Linux – vsftpd: refusing to run with writable root inside chroot

chrootftplinuxvsftpdwrite

I want to setup a anonymous only ftp server (able to upload files). Here is my config file:

listen=YES

anonymous_enable=YES
anon_root=/var/www/ftp

local_enable=YES
write_enable=YESr.

anon_upload_enable=YES
anon_mkdir_write_enable=YES

xferlog_enable=YES
connect_from_port_20=YES

chroot_local_user=YES

dirmessage_enable=YES
use_localtime=YES
secure_chroot_dir=/var/run/vsftpd/empty
rsa_cert_file=/etc/ssl/private/vsftpd.pem
pam_service_name=vsftpd

But when i try to connect it:

kan@kan:~$ ftp yxxxng.bej
Connected to yxxx.
220 (vsFTPd 2.3.5)
Name (yxxxg.bej:kan): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed
Can anyone help ?

Best Answer

either do the both other answers (downgrading, or reducing security by disabling the check)

Another option would be to actually fix the issue by having correct permissions for the root chroot folder.

Qouting a nice blogpost, which Marek already linked

– Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life.

the chrooted root directory is writeable by the user, this is not allowed anymore by the update Marek mentioned.

So fixing it would require you to:

Change the write permissions of the chrooted home root

f.e.

chmod a-w /home/user

forcing your users to upload to a subdirectory though.

Related Topic