2

I'm trying to parse vsftpd logs to do some extra processing on the successfully uploaded files.

username will be the user so I create the home dir filename is the file name in the log: it gives a wonky result i.e. "/foo.txt" but that doesn't matter

#!/bin/sh
sudo tail -F /var/log/vsftpd.log | while read line; do
  if sudo echo "$line" | grep -q 'OK UPLOAD:'; then
    username=$(echo "$line" | cut -d" " -f8 | sed 's/\[\(.*\)\]/\1/')
    filename=$(echo "$line" | cut -d, -f2 | sed 's/^[ \t]*//')
    home="/home/vsftpd/$username"
    if sudo ls "$home$filename" &> /dev/null; then
      # do something with $filename
        echo "some text"
    fi
  fi
done

When a file is uploaded I expect the text "some text". I never get that instead I can see it reports:

ls: cannot access /home/vsftpd/user1"/foo.txt": No such file or directory

Although I can run the command in the shell:

$ sudo ls /home/vsftpd/user1"/foo.txt"
/home/vsftpd/user1/foo.txt

I'm guessing permissions related but I've got it running as sudo and I've given the directories full access. Any ideas?

2 Answers 2

2

Your problem is that you have an extra set of quotes around the file name component that you need to strip. The file name in the vsftpd logs (just verified this for myself) is surrounded with quotes, and unlike with username you're not removing those quotes.

This means that $filename ends up being set to, literally, "/foo.txt" including the quotes. When you construct the file name for ls with "$home$filename", the variables are interpolated, but the shell isn't then going to strip off another level of quotes. The quotes stay in the final file name, and the directory /home/vsftpd/user1" with the trailing quote doesn't exist.

This works when you enter the command from the shell because you aren't quoting the file name, so the shell does another round of quote interpolation and removes the double quotes.

Sign up to request clarification or add additional context in comments.

1 Comment

Of course! Thanks for looking deeper into the vsftpd logs. I just fixed it with this line: filename=$(echo "$line" | cut -d, -f2 | sed 's/^[ \t]*//' | tr -d '"')
0

If sudo works from the shell, it's possible that sudo has the NOEXEC flag set, which prevents it from executing scripts. You can read more about NOEXEC here.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.