Comments (16)
Castaglia
commented on June 3, 2024
2
The mod_clamav module does indeed provide some of its own filesystem handlers as well. Hmm.
I'm now contemplating trying a different approach, i.e. redoing the API that all of these modules use, such that their handlers are automatically merged/stacked, like I have been doing to mod_quotatab, mod_facl, mod_vroot. The benefit of this approach is that it would automatically apply to modules like mod_clamav, without modifications to that module, as well.
Would this solve this current issue, with mod_facl? Not by itself, no; I think mod_facl would still require a few other tweaks.
from proftpd.
Castaglia
commented on June 3, 2024
1
I think this issue is similar to #1764 -- both mod_facl and mod_vroot are using the same internal API for custom filesystem operations:
- https://github.com/proftpd/proftpd/blob/master/modules/mod_facl.c#L1304
- https://github.com/Castaglia/proftpd-mod_vroot/blob/master/mod_vroot.c#L560
Fortunately, I think a similar solution can be used here, since mod_facl only wants to override/provide custom handlers for two specific filesystem operations -- and mod_vroot does not override those particular operations.
from proftpd.
cfiehe
commented on June 3, 2024
1
Hi @Castaglia,
I built a new container image based on PROFTPD_VERSION="v1.3.9rc2-17-g61fce5bbf" and PROFTPD_MOD_VROOT_VERSION="fsio-realpath-impl-issue1780". I used the following in my virtual host:
<Directory /*>
HideNoAccess on
HideFiles ^\.keep$
<Limit ALL>
IgnoreHidden on
</Limit>
</Directory>
Unfortunately, all files get still filtered out, even those to which the user has access to. The log looks promising, but there still seems to be something that does not consider the new way of looking up files:
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc/proftpd-1.3.8.zip'
[...]
2024-03-31 08:05:09,079 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/': [95] Operation not supported
2024-03-31 08:05:09,079 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,079 [64] <sftp:3>: unable to obtain directory listing for '..': Permission denied
from proftpd.
cfiehe
commented on June 3, 2024
1
2024-03-31 08:05:08,171 [64] <ssh2:8>: using PAM service name 'sshd'
2024-03-31 08:05:08,171 [64] <ssh2:9>: loading host key from file '/etc/proftpd/ssh_host_rsa_key'
2024-03-31 08:05:08,173 [64] <ssh2:4>: using '/etc/proftpd/ssh_host_rsa_key' as RSA hostkey (2048 bits)
2024-03-31 08:05:08,173 [64] <ssh2:7>: client alive checks requested after 15 secs, up to 3 times
2024-03-31 08:05:08,173 [64] <redis:7>: sending command: SENTINEL
2024-03-31 08:05:08,174 [64] <redis:7>: SENTINEL reply: 2 elements
2024-03-31 08:05:08,174 [64] <redis:7>: sending command: QUIT
2024-03-31 08:05:08,174 [64] <redis:3>: error connecting to 10.2.59.156#26379: [io] Connection refused
2024-03-31 08:05:08,174 [64] <redis:3>: error connecting to 10.2.59.157#26379: [io] Connection refused
2024-03-31 08:05:08,174 [64] <redis:7>: sending command: PING
2024-03-31 08:05:08,175 [64] <redis:7>: PING reply: PONG
2024-03-31 08:05:08,175 [64] <redis:7>: sending command: INFO
2024-03-31 08:05:08,175 [64] <redis:7>: INFO reply: (text, 656 bytes)
2024-03-31 08:05:08,175 [64] <redis:9>: parsed Redis version 7 (major), 2 (minor), 3 (patch) out of INFO
2024-03-31 08:05:08,175 [64] <redis:7>: sending command: AUTH
2024-03-31 08:05:08,175 [64] <redis:7>: AUTH reply: OK
2024-03-31 08:05:08,175 [64] <redis:7>: sending command: SELECT
2024-03-31 08:05:08,175 [64] <redis:7>: SELECT reply: OK
2024-03-31 08:05:08,175 [64] <redis:7>: sending command: GET
2024-03-31 08:05:08,175 [64] <redis:7>: GET reply: nil
2024-03-31 08:05:08,175 [64] <ban:8>: no matching Redis entry found for name 10.2.4.14, type 2
2024-03-31 08:05:08,251 [64] <ssh2:5>: handling connection from SSH2 client 'WinSCP_release_6.3.1'
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'blowfish-cbc' cipher: Must be explicitly requested via SFTPCiphers
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'arcfour256' cipher: Must be explicitly requested via SFTPCiphers
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'arcfour128' cipher: Must be explicitly requested via SFTPCiphers
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'none' cipher: Must be explicitly requested via SFTPCiphers
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'hmac-md5' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use '[email protected]' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'hmac-md5-96' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use '[email protected]' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'hmac-ripemd160' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:3>: unable to use 'none' digest: Must be explicitly requested via SFTPDigests
