11.3.0.4.7538 - released!


We really need "Your" help on XigmaNAS https://translations.launchpad.net/xigmanas translations. Please help today!

Producing and hosting XigmaNAS costs money. Please consider donating for our project so that we can continue to offer you the best.
We need your support! eg: PAYPAL

FTP create mask permissions

File transfer protocol.
Forum rules
Set-Up GuideFAQsForum Rules
Post Reply
fpermissions
NewUser
NewUser
Posts: 2
Joined: 13 Nov 2016 04:47
Status: Offline

FTP create mask permissions

#1

Post by fpermissions »

So, I've set up an FTP server in addition to SMB. The files created with the SMB service all have permissions 0766 and are owned by 21. The folders are: 0777.

The problem is that whenever I upload something via FTP, it always sets the permissions to 600 even though it says "file creation mask" 077 and "directory mask" 022 in the settings. This prevents me from accessing these files from the SMB share.

What I want to do is have the FTP uploaded files have the exact same permissions and owner as the SMB files. What do I need to change?

Thanks!

User avatar
raulfg3
Site Admin
Site Admin
Posts: 5077
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: FTP create mask permissions

#2

Post by raulfg3 »

fpermissions wrote:So, I've set up an FTP server in addition to SMB. The files created with the SMB service all have permissions 0766 and are owned by 21. The folders are: 0777.

The problem is that whenever I upload something via FTP, it always sets the permissions to 600 even though it says "file creation mask" 077 and "directory mask" 022 in the settings. This prevents me from accessing these files from the SMB share.

What I want to do is have the FTP uploaded files have the exact same permissions and owner as the SMB files. What do I need to change?

Thanks!
use 002 as file creation mask
and 000 as folder creation mask

and repeat test.
12.0.0.4 (revision 6766)+OBI on SUPERMICRO X8SIL-F 8GB of ECC RAM, 12x3TB disk in 3 vdev in RaidZ1 = 32TB Raw size only 22TB usable

Wiki
Last changes

HP T510

fpermissions
NewUser
NewUser
Posts: 2
Joined: 13 Nov 2016 04:47
Status: Offline

Re: FTP create mask permissions

#3

Post by fpermissions »

That is better, but the file is read only when it is accessed through SMB.

User avatar
raulfg3
Site Admin
Site Admin
Posts: 5077
Joined: 22 Jun 2012 22:13
Location: Madrid (ESPAÑA)
Contact:
Status: Offline

Re: FTP create mask permissions

#4

Post by raulfg3 »

use 0000 as file creation mask and your file are 777 (all can read).

But please revise the user that you use to access by SMB, and add to ftp grop and no need to use 0000 as file creation mask
12.0.0.4 (revision 6766)+OBI on SUPERMICRO X8SIL-F 8GB of ECC RAM, 12x3TB disk in 3 vdev in RaidZ1 = 32TB Raw size only 22TB usable

Wiki
Last changes

HP T510

User avatar
gomario
experienced User
experienced User
Posts: 104
Joined: 17 Dec 2016 08:45
Status: Offline

Re: FTP create mask permissions

#5

Post by gomario »

Sorry for reviving this old thread but I too have issues with creating the correct FTP mask. How exactly does this work. Where can I read more about it. 000 for File Creation does make the file readable over the SMB but I can not delete them. Because I access from multiple cellphones (public files), it is not viable to add all the users to the FTP group. What would happen if I make both '000'? (File Creation and Directory Creation)

User avatar
ms49434
Developer
Developer
Posts: 914
Joined: 03 Sep 2015 18:49
Location: Neuenkirchen-Vörden, Germany - GMT+1
Contact:
Status: Offline

Re: FTP create mask permissions

#6

Post by ms49434 »

gomario wrote:
25 Feb 2018 18:55
Sorry for reviving this old thread but I too have issues with creating the correct FTP mask. How exactly does this work. Where can I read more about it. 000 for File Creation does make the file readable over the SMB but I can not delete them. Because I access from multiple cellphones (public files), it is not viable to add all the users to the FTP group. What would happen if I make both '000'? (File Creation and Directory Creation)
The magic word is umask, have a read here: https://en.wikipedia.org/wiki/Umask
1) XigmaNAS 12.1.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U3, 22GB out of 32GB ECC RAM, LSI 9300-8i IT mode in passthrough mode. Pool 1: 2x HGST 10TB, mirrored, L2ARC: Samsung 850 Pro; Pool 2: 1x Samsung 860 EVO 1TB, SLOG: Samsung SM883, services: Samba AD, CIFS/SMB, ftp, ctld, rsync, syncthing, zfs snapshots.
2) XigmaNAS 12.1.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U3, 8GB out of 32GB ECC RAM, IBM M1215 crossflashed, IT mode, passthrough mode, 2x HGST 10TB , services: rsync.

