I want to setup a anonymous only ftp server (able to upload files). Here is my config file:
listen=YES
anonymous_enable=YES
anon_root=/var/www/ftp
local_enable=YES
write_enable=YESr.
anon_upload_enable=YES
anon_mkdir_write_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
dirmessage_enable=YES
use_localtime=YES
secure_chroot_dir=/var/run/vsftpd/empty
rsa_cert_file=/etc/ssl/private/vsftpd.pem
pam_service_name=vsftpd
But when i try to connect it:
kan@kan:~$ ftp yxxxng.bej
Connected to yxxx.
220 (vsFTPd 2.3.5)
Name (yxxxg.bej:kan): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed
Can anyone help ?
either do the both other answers (downgrading, or reducing security by disabling the check)
Another option would be to actually fix the issue by having correct permissions for the root chroot folder.
Qouting a nice blogpost, which Marek already linked
the chrooted root directory is writeable by the user, this is not allowed anymore by the update Marek mentioned.
So fixing it would require you to:
Change the write permissions of the chrooted home root
f.e.
forcing your users to upload to a subdirectory though.
Change vsftpd to lower version. This is a security patch introduced in vsftpd 2.3.5
http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
Your
write enableis set toYESrinstead ofYESalso try addingallow_writeable_chroot=YESUsually this helps
sudo add-apt-repository ppa:thefrontiergroup/vsftpdsudo apt-get updatesudo apt-get install vsftpdTry either allow_writeable_chroot=YES or allow_writable_chroot=YES in your config,
if that doesn't work, downgrade.
The trick for me was to ensure the 'homedir' is not writable for the users in question, put
and comment out
Not that
chroot_local_useris listed twice in the 3.0.3 standard /etc/vsftpd.conf file. That tripped me up.