FTP Issue when creating folder "ftp 550 /testdirectory: Operation not permitted"

tbaror · Jun 20, 2016

Hello All,

We have FreeNas hosting FTP for external users and in the same time same dataset is used as cifs sharing for our local users.
We cannot separate the two dataset since they used for common data exchange , ftp users can uploads files delete files download , only folder creation is not working when trying to upload or create folder users get following error below , any idea how to solve this issue ?
Please advise
Thanks

550 /testdirectory: Operation not permitted

anodos · Jun 20, 2016

tbaror said:
Hello All,

We have FreeNas hosting FTP for external users and in the same time same dataset is used as cifs sharing for our local users.
We cannot separate the two dataset since they used for common data exchange , ftp users can uploads files delete files download , only folder creation is not working when trying to upload or create folder users get following error below , any idea how to solve this issue ?
Please advise
Thanks

Your FTP client is probably trying to change posix mode bits during folder creation. These operations aren't permitted on "windows" datasets because they have a tendency to corrupt the ACLs set on samba shares.

If this is in a testing environment (not production) then you can verify by typing "zfs set aclmode=passthrough <pool>/<dataset>". Once you have confirmed or disconfirmed this hypothesis, set the aclmode back to restricted by typing "zfs set aclmode=restricted <pool>/<dataset>".

tbaror · Jun 20, 2016

anodos said:
Your FTP client is probably trying to change posix mode bits during folder creation. These operations aren't permitted on "windows" datasets because they have a tendency to corrupt the ACLs set on samba shares.

If this is in a testing environment (not production) then you can verify by typing "zfs set aclmode=passthrough <pool>/<dataset>". Once you have confirmed or disconfirmed this hypothesis, set the aclmode back to restricted by typing "zfs set aclmode=restricted <pool>/<dataset>".

Yes that's works (its production) , can i take the risk and use it?
Thanks

anodos · Jun 20, 2016

tbaror said:
Yes that's works (its production) , can i take the risk and use it?
Thanks

I've had problems with permissions getting broken while using "aclmode=passthrough" in a production AD environment. My guess is that iXsystems also encountered this and therefore changed the aclmode property on windows shares to "restricted". Officially, using "windows" permissions type on datasets that are Samba shares is the only "supported" configuration. In other words, this is known to break permissions and bug reports will probably be ignored.

BTW, the samba project also advises turning off oplocks on shares that are also accessed via NFS, FTP, or locally.

anodos · Jun 20, 2016

Another option may be to configure your ftp server to prevent chmod. I haven't messed with proftpd (which I assume is what FreeNAS uses), but you might be able to add the following parameter:

Code:

<Limit SITE_CHMOD>
DenyAll
</Limit>

The reasoning behind this suggestion is that things work better if the service doesn't allow clients to try something that they can't do.

tbaror · Jun 20, 2016

Thank you :)

anodos · Jul 18, 2016

tbaror said:
Thank you :)

So, did this config change fix the problem?

Important Announcement for the TrueNAS Community.

FTP Issue when creating folder "ftp 550 /testdirectory: Operation not permitted"

tbaror

Contributor

anodos

Sambassador

tbaror

Contributor

anodos

Sambassador

anodos

Sambassador

tbaror

Contributor

anodos

Sambassador

Similar threads