2024-03-31 08:05:08,251 [64] <ssh2:9>: sending KEXINIT message to client
2024-03-31 08:05:08,252 [64] <ssh2:3>: sent SSH_MSG_KEXINIT (20) packet (1352 bytes)
2024-03-31 08:05:08,275 [64] <ssh2:3>: received SSH_MSG_KEXINIT (20) packet
2024-03-31 08:05:08,275 [64] <ssh2:9>: reading KEXINIT message from client
2024-03-31 08:05:08,275 [64] <ssh2:3>: first kex packet follows = false
2024-03-31 08:05:08,275 [64] <ssh2:9>: determining shared algorithms for SSH session
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent key exchange algorithms: [email protected],curve448-sha512,curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group18-sha512,diffie-hellman-group17-sha512,diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,rsa2048-sha256,rsa1024-sha1,diffie-hellman-group1-sha1,ext-info-c,[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent key exchange algorithms: curve448-sha512,curve25519-sha256,[email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,rsa1024-sha1,ext-info-s,[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent host key algorithms: ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-ed448,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent client encryption algorithms: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],[email protected],[email protected],3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent client encryption algorithms: [email protected],aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],aes256-cbc,aes192-cbc,aes128-cbc,cast128-cbc,3des-cbc
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent server encryption algorithms: aes256-ctr,aes256-cbc,[email protected],aes192-ctr,aes192-cbc,aes128-ctr,aes128-cbc,[email protected],[email protected],[email protected],3des-ctr,3des-cbc,blowfish-ctr,blowfish-cbc,arcfour256,arcfour128
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent server encryption algorithms: [email protected],aes256-ctr,aes192-ctr,aes128-ctr,[email protected],[email protected],aes256-cbc,aes192-cbc,aes128-cbc,cast128-cbc,3des-cbc
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent client MAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected],[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent client MAC algorithms: hmac-sha2-256,[email protected],hmac-sha2-512,[email protected],hmac-sha1,[email protected],hmac-sha1-96,[email protected],[email protected],[email protected],[email protected],[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent server MAC algorithms: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,[email protected],[email protected],[email protected],[email protected],[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent server MAC algorithms: hmac-sha2-256,[email protected],hmac-sha2-512,[email protected],hmac-sha1,[email protected],hmac-sha1-96,[email protected],[email protected],[email protected],[email protected],[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent client compression algorithms: none,zlib,[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent client compression algorithms: [email protected],zlib,none
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent server compression algorithms: none,zlib,[email protected]
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent server compression algorithms: [email protected],zlib,none
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent client languages:
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent client languages:
2024-03-31 08:05:08,275 [64] <ssh2:8>: client-sent server languages:
2024-03-31 08:05:08,275 [64] <ssh2:8>: server-sent server languages:
2024-03-31 08:05:08,275 [64] <ssh2:9>: waiting for a message of 3 types from client
2024-03-31 08:05:08,311 [64] <ssh2:9>: reading ECDH_INIT message from client
2024-03-31 08:05:08,313 [64] <ssh2:9>: writing ECDH_INIT message to client
2024-03-31 08:05:08,313 [64] <ssh2:3>: sent SSH_MSG_KEX_DH_REPLY (31) packet (640 bytes)
2024-03-31 08:05:08,313 [64] <ssh2:9>: sending NEWKEYS message to client
2024-03-31 08:05:08,313 [64] <ssh2:3>: sent SSH_MSG_NEWKEYS (21) packet (16 bytes)
2024-03-31 08:05:08,313 [64] <ssh2:9>: waiting for a message of 1 type from client
2024-03-31 08:05:08,399 [64] <ssh2:9>: setting session keys
2024-03-31 08:05:08,399 [64] <ssh2:9>: sending EXT_INFO message to client
2024-03-31 08:05:08,399 [64] <ssh2:3>: sent SSH_MSG_EXT_INFO (7) packet (192 bytes)
2024-03-31 08:05:08,399 [64] <ssh2:3>: received SSH_MSG_SERVICE_REQUEST (5) packet
2024-03-31 08:05:08,399 [64] <ssh2:10>: 'ssh-userauth' service requested
2024-03-31 08:05:08,399 [64] <ssh2:3>: sent SSH_MSG_SERVICE_ACCEPT (6) packet (64 bytes)
