Minor issue with Linux ftp client and rclone ftp access denied

Joel_Peshkin · March 1, 2019, 12:17am

Hi,

This isn’t blocking me or anything, but it may be of interest.

I have the rclone serve ftp running with a Box backend. It has access to be able to list a directory but not access to retrieve any files. If I attempt to retrieve a file, I get…

ftp> get t1
local: t1 remote: t1
227 Entering Passive Mode (10,75,128,122,118,97)
150 Data transfer starting 15 bytes

and then, the (standard RHEL6) linux ftp client will hang and not even respond to a CTRL-C
I have to use CTRL-Z to background it and kill %1 to kill it.

I suspect that the PASV connection is waiting and rclone sends some message back in the control channel that it never sees because the client is waiting for the PASV connection to start.

ncw · March 1, 2019, 3:29pm

Are the two machines on the same network? Passive mode doesn’t always go through NAT gateways properly…

Joel_Peshkin · March 1, 2019, 5:45pm

Yes. I also see wget hanging in the same situation, but it will at least bail out with CTRL-C.

If I find some time, I’ll do some traces and try to identify the behavior difference between ftp-client --> rclone ftp server and ftp-client --> other ftp server (in a permission denied scenario)

Joel_Peshkin · March 1, 2019, 6:08pm

It looks like rclone is responding with 150 before checking the permission and then it has committed itself. It should respond to the RETR with a 550 before doing anything else.

With the RHEL ftpd…

PASV
227 Entering Passive Mode (10,75,135,213,172,153)
LIST
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
TYPE I
200 Type set to I.
PASV
227 Entering Passive Mode (10,75,135,213,203,208)
RETR w2
550 w2: Permission denied.
QUIT
221 Goodbye.

With rclone…

YPE I
200 Type set to binary
PASV
227 Entering Passive Mode (10,75,128,122,119,188)
RETR t1
150 Data transfer starting 15 bytes
<<<<< Then the client hangs here until aborted >>>>>>

On the next connection, tot he same rclone ftp server, rclone actually sends a new message that I suspect is leftover from the prior session…

220 Welcome on Rclone FTP Server
AUTH GSSAPI
550 Action not taken

ncw · March 3, 2019, 8:32am

The not bailing with CTRL-C should be fixed in the latest beta

Ah I see what has happened. The error isn’t being reported until the stream read starts but the server is ignoring the error. I’ve sent a fix for the upstream library here: https://github.com/goftp/server/pull/63

Here is a beta of rclone for you to try with that fix in:

https://beta.rclone.org/branch/v1.46.0-055-g375a3635-fix-ftp-error-beta/ (uploaded in 15-30 mins)