vsftpd 不允许匿名用户附加到现有文件(APPE)

vsftpd 不允许匿名用户附加到现有文件(APPE)

我遇到了 vsftpd 不允许匿名用户向已上传文件附加内容的问题。最初上传文件时一切正常。更改已上传文件的权限没有帮助。是否有一个我找不到的允许向现有文件附加内容的设置?

从背景来看,我试图解决的问题是,如果上传中断,则允许上传继续。

以下日志中有一个例子:

Tue Jan  3 14:06:38 2012 [pid 28433] CONNECT: Client "xxx.xxx.xxx.xxx"
Tue Jan  3 14:06:38 2012 [pid 28433] FTP response: Client "xxx.xxx.xxx.xxx", "220 (vsFTPd 2.2.2)"
Tue Jan  3 14:06:40 2012 [pid 28433] FTP command: Client "xxx.xxx.xxx.xxx", "USER anonymous"
Tue Jan  3 14:06:40 2012 [pid 28433] [anonymous] FTP response: Client "xxx.xxx.xxx.xxx", "331 Please specify the password."
Tue Jan  3 14:06:41 2012 [pid 28433] [anonymous] FTP command: Client "xxx.xxx.xxx.xxx", "PASS <password>"
Tue Jan  3 14:06:41 2012 [pid 28432] [ftp] OK LOGIN: Client "xxx.xxx.xxx.xxx", anon password "?"
Tue Jan  3 14:06:41 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "230 Login successful."
Tue Jan  3 14:06:41 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "SYST"
Tue Jan  3 14:06:41 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "215 UNIX Type: L8"
Tue Jan  3 14:06:56 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "CWD uploads"
Tue Jan  3 14:06:56 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "250 Directory successfully changed."
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "TYPE I"
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "200 Switching to Binary mode."
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "PORT xxx.xxx.xxx.xxx,229,167"
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "200 PORT command successful. Consider using PASV."
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "STOR test"
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "150 Ok to send data."
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] OK UPLOAD: Client "xxx.xxx.xxx.xxx", "/uploads/test", 12 bytes, 0.15Kbyte/sec
Tue Jan  3 14:06:59 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "226 Transfer complete."
Tue Jan  3 14:07:11 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "PORT xxx.xxx.xxx.xxx,222,100"
Tue Jan  3 14:07:11 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "200 PORT command successful. Consider using PASV."
Tue Jan  3 14:07:11 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "APPE test"
Tue Jan  3 14:07:11 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "550 Permission denied."
Tue Jan  3 14:07:13 2012 [pid 28434] [ftp] FTP command: Client "xxx.xxx.xxx.xxx", "QUIT"
Tue Jan  3 14:07:13 2012 [pid 28434] [ftp] FTP response: Client "xxx.xxx.xxx.xxx", "221 Goodbye."

答案1

我建议您将其设置anon_other_write_enable为 YES。

根据vsftpd 文档

如果设置为 YES,匿名用户将被允许执行除上传和创建目录之外的写入操作,例如删除和重命名。通常不建议这样做,但为了完整性而包括。默认值:NO

但问题是,任何匿名用户都可以修改/覆盖任何其他匿名上传的文件。

(需要注意的是,vsftpd 将“写入操作”定义为:STOR、DELE、RNFR、RNTO、MKD、RMD、APPE 和 SITE。)

相关内容