2024-03-31 08:05:08,567 [64] <ssh2:3>: received SSH_MSG_USER_AUTH_REQUEST (50) packet
2024-03-31 08:05:08,567 [64] <ssh2:10>: auth requested for user '[email protected]', service 'ssh-connection', using method 'none'
2024-03-31 08:05:08,567 [64] <ssh2:9>: offering authentication methods: publickey,password
2024-03-31 08:05:08,567 [64] <ssh2:3>: sent SSH_MSG_USER_AUTH_FAILURE (51) packet (80 bytes)
2024-03-31 08:05:08,587 [64] <ssh2:3>: received SSH_MSG_USER_AUTH_REQUEST (50) packet
2024-03-31 08:05:08,587 [64] <ssh2:10>: auth requested for user '[email protected]', service 'ssh-connection', using method 'publickey'
2024-03-31 08:05:08,587 [64] <redis:7>: sending command: GET
2024-03-31 08:05:08,588 [64] <redis:7>: GET reply: nil
2024-03-31 08:05:08,588 [64] <ban:8>: no matching Redis entry found for name [email protected], type 3
2024-03-31 08:05:08,588 [64] <redis:7>: sending command: GET
2024-03-31 08:05:08,588 [64] <redis:7>: GET reply: nil
2024-03-31 08:05:08,588 [64] <ban:8>: no matching Redis entry found for name [email protected]@10.2.4.14, type 4
2024-03-31 08:05:08,588 [64] <ssh2:9>: client sent 'rsa-sha2-512' public key without signature
2024-03-31 08:05:08,589 [64] <ssh2:3>: sent SSH_MSG_USER_AUTH_PASSWD (60) packet (608 bytes)
2024-03-31 08:05:08,715 [64] <ssh2:3>: received SSH_MSG_USER_AUTH_REQUEST (50) packet
2024-03-31 08:05:08,715 [64] <ssh2:10>: auth requested for user '[email protected]', service 'ssh-connection', using method 'publickey'
2024-03-31 08:05:08,715 [64] <redis:7>: sending command: GET
2024-03-31 08:05:08,716 [64] <redis:7>: GET reply: nil
2024-03-31 08:05:08,716 [64] <ban:8>: no matching Redis entry found for name [email protected], type 3
2024-03-31 08:05:08,716 [64] <redis:7>: sending command: GET
2024-03-31 08:05:08,716 [64] <redis:7>: GET reply: nil
2024-03-31 08:05:08,716 [64] <ban:8>: no matching Redis entry found for name [email protected]@10.2.4.14, type 4
2024-03-31 08:05:08,716 [64] <ssh2:9>: client sent 'rsa-sha2-512' public key with signature
2024-03-31 08:05:08,716 [64] <ssh2:5>: checking key MD5 fingerprint against SFTPKeyBlacklist '/etc/proftpd/blacklist.dat'
2024-03-31 08:05:08,716 [64] <ssh2:2>: using SFTPAuthorizedUserKeys 'file:~/.ssh/authorized_keys' for public key authentication for user '[email protected]'
2024-03-31 08:05:08,716 [64] <fsio:8>: using facl+system open() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,718 [64] <fsio:8>: using facl+system fstat() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,718 [64] <fsio:8>: using facl+system read() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys' (524288 bytes)
2024-03-31 08:05:08,718 [64] <ssh2:10>: failed to match key #1 from file '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,718 [64] <ssh2:10>: found matching public key for user '[email protected]' in '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,718 [64] <fsio:8>: using facl+system lseek() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,718 [64] <fsio:8>: using facl+system close() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh/authorized_keys'
2024-03-31 08:05:08,719 [64] <ssh2:8>: verified public key for user '[email protected]'
2024-03-31 08:05:08,723 [64] <fsio:8>: using facl+system lstat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp/edsb.mycompany.de'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp/edsb.mycompany.de/c.fiehe'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system stat() for path '/srv/ftp/edsb.mycompany.de/c.fiehe'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system stat() for path '/srv/ftp/edsb.mycompany.de/c.fiehe'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp/edsb.mycompany.de'
2024-03-31 08:05:08,724 [64] <fsio:8>: using facl+system lstat() for path '/srv/ftp/edsb.mycompany.de/c.fiehe'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system chroot() for path '/srv/ftp/edsb.mycompany.de/c.fiehe'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system chdir() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,724 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,725 [64] <ssh2:3>: sent SSH_MSG_USER_AUTH_SUCCESS (52) packet (48 bytes)
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system opendir() for path '/'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system opendir() for path '/test42'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc'
