1

I need to deploy an FTP server for intranet usages (anonymous only) and I've selected Vsftpd who seems to be easy to configure. Here's my configuration :

listen=YES local_enable=NO write_enable=YES anonymous_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES no_anon_password=YES anon_root=/srv/ftp/anon

And the directories permissions :

drwxr-xr-x 3 root root 4096 déc. 20 16:00 srv r-xr-xr-x 3 root root 4096 déc. 20 16:03 ftp dr-xr-xr-x 2 root root 4096 déc. 20 16:03 anon

With this configuration I'm able to connect as anonymous and consult /srv/ftp/anon content, download files but unable to upload anything, create folders or delete files (errors 530 & 550). Vsftpd log file is not so explicit and didn't help. I've also tried to change anon to 777, but it results as 500 OOPS: vsftpd: refusing to run with writable root inside chroot() when I tried to connect to the server.

Thank you :)

Improve this question

1 Answer 1

Reset to default
2

It seems, that vsftpd is trying to chroot to /srv/ftp/anon directory. In this case, its trying to prevent you to shoot into your own leg by refusing to write there (yes, they know, what they are doing and why).

So you should better set a directory structure, where there is a read-only directory and the writable one is inside, e.g. /srv/ftp would be writable only by root, and this will be the anon_root. Make another one, let say /srv/ftp/public and chown ftp /srv/ftp/public (or to whatever user is vsftp using). I am using a few more directives in the similar scenario:

allow_writeable_chroot=YES nopriv_user=ftp anon_world_readable_only=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
Improve this answer
6
  • Seem to work thanks, but can't directly be in anon directory when I connect as anonymous ? Commented Dec 21, 2020 at 12:46
  • You can give up write support or you can (try to) make vsftpd not to chroot. Commented Dec 21, 2020 at 21:49
  • I removed secure_chroot_dir from the example, as it is not related to the problem and shell be set otherwise ( e. g. /usr/share/empty) or left out to have a compile-time default value. Commented Dec 21, 2020 at 21:52
  • Well I've tried to remove anon_root=/srv/ftp/anon and change permissions for ftp home directory (/srv/ftp) and same error : 500.. Maybe what I want to do is not possible using VSFTPD package Commented Dec 23, 2020 at 22:41
  • 1
    Well the question IMHO shrinks to a not-so-simple one: can we force vsftpd not to chroot ftp/anonymous user? anon_root is all right. The home of ftp user shouldn't be the login dir anyway. I haven't find any specific directive to tell vsftpd not to chroot anonymous user. I may have a look into the sourcecode, but later... Commented Dec 24, 2020 at 12:57

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.