Got error 500, on a mounted volume

[vipera7]

I want to access to n object storage with ftp and be able to do some action. Right now I can access and view files/folders from it, but I can't do action, like rename a file, create a dir...

Here is my mounted volume in my host:
drwxrwxr-x. 1 root root 0 Jan 1 1970 mnt

I'm using the following command to create a container :
docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=123.123.123.123" -v /mnt:/home/ftpusers/root stilliard/pure-ftpd:latest

Then I enter in the container with :
docker exec -it ftpd_server /bin/bash

And create the user

pure-pw useradd root -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/root

(Do I have to put root as ftp user ?)

Then I get this when I try to create a dir

And I can see my contents

[stilliard]

Hi @vipera7 ,
Seems like a permission issue, i've not run into this myself but another user had an issue with permissions before, maybe the comments here can help: #35 (comment)

[vipera7]

I have tried the following command pure-pw useradd root -f /etc/pure-ftpd/passwd/pureftpd.passwd -m -u ftpuser -d /home/ftpusers/root but sadly I have the same issue

[stilliard]

I think you could try using the uid as the -u flag instead of root and -g as the group id (I think these are 0 for root if that helps).
If that doesn't work it's probably best to ask on stackoverflow if you haven't already with the pureftpd tag, hopefully someone on there can help.

[vipera7]

I have to use the root user uid ? When I use -g flag it ouput me as the flag doesn't exist.

unknown shorthand flag: 'g' in -g

So I should do something like :

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -e "PUBLICHOST=123.123.123.123" -v /mnt:/home/ftpusers/root -u 0 stilliard/pure-ftpd:latest

Here is the permission I get from /home/ftpusers/root

-rwxrwxr-x. 1 1001 1001 1494220800 May 15 14:02 file

but I can't list content now

[vipera7]

I also tried to give ftpuser root privilege and change in /etc/pure-ftpd/passwd/pureftpd.passwd to change from 1000;1000 to 0.0 but the problem persist

[stilliard]

Hi @vipera7 ah that's a shame, i've not had any experience with object storage but worth asking on stackoverflow if you haven't already with the pureftpd tag, hopefully someone on there can help 👍

[vipera7]

I got an answer that doesn't help, I will give a bounty on the question, we will see if someone can figure it out

[vipera7]

I found some new info about my issue. I'm using now this following command to create the container :

docker run -d --name ftpd_server -p 21:21 -p 30000-30009:30000-30009 -v /home/foo/data:/home/ftpusers/foo -e FTP_USER_UID=1000 -e FTP_USER_GID=1000 -e FTP_USER_NAME=foo -e FTP_USER_PASS=pass -e FTP_USER_HOME=/home/ftpusers/foo stilliard/pure-ftpd

The folder data is the mounted volume.
On my host machine I have created a new user named foo which have uid = 1000 and gid = 1000.

I have the following path :

home
│
└───foo
    │
    └───data (root.root)
        │ File (foo.foo)
        │
        └───data2  (foo.foo)
            │ File2 (foo.foo)

I have made the following command before running the container to give permission to user foo :

chown -R foo.foo /home/foo/data*

Now I can write into folder data2 but I can't do anything before this folder (access denied)
I can't rename the first file I also have Persmission denied.

[finex]

I'm also having a problem renaming files: I've created a virtual user with manual uid/gid from the host machine. Create/Upload/Delete files works fine, rename doesn't.

I've tried to add the "--norename=false --autorename=false" on ADDED_FLAGS but it doesn't work.

I've also tried to set the value no on /etc/pure-ftpd/conf/NoRename but without any change.

[mryauch]

@finex Are you using the hardened branch? I just ran into this and found that the Dockerfile in the hardened branch looks like this:
# startup CMD /run.sh -l puredb:/etc/pure-ftpd/pureftpd.pdb -E -j -R -P $PUBLICHOST -s -A -j -Z -H -4 -E -R -G -X -x

The -G is for norename and is likely what is causing this. I also can't figure out a way to get additional flags to change this behavior.

Edit:
I fixed my issue by switching to the latest branch and just using the 'hardened' level defaults minus -G in my docker-compose.yml:
ADDED_FLAGS: -s -A -j -Z -H -4 -E -R -X -x plus some other non-standard flags.

[joseluisq]

@mryauch I have verified it works. 👍

[finex]

@mryauch you're right. I was using that branch. Later I found that flag and I've switched to the other image manually adding some security flags but I've forgot to report it here.