2024-03-31 08:05:08,759 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system opendir() for path '/test42/abc'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc/proftpd-1.3.8.zip'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc/proftpd-1.3.8.zip'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system closedir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system closedir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system opendir() for path '/.ssh'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh/authorized_keys'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/.ssh/authorized_keys'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system closedir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/Dockerfile'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/Dockerfile'
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system readdir()
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system closedir()
2024-03-31 08:05:08,762 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,762 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,762 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,762 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,763 [64] <ssh2:3>: sent SSH_MSG_GLOBAL_REQUEST (80) packet (368 bytes)
2024-03-31 08:05:08,763 [64] <ssh2:3>: received SSH_MSG_CHANNEL_OPEN (90) packet
2024-03-31 08:05:08,763 [64] <ssh2:8>: open of 'session' channel using remote ID 256 requested: initial client window len = 2147483647 bytes, client max packet size = 16384 bytes
2024-03-31 08:05:08,763 [64] <ssh2:8>: confirm open channel remote ID 256, local ID 0: initial server window len = 4294967295 bytes, server max packet size = 32768 bytes
2024-03-31 08:05:08,763 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_OPEN_CONFIRMATION (91) packet (64 bytes)
2024-03-31 08:05:08,847 [64] <ssh2:3>: received SSH_MSG_CHANNEL_REQUEST (98) packet
2024-03-31 08:05:08,847 [64] <ssh2:7>: received '[email protected]' request for channel ID 0, want reply = false
2024-03-31 08:05:08,847 [64] <ssh2:3>: received SSH_MSG_CHANNEL_REQUEST (98) packet
2024-03-31 08:05:08,847 [64] <ssh2:7>: received 'subsystem' request for channel ID 0, want reply = true
2024-03-31 08:05:08,847 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_SUCCESS (99) packet (48 bytes)
2024-03-31 08:05:08,943 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:08,943 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (9 bytes)
2024-03-31 08:05:08,943 [64] <sftp:6>: received INIT (1) SFTP request (channel ID 0)
2024-03-31 08:05:08,943 [64] <sftp:7>: received request: INIT 6
2024-03-31 08:05:08,943 [64] <sftp:8>: sending response: VERSION 3
2024-03-31 08:05:08,943 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 296 data bytes)
2024-03-31 08:05:08,943 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (352 bytes)
2024-03-31 08:05:08,959 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:08,959 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (14 bytes)
2024-03-31 08:05:08,959 [64] <sftp:6>: received REALPATH (16) SFTP request (request ID 129552, channel ID 0)
2024-03-31 08:05:08,959 [64] <sftp:7>: received request: REALPATH /
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,959 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,959 [64] <sftp:8>: sending response: NAME 1 / type=dir;size=50;UNIX.owner=1758007907;UNIX.group=1758007907;UNIX.mode=0700;access=20240331055515;modify=20240331055515;
2024-03-31 08:05:08,959 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 115 data bytes)
2024-03-31 08:05:08,959 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (176 bytes)
2024-03-31 08:05:08,979 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:08,979 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (14 bytes)
2024-03-31 08:05:08,979 [64] <sftp:6>: received LSTAT (7) SFTP request (request ID 129799, channel ID 0)
2024-03-31 08:05:08,979 [64] <sftp:7>: received request: LSTAT /
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,979 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:08,979 [64] <sftp:8>: sending response: ATTRS type=dir;size=50;UNIX.owner=1758007907;UNIX.group=1758007907;UNIX.mode=0700;access=20240331055515;modify=20240331055515;
2024-03-31 08:05:08,979 [64] <fsio:8>: using system llistxattr() for path '/'
2024-03-31 08:05:08,979 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 45 data bytes)
2024-03-31 08:05:08,979 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (96 bytes)
2024-03-31 08:05:09,059 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:09,059 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (14 bytes)
2024-03-31 08:05:09,059 [64] <sftp:6>: received OPENDIR (11) SFTP request (request ID 130059, channel ID 0)
2024-03-31 08:05:09,059 [64] <sftp:7>: received request: OPENDIR /
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,059 [64] <fsio:8>: using quotatab+vroot+facl+system opendir() for path '/'
2024-03-31 08:05:09,060 [64] <sftp:8>: sending response: HANDLE cb8eafc228717990
2024-03-31 08:05:09,060 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 29 data bytes)