User avatar
gomario
experienced User
experienced User
Posts: 104
Joined: 17 Dec 2016 08:45
Status: Offline

Re: FTP create mask permissions

#7

Post by gomario »

ms49434 wrote:
25 Feb 2018 19:40
gomario wrote:
25 Feb 2018 18:55
Sorry for reviving this old thread but I too have issues with creating the correct FTP mask. How exactly does this work. Where can I read more about it. 000 for File Creation does make the file readable over the SMB but I can not delete them. Because I access from multiple cellphones (public files), it is not viable to add all the users to the FTP group. What would happen if I make both '000'? (File Creation and Directory Creation)
The magic word is umask, have a read here: https://en.wikipedia.org/wiki/Umask
Wow . . . a big THANK YOU to ms49434 for the above posted link. I recommend it to anyone reading this thread. Go have a look at that wiki. Is not to complicated to understand and it gives you just about all the info you'll need to properly setup your FTP system.
+1

taltamir
NewUser
NewUser
Posts: 7
Joined: 18 Mar 2013 23:59
Status: Offline

Re: FTP create mask permissions

#8

Post by taltamir »

ms49434 wrote:
25 Feb 2018 19:40
gomario wrote:
25 Feb 2018 18:55
Sorry for reviving this old thread but I too have issues with creating the correct FTP mask. How exactly does this work. Where can I read more about it. 000 for File Creation does make the file readable over the SMB but I can not delete them. Because I access from multiple cellphones (public files), it is not viable to add all the users to the FTP group. What would happen if I make both '000'? (File Creation and Directory Creation)
The magic word is umask, have a read here: https://en.wikipedia.org/wiki/Umask
Ok, thank for the link. Some testing lead me to the conclusion that this appears to be using octal notation from the wikipedia link given

Folder permissions works exact as explained there... but file permissions are weird.

File claims the default is "077" without specifying it is octal instead of numeric notation.
leaving it blank creates files with permission of rw------- which is 177 in octal.

Going through a bunch of possible octal options for files I get:
Putting 000 for file gives files uploaded via FTP the permissions of rw-rw-rw-. which is 111 in octal
Putting 111 for file also gives rw-rw-rw- which is octal 111.
Putting 222 for file gives r--r--r-- which is octal 333
Putting 333 for file gives r--r--r-- which is octal 333
Putting 444 for file gives -w--w--w- which is octal 555
Putting 555 for file gives -w--w--w- which is octal 555
Putting 666 for file gives --------- which is octal 777
Putting 777 for file gives --------- which is octal 777

Looking at the pattern, it seems that any permission is given is automatically changed to disable execute permission. Anyone knows why it is doing that and how I can overrule it?

User avatar
ms49434
Developer
Developer
Posts: 914
Joined: 03 Sep 2015 18:49
Location: Neuenkirchen-Vörden, Germany - GMT+1
Contact:
Status: Offline

Re: FTP create mask permissions

#9

Post by ms49434 »

taltamir wrote:
28 Apr 2019 21:49
ms49434 wrote:
25 Feb 2018 19:40
gomario wrote:
25 Feb 2018 18:55
Sorry for reviving this old thread but I too have issues with creating the correct FTP mask. How exactly does this work. Where can I read more about it. 000 for File Creation does make the file readable over the SMB but I can not delete them. Because I access from multiple cellphones (public files), it is not viable to add all the users to the FTP group. What would happen if I make both '000'? (File Creation and Directory Creation)
The magic word is umask, have a read here: https://en.wikipedia.org/wiki/Umask
Ok, thank for the link. Some testing lead me to the conclusion that this appears to be using octal notation from the wikipedia link given

Folder permissions works exact as explained there... but file permissions are weird.

File claims the default is "077" without specifying it is octal instead of numeric notation.
leaving it blank creates files with permission of rw------- which is 177 in octal.

