纯 FTP 服务器让我从“绑定安装的 HTML”文件夹下载文件，但在上传 Index.html 时会向 STOR 命令抛出 533 错误

昨天我使用 Pure-FTPd 配置完成了 FTP 服务器。我使用的方法是“虚拟用户”方法。

下面的命令基本上是我为了使其工作而执行的：

PureFTPd (Debian 10)

Instalar FTP usando o Pure-FTPd no Debian 10:

sudo apt install -y pure-ftpd-common pure-ftpd # Install Pure-FTPd
sudo ss -lnpt | grep pure-ftpd # Check what port is Pure-FTPd is running

Initial Steps for Preparing Pure-FTPd to work:

System User and Group:

sudo su -
groupadd ftpgroup  # Create FTP Group
useradd -g ftpgroup -d /dev/null -s /etc ftpuser  # Create Emulated System User for Virtual FTP User
mkdir /home/ftpusers  # Create Base Home dir for Virtual Users

chown root:root /home/ftpusers -R  # Set root Permissions so Pure-FTPd can create folders Automatically
chgrp ftpgroup /home/ftpusers  # Set permissions to FTP Group for Virtual Users Permissions
chmod g+rx /home/ftpusers

PureFTPd Config


echo "yes" > /etc/pure-ftpd/conf/Daemonize  # Run as Daemon
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous  # Prohibit Anonymous
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone  # Enable chroot
echo “yes” > /etc/pure-ftpd/conf/VerboseLog  # Enable Verbose Logging
echo yes > /etc/pure-ftpd/conf/CreateHomeDir  # Create Folders Automatically
echo no > /etc/pure-ftpd/conf/PAMAuthentication  # ??? Check Later
echo no > /etc/pure-ftpd/conf/UnixAuthentication  # ??? Check Later - Disable login, maybe?

>/var/log/pure-ftpd/transfer.log && chmod 755 /var/log/pure-ftpd/transfer.log  # Enable Logging

Config. Pure-FTPd => /etc/pure-ftpd/pure-ftpd.conf

# This limits accounts to only what is in the Pure-FTPd database
AUTH="-lpuredb:/etc/pure-ftpd/pureftpd.pdb"

# Disallow anonymous connections. Only accept authenticated users.
NoAnonymous                  yes

# File creation mask. <umask for files>:<umask for dirs> - Use 177:077 if you’re paranoid.
Umask                        003:002

# Enable Passive mode to avoid Firewall NAT problems.
PassivePortRange 40000 60000

Config. Common Pure-FTPd => vi /etc/default/pure-ftpd-common

id -u ftpuser # Get UID/GID of FTP User first.
Change UPLOADUID/UPLOADGID on pure-ftpd-common file.

Those commands are needed for some reason, otherwise, user can’t login:
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/40PureDB
ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure

Virtual User PureFTPd

pure-pw useradd victor -u ftpuser -g ftpgroup -d /home/ftpusers/victor
pure-pw passwd victor -m

Reload PureFTPd
pure-pw mkdb -f /etc/pure-ftpd/pureftpd.passwd -F /etc/pure-ftpd/pureftpd.pdb  # Update PureFTPd Database
service pure-ftpd restart

但是，在此之后，我的下一个需求是从 NGINX 安装中创建一个 HTML 文件夹，以便客户端可以通过 FTP 传输文件。根据上述命令和他的 Chrooted FTP 文件夹 - 一切正常！如果我尝试使用 MobaXTerm 或其他 FTP 客户端将任何内容上传到他的 FTP 文件夹，我就可以做到。

但是，如果我尝试将其上传到使用以下命令创建的 HTML 绑定文件夹，它不允许我这样做：

CHRoot HTML Folder

mkdir -p /home/ftpusers/victor/sites  # Create Websites Folder for Victor
mount --bind /var/www/html /home/ftpusers/victor/sites  # Bind Mount because Link command does not work

Config. for FSTab in order to mount it at boot:

/mnt/data/html /var/www/html none nofail,bind 0 0
/var/www/html /home/ftpusers/victor/sites none nofail,bind 0 0
groups www-data  # Check what groups NGINX user is in
chown -R :<group> /var/www/html  # Just to be sure let’s redo HTML Permission for NGINX.
chmod -R g+w /var/www/html  # Group can Edit/Write

usermod -a -G www-data ftpuser  # Add our FTP User to NGINX Group
groups ftpuser # Now FTP User is in the same groups as NGINX User

Read and Write tests for FTP using cURL => All Tests worked when the owners were ftpuser  ftpgroup.

When Owners were www-data www-data it does not let my FTP User replace and upload files... Even tho, I added the FTP User above as being in the group that is owning the files.

curl ftp://localhost:21/testfile_read -u 'victor:ftp_password' -O  # Read Permissions from Outside HTML folder
curl ftp://localhost:21/sites/testfile_html_read -u 'victor:ftp_password' -O  # Read Permissions from Inside HTML folder.

curl -T testfile_write ftp://localhost:21/ -u 'victor:ftp_password'  # Write Permissions from Outside HTML folder.
curl -T testfile_html_write ftp://localhost:21/sites/ -u 'victor:ftp_password' # Write Permissions from Inside HTML folder.

因此，这看起来像是 www-data 和绑定文件夹本身的权限问题...但这没有意义，因为我已经将 FTP 用户添加到可以编辑/写入的组中...