2024-03-31 08:05:09,060 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (80 bytes)
2024-03-31 08:05:09,079 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:09,079 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (29 bytes)
2024-03-31 08:05:09,079 [64] <sftp:6>: received READDIR (12) SFTP request (request ID 130316, channel ID 0)
2024-03-31 08:05:09,079 [64] <sftp:7>: received request: READDIR cb8eafc228717990
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system chdir() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path './.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path './.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.'
2024-03-31 08:05:09,079 [64] <fsio:8>: using vroot+facl+system realpath() for path '.'
2024-03-31 08:05:09,079 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/': [95] Operation not supported
2024-03-31 08:05:09,079 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,079 [64] <sftp:3>: unable to obtain directory listing for '.': Permission denied
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '../.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '../.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '..'
2024-03-31 08:05:09,079 [64] <fsio:8>: using vroot+facl+system realpath() for path '..'
2024-03-31 08:05:09,079 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/': [95] Operation not supported
2024-03-31 08:05:09,079 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,079 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,079 [64] <sftp:3>: unable to obtain directory listing for '..': Permission denied
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/test42'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '/test42'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/test42'
2024-03-31 08:05:09,080 [64] <fsio:8>: using vroot+facl+system realpath() for path '/test42'
2024-03-31 08:05:09,080 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/test42': [95] Operation not supported
2024-03-31 08:05:09,080 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,080 [64] <sftp:3>: unable to obtain directory listing for '/test42': Permission denied
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh/.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh/.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <fsio:8>: using vroot+facl+system realpath() for path '/.ssh'
2024-03-31 08:05:09,080 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/.ssh': [95] Operation not supported
2024-03-31 08:05:09,080 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,080 [64] <sftp:3>: unable to obtain directory listing for '/.ssh': Permission denied
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.ftpaccess'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <fsio:8>: using vroot+facl+system realpath() for path '/Dockerfile'
2024-03-31 08:05:09,080 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/Dockerfile': [95] Operation not supported
2024-03-31 08:05:09,080 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�'
2024-03-31 08:05:09,080 [64] <facl:6>: normal access check for '�' failed: No such file or directory
2024-03-31 08:05:09,080 [64] <sftp:3>: unable to obtain directory listing for '/Dockerfile': Permission denied
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system chdir() for path '/'
2024-03-31 08:05:09,080 [64] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-03-31 08:05:09,080 [64] <sftp:8>: sending response: STATUS 1 'End of file'
2024-03-31 08:05:09,080 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 37 data bytes)
2024-03-31 08:05:09,080 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (96 bytes)
2024-03-31 08:05:09,803 [64] <ssh2:3>: received SSH_MSG_CHANNEL_DATA (94) packet
2024-03-31 08:05:09,803 [64] <sftp:9>: reading SFTP data from SSH2 packet buffer (29 bytes)
2024-03-31 08:05:09,803 [64] <sftp:6>: received CLOSE (4) SFTP request (request ID 130564, channel ID 0)
2024-03-31 08:05:09,803 [64] <sftp:7>: received request: CLOSE cb8eafc228717990
2024-03-31 08:05:09,803 [64] <fsio:8>: using quotatab+vroot+facl+system closedir()
2024-03-31 08:05:09,804 [64] <sftp:8>: sending response: STATUS 0 'OK'
2024-03-31 08:05:09,804 [64] <ssh2:9>: sending CHANNEL_DATA (remote channel ID 256, 28 data bytes)
2024-03-31 08:05:09,804 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_DATA (94) packet (80 bytes)
2024-03-31 08:05:25,105 [64] <ssh2:9>: sending CHANNEL_REQUEST (remote channel ID 256, [email protected])
2024-03-31 08:05:25,105 [64] <ssh2:3>: sent SSH_MSG_CHANNEL_REQUEST (98) packet (80 bytes)
2024-03-31 08:05:29,387 [64] <ssh2:3>: received SSH_MSG_CHANNEL_FAILURE (100) packet
from proftpd.