Going through a bunch of possible octal options for files I get:
Putting 000 for file gives files uploaded via FTP the permissions of rw-rw-rw-. which is 111 in octal
Putting 111 for file also gives rw-rw-rw- which is octal 111.
Putting 222 for file gives r--r--r-- which is octal 333
Putting 333 for file gives r--r--r-- which is octal 333
Putting 444 for file gives -w--w--w- which is octal 555
Putting 555 for file gives -w--w--w- which is octal 555
Putting 666 for file gives --------- which is octal 777
Putting 777 for file gives --------- which is octal 777

Looking at the pattern, it seems that any permission is given is automatically changed to disable execute permission. Anyone knows why it is doing that and how I can overrule it?
umask is not to blame because it doesn't add permissions by setting flags, it only removes (masks) matching flags.
The explanation is simple: the program which creates the file sets the rw flags but does not the set the executable flag (which is POSIX compliant).
You might want to look into setuid/setgid permissions for file ownership (Permissions) and into configuring default ACL's (Access Control Lists).
1) XigmaNAS 12.1.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U3, 22GB out of 32GB ECC RAM, LSI 9300-8i IT mode in passthrough mode. Pool 1: 2x HGST 10TB, mirrored, L2ARC: Samsung 850 Pro; Pool 2: 1x Samsung 860 EVO 1TB, SLOG: Samsung SM883, services: Samba AD, CIFS/SMB, ftp, ctld, rsync, syncthing, zfs snapshots.
2) XigmaNAS 12.1.0.4 amd64-embedded on a Dell T20 running in a VM on ESXi 6.7U3, 8GB out of 32GB ECC RAM, IBM M1215 crossflashed, IT mode, passthrough mode, 2x HGST 10TB , services: rsync.

taltamir
NewUser
NewUser
Posts: 7
Joined: 18 Mar 2013 23:59
Status: Offline

Re: FTP create mask permissions

#10

Post by taltamir »

ms49434 wrote:
29 Apr 2019 01:14
umask is not to blame because it doesn't add permissions by setting flags, it only removes (masks) matching flags.
The explanation is simple: the program which creates the file sets the rw flags but does not the set the executable flag (which is POSIX compliant).
You might want to look into setuid/setgid permissions for file ownership (Permissions) and into configuring default ACL's (Access Control Lists).
Ok, so the GUI can only strip permissions after the fact via calling umask.
I need to set all masks in FTP GUI to 000 so it doesn't strip any permissions after the fact. Then use CLI commands to actually set the actual permissions on file creation. Is that correct?

I looked at those links, and I am not sure how exactly I am supposed to fix it. I tried using using uid via
$ chmod -R 4777 /mnt/vids/vids_share/FTP/test
to set the FTP upload directory to have all permissions with the owner being the directory owner instead of the uploading process.

I checked using
$ getfacl -d /mnt/vids/vids_share/FTP
and it is telling me that no ACL default exists for that directory. So it shouldn't be ACL that is causing the problem.

So I am really not sure what I am supposed to do to make it work

ali_dzi
Starter
Starter
Posts: 23
Joined: 09 Oct 2013 16:17
Status: Offline

Re: FTP create mask permissions

#11

Post by ali_dzi »

I have had the same problem, then took some reading and (I think) figured it out.
Of course, you have to know some elementary binary/octal arithmetic!

It goes like this: umask does not add, but strips (subtracts) permissions.
It strips each octal number from max permissions, so from 777.

BUT!!!

There is a little, but important, difference between files and directories!

Files cant't be executable using umask, so executable bit (the lowest) is
stripped automatically. That's probably because *nix operating sistems are serious
and they assume executable files as a PRETTTY SERIOUS things (unlike *indows).
So that's why if you put umask=000 on files, (no restricitons, aka 777-000=777),
you'll get 666 as file atributes, with stripped the lowest (executable) bit in every octal number.

That's why you'll get the same file attributes for different umask:
umask=022 (files get attributes 644) - stripped each bit 1 from 755
umask=033 (files get attributes 644) - stripped only exec at owner from 744
(don't have to strip from 44, since exec is not included)

If you really want to make executable permission to a file, then you'll have to do it manualy,
with chmod.

Directories are different, since executable attribute means "you can enter directory",
nothing else, which is not so dangerous operation as executable file. So, when you use
umask on directories, it truly subtracts permissions from 777, so if you put umask=000,
you'll get 777 as a directory attribute.

If you copy files to server using SMB/CIFS protocols (ie from *indows), you'll get maximum permissions,
with executable bit stripped on "group" and "other" attributes, but owner (user) attribute will hold executable,
so, you'll get 766 for files (rwxrw-rw-) and 777 for directories (rwxrwxrwx)

Post Reply

Return to “FTP”