Red Hat Bugzilla – Bug 214987
File ownership not respected 'in normal way' on file uploads
Last modified: 2008-08-02 19:40:34 EDT
Description of problem:
The version of vsftpd that ships with RHEL3 has an introduced bug from the RedHat bug fix 171308
which is here:
which allows you to overwrite other people's file in a surprising way.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. say you have a group called workers containing two users fred and george
2. say you have a directory which is group writable which contains a file owned by fred but that file is
not group writable (e.g. mode 0644).
3. with real vsftpd george cannot overwrite the file on upload;
4. with RedHat vsftpd george can overwrite the file because when a file is uploaded, it is uploaded to a
new name and then renamed over the old one (as per the bug fix above).
Confused users as they don't expect their files to be overwritten without warning. They know they can
be overwritten (with effort).
553 Could not create file.
The original bug fix would have been ok if you could turn off the facility (concurrent writes is a fact of
Created attachment 141551 [details]
Example of vsftpd permission/ownership issue
I have verified this issue on multiple servers: rather than writing to the
existing file on uploading, a new file is created and moved over the existing
one, resetting ownership and permissions to defaults. This appears to have
started with the most recent RHEL3 update to vsftpd. See attached text file for
(In reply to comment #2)
> I have verified this issue on multiple servers: rather than writing to the
> existing file on uploading, a new file is created and moved over the existing
> one, resetting ownership and permissions to defaults. This appears to have
> started with the most recent RHEL3 update to vsftpd. See attached text file for
> an example.
Pardon the not reading the entire post. Doh.
Please try the last version of vsftpd from here:
It works for me. Thanks
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.