cfiehe
commented on June 3, 2024
1
It is working 😃. Now, the files to which the user has no access are filtered out and the other remain visible. This is the trace log of fsio:
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.ftpaccess'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '.ftpaccess'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system access() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using vroot+facl+system realpath() for path '/Dockerfile'
2024-04-01 07:55:19,296 [11407] <facl:5>: unable to retrieve ACL for '/srv/ftp/myuser/Dockerfile': [95] Operation not supported
2024-04-01 07:55:19,296 [11407] <facl:3>: ACL retrieval operation not supported for '/srv/ftp/myuser/Dockerfile', falling back to normal access check
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/srv/ftp/myuser/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system stat() for path '/srv/ftp/myuser/Dockerfile'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system readdir()
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system chdir() for path '/'
2024-04-01 07:55:19,296 [11407] <fsio:8>: using quotatab+vroot+facl+system lstat() for path '/'
2024-04-01 07:55:19,296 [11407] <sftp:8>: sending response: NAME (1 count)
In the home directory of myuser exists a Dockerfile that is owned by root with access mode 0644 (rw-r--r--):
$ sftp -P 22 [email protected]
[email protected]'s password:
Connected to secdata-t.mycompany.de.
sftp> ls -la
-rw-r--r-- 1 root root 2393 Nov 23 09:53 Dockerfile
When I remove the read permission for everyone and change it e.g. to 0640 (rw-r-----), the file gets filtered out 👍:
sftp> ls
sftp>
Thank you very much for your efforts!
from proftpd.
Castaglia
commented on June 3, 2024
Can you try out #1781, see if it addresses your issue?
from proftpd.
cfiehe
commented on June 3, 2024
Hi @Castaglia,
thanks a lot for your quick response. I have switched to the branch facl-vroot-issue1780
#12 0.265 Cloning into 'proftpd'...
#12 7.674 Switched to a new branch 'facl-vroot-issue1780'
#12 7.674 Branch 'facl-vroot-issue1780' set up to track remote branch 'facl-vroot-issue1780' from 'origin'.
[...]
Unfortunately, the result is still the same. All directories get filtered out and the trace gives again:
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot readdir()
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot lstat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot lstat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using facl+system access() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <facl:5>: unable to retrieve ACL for '/incoming': [2] No such file or directory
2024-02-16 09:46:31,330 [16] <sftp:3>: unable to obtain directory listing for '/incoming': Permission denied
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot readdir()
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot lstat() for path '/prod'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot lstat() for path '/prod'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/prod'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/prod'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/prod/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/prod/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/.ftpaccess'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/.ftpaccess'
2024-02-16 09:46:31,331 [16] <fsio:8>: using facl+system access() for path '/prod'
2024-02-16 09:46:31,331 [16] <fsio:8>: using vroot stat() for path '/prod'
2024-02-16 09:46:31,331 [16] <fsio:8>: using vroot stat() for path '/prod'
2024-02-16 09:46:31,331 [16] <facl:5>: unable to retrieve ACL for '/prod': [2] No such file or directory
2024-02-16 09:46:31,331 [16] <sftp:3>: unable to obtain directory listing for '/prod': Permission denied
[...]
from proftpd.
