31

I want to setup an anonymous only FTP server (able to upload files). Here is my configuration file:

listen=YES

anonymous_enable=YES
anon_root=/var/www/ftp

local_enable=YES
write_enable=YESr.

anon_upload_enable=YES
anon_mkdir_write_enable=YES

xferlog_enable=YES
connect_from_port_20=YES

chroot_local_user=YES

dirmessage_enable=YES
use_localtime=YES
secure_chroot_dir=/var/run/vsftpd/empty
rsa_cert_file=/etc/ssl/private/vsftpd.pem
pam_service_name=vsftpd

But when I try to connect it:

kan@kan:~$ ftp yxxxng.bej
Connected to yxxx.
220 (vsFTPd 2.3.5)
Name (yxxxg.bej:kan): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed

How can I fix this?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
WoooHaaaa
  • 19,732
  • 32
  • 90
  • 138
  • 1
    This line looks wrong: write_enable=YESr. – rekire Apr 20 '13 at 05:16
  • 4
    Add allow_writeable_chroot=YES and restart it. – Kevin Nguyen Sep 22 '14 at 02:34
  • 1
    allow_writeable_chroot=YES indeed solved the problem ! – M_R_K Dec 02 '15 at 00:28
  • allow_writeable_chroot=YES does not supported in VSFTPD2.3.5.3 , I had a requirement of anonymous user accessing root directories and always had this error while logging in . after brainstorming was able to get rid of the error by adding FTP_USER=anonymous to config file . useradd anonymous and creating the FTPUSER group and adding the anonymous user to the group sudo groupadd ftpuser sudo useradd -g ftpuser -d /XXX anonymous sudo chmod 0777 /XXX – pari Jan 03 '18 at 02:28

1 Answers1

63

This blog here points out how to fix this problem.

http://www.mikestechblog.com/joomla/operating-systems-section/operating-systems-ubuntu/155-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot.html

The issue being that the user's root directory is writable. The Frontier Group provides you with a fix on vsFTPd.

Here are the steps to be taken (copy paste from the tutorial, in case the link dies)

  1. login as root (or sudo..) and do the following:

  2. vi /etc/vsftpd.conf and add the following allow_writeable_chroot=YES

  3. sudo service vsftpd restart

Mohammed Shareef C
  • 3,829
  • 25
  • 35
blo0p3r
  • 6,790
  • 8
  • 49
  • 68
  • 1
    My company's firewall says the link leads to a "criminal activity site"... – Paolo Stefan Jun 28 '13 at 08:17
  • 32
    This is not Off Topic... I wouldn't recommed this suggestion, though, and stick with the 'security' recommendation. All you have to do is ``chmod ugo-w /path/to/directory`` – arod Sep 07 '13 at 19:07
  • apt-repo doesn't have (deb) packages for 'raring' – evandrix Sep 22 '13 at 08:55
  • 1
    Arod posted the answer! "All you have to do is chmod ugo-w /path/to/directory" – Rob Oct 29 '13 at 22:15
  • 1
    @blo0p3r : I've already put `allow_writeable_chroot=YES` in my vsftpd.conf file and I steel the message. I need the write permission for annons (local site).... – user2284570 Jan 12 '14 at 16:13
  • Yeah but what's the security implication of a writable chroot root?? – spinkus Feb 07 '14 at 07:55
  • 9
    `W: Failed to fetch http://ppa.launchpad.net/thefrontiergroup/vsftpd/ubuntu/dists/wheezy/main/source/Sources 404 Not Found W: Failed to fetch http://ppa.launchpad.net/thefrontiergroup/vsftpd/ubuntu/dists/wheezy/main/binary-i386/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead.` It can't be an answer – NG_ Apr 19 '14 at 15:45
  • @arod then how will the user be able to write to his own directory? – Jürgen Paul Apr 23 '14 at 21:40
  • @PineappleUndertheSea a subdirectory can be used ... – arod May 15 '14 at 05:24
  • 5
    allow_writeable_chroot=YES and restart vsftpd. That is all – Kevin Nguyen Sep 22 '14 at 02:33
  • 20
    The vsftpd in ubuntu distro IGNORES `allow_writeable_chroot` option and and the one version presented here is no longer available. This answer is no longer helpful. – David162795 Jan 26 '16 at 10:08
  • 7
    Uhh WTF. Do not install some random persons' repository from the internet. Just add the allow_writeable_chroot=YES option, that is sufficient! – Micah May 12 '17 at 18:43
  • 1
    Adding allow_writeable_chroot=YES worked for me! thank you! – Kassem Itani Nov 07 '17 at 15:04
  • 2
    Basically, create a subdirectory like `/var/www/ftp/files`, which has the write permissions. Then take the write permissions with `sudo chmod a-w /var/www/ftp` away from the root ftp directory. – AdamKalisz Dec 10 '17 at 00:31
  • I think user *user2284570* means *"I still get the message"* (not *"I steel the message"*). – Peter Mortensen Sep 29 '18 at 11:34
  • 1
    The link is broken (404). – Peter Mortensen Sep 29 '18 at 12:00