Castaglia
commented on June 3, 2024
These are interesting:
2024-02-16 09:46:31,330 [16] <fsio:8>: using facl+system access() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <fsio:8>: using vroot stat() for path '/incoming'
2024-02-16 09:46:31,330 [16] <facl:5>: unable to retrieve ACL for '/incoming': [2] No such file or directory
2024-02-16 09:46:31,330 [16] <sftp:3>: unable to obtain directory listing for '/incoming': Permission denied
I guess it is showing that mod_facl does, somehow, need to use mod_vroot path-unmangling logic in order to retrieve the POSIX ACL for the correct path.
from proftpd.
cfiehe
commented on June 3, 2024
Thanks for your efforts. So you suspect mod_vroot as the root source?
from proftpd.
Castaglia
commented on June 3, 2024
Thanks for your efforts. So you suspect
mod_vrootas the root source?
I'm not sure if it's only mod_vroot, or if there are interactions involved as well. I do know, however, that an update to mod_vroot, similar to what we're doing here for mod_facl, might be needed; see Castaglia/proftpd-mod_vroot#45
from proftpd.
cfiehe
commented on June 3, 2024
I built a new version that contains both of your modifications. The directories are still filtered out. The log looks a little bit different:
2024-02-17 18:17:05,628 [6825] <fsio:8>: using vroot+clamav readdir()
2024-02-17 18:17:05,628 [6825] <fsio:8>: using vroot+clamav lstat() for path '/incoming'
2024-02-17 18:17:05,628 [6825] <fsio:8>: using vroot+clamav lstat() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using facl+system access() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/incoming'
2024-02-17 18:17:05,629 [6825] <facl:5>: unable to retrieve ACL for '/incoming': [2] No such file or directory
2024-02-17 18:17:05,629 [6825] <sftp:3>: unable to obtain directory listing for '/incoming': Permission denied
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav readdir()
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav lstat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav lstat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using facl+system access() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/prod'
2024-02-17 18:17:05,629 [6825] <facl:5>: unable to retrieve ACL for '/prod': [2] No such file or directory
2024-02-17 18:17:05,629 [6825] <sftp:3>: unable to obtain directory listing for '/prod': Permission denied
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav readdir()
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav lstat() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav lstat() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/.ftpaccess'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using facl+system access() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test'
2024-02-17 18:17:05,629 [6825] <fsio:8>: using vroot+clamav stat() for path '/test'
2024-02-17 18:17:05,629 [6825] <facl:5>: unable to retrieve ACL for '/test': [2] No such file or directory
2024-02-17 18:17:05,629 [6825] <sftp:3>: unable to obtain directory listing for '/test': Permission denied
[...]
from proftpd.
cfiehe
commented on June 3, 2024
When I deactivate and remove mod_clamav from the list of loaded modules, the directories are still not visible. If I got it right, I think that mod_clamav also overwrites the preexisting filesystem handlers. With a deactivated mod_clamav, the trace log gives the following:
2024-02-17 18:22:29,959 [12] <fsio:8>: using vroot+facl+system readdir()
2024-02-17 18:22:29,959 [12] <fsio:8>: using vroot+facl+system lstat() for path '/incoming'
2024-02-17 18:22:29,959 [12] <fsio:8>: using vroot+facl+system lstat() for path '/incoming'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming/.ftpaccess'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming/.ftpaccess'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/.ftpaccess'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system access() for path '/incoming'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming'
2024-02-17 18:22:29,960 [12] <fsio:8>: using vroot+facl+system stat() for path '/incoming'
2024-02-17 18:22:29,960 [12] <facl:5>: unable to retrieve ACL for '/incoming': [2] No such file or directory
2024-02-17 18:22:29,960 [12] <sftp:3>: unable to obtain directory listing for '/incoming': Permission denied
[...]
from proftpd.
Castaglia
commented on June 3, 2024
#1789 implements the refactoring of the FSIO API, so that modules like mod_quotatab, mod_facl, mod_vroot, mod_clamav need no additional tweaks to inherit/stack the previously registered FSIO callbacks. This will be the first part of addressing this particular issue.
I'll now start on the second part, which is getting mod_facl to somehow make use of mod_vroot internal path lookup/resolution machinery, so that the mod_facl FSIO callbacks work on the proper filesystem paths.
from proftpd.
Castaglia
commented on June 3, 2024
#1790 adds a new FSIO API, for resolving paths. Right now, only mod_facl will make use of it, in the FACL-specific callbacks, for verifying that it works as expected/desired.
The last part will be updating the mod_vroot module so that it provides a custom implementation for this new path resolver function.
from proftpd.
Castaglia
commented on June 3, 2024
Here's the last PR, for mod_vroot, to try: Castaglia/proftpd-mod_vroot#46
Using that, and then running your mod_facl test, do things work better?
from proftpd.
Castaglia
commented on June 3, 2024
Hi @Castaglia, I built a new container image based on
PROFTPD_VERSION="v1.3.9rc2-17-g61fce5bbf"andPROFTPD_MOD_VROOT_VERSION="fsio-realpath-impl-issue1780". I used the following in my virtual host:<Directory /*> HideNoAccess on HideFiles ^\.keep$ <Limit ALL> IgnoreHidden on </Limit> </Directory>Unfortunately, all files get still filtered out, even those to which the user has access to. The log looks promising, but there still seems to be something that does not consider the new way of looking up files:
2024-03-31 08:05:08,760 [64] <fsio:8>: using vroot+facl+system lstat() for path '/test42/abc/proftpd-1.3.8.zip' [...] 2024-03-31 08:05:09,079 [64] <facl:5>: unable to retrieve ACL for '/srv/ftp/edsb.mycompany.de/c.fiehe/': [95] Operation not supported 2024-03-31 08:05:09,079 [64] <facl:3>: ACL retrieval operation not supported for '�', falling back to normal access check 2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�' 2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system stat() for path '�' 2024-03-31 08:05:09,079 [64] <facl:6>: normal access check for '�' failed: No such file or directory 2024-03-31 08:05:09,079 [64] <sftp:3>: unable to obtain directory listing for '..': Permission denied
Thanks! There's some garbled characters in these log messages, which should now be fixed via #1791.
If you try this again, and see it happen again like the above, you should also see something like:
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system access() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/'
or:
2024-03-31 08:05:09,079 [64] <fsio:8>: using quotatab+vroot+facl+system faccess() for path '/srv/ftp/edsb.mycompany.de/c.fiehe/'
The difference being whether this is mod_facl's "access()" callback, or "faccess()" callback. Knowing which callback is seeing this issue would be useful information for me. Thanks!
Update: Ah, for the later provided logs, it looks to be the "access()" callback. Perfect.
from proftpd.
Related Issues (20)
- Add crosscompiling support for ./configure.in HOT 1
- Using FTPS after upgrading from 1.3.8a to 1.3.8b leads to crash HOT 4
- SFTP Too many bad authentication attempts - Terminal is working HOT 3
- Client timeout after sending client version string after upgrading from 1.3.7e to 1.3.8b, but not reproducible for me HOT 2
- proftpd not using source port 20 for ftp active HOT 5
- Add support for logging SFTP ciphers/algorithms in SQL databases HOT 6
- Jot API gives the wrong timestamp in mod_exec HOT 6
- Impossible to connect to data port using implicit FTPS HOT 2
- Ban on RootLogin does not seem to be working HOT 2
- proftpd in docker - not optimal configurable HOT 2
- Permission question about proftpd.sock HOT 1
- Bad handling of lack of extended attributes leads to SFTP out of memory error HOT 11
- proftpd.org HTTPS not working
- SFTP statvfs extension fails when mod_vroot is in use HOT 15
- DenyUser Limit does not work for ftp, but works for sftp HOT 6
- Repeated reload operations may cause memory leakage. HOT 3
- Implement [email protected] SFTP extension HOT 3
- ftp user in same group can not upload file HOT 6
- SSH public key fingerprints in mod_sftp logs HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from proftpd.