Error message "500 OOPS: vsftpd: refusing to run with writable root inside chroot()" - keep user jailed
Solution 1:
For VSFTPD 3,
- Go to:
/etc/vsftpd.conf -
and add this:
allow_writeable_chroot=YESJust add it if it does not exist yet.
-
Restart the vsftpd service:
service vsftpd restart
And it should work.
Solution 2:
The real solution of this problem: the home folder of the user should not be writable only readable.
So, if user site is in the folder is cat/example.com/http/, folder cat must have chmod 555 and all will be OK.
Solution 3:
After further review of this post, in the comments a package was posted that fixed my issue. You can search for it by either my name or "Marks" Documentation: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/. Here are my details of how I fixed this further.
USERS ARE STILL JAILED TO THEIR HOME DIRECTORIES!!!
# ------------------------------------------------------------------------------
# SETUP FTP USERS --------------------------------------------------------------
# ------------------------------------------------------------------------------
# create the ftp users and lock them to the website directories
useradd -d /srv/www/[website/appname] -m [ftp user name]
# set the ftp account passwords
passwd [ftp user name]
# add the ftp users to the www-data user/group
adduser [ftp user name] www-data
# BUG FIX: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
sudo add-apt-repository ppa:thefrontiergroup/vsftpd
sudo apt-get update
sudo apt-get install vsftpd
# Edit the vsftpd.conf and append this setting to the end of the file to keep users' jailed!
nano /etc/vsftpd.conf
# add all of the text between the starting [[ and ending ]]
# [[
# Keep non-chroot listed users jailed
allow_writeable_chroot=YES
# ]]
# restart the service for changes to take effect
sudo service vsftpd restart
#test ftp via secondary terminal window:
ftp [ftp user name]@[server ipaddress] [ftp port]
Solution 4:
According to the previous answer "The REAL solution of this problem: the home folder of the user should not be writable only read.". The general thinking is right, but with a wrong realization.
Below I'll try to give a simple example:
For a start, we need to build a topology of the user directory:
/home (ro)
|-someuser (rw,700)
|-ftp_upload (ro,555) - ch_rooting here, required read-only by vsftpd :(
|-temp (rw,755)
|-in_box (rw,755)
|-out_box (rw,755)
vsftpd.conf cut:
# Enable chrooting chroot_local_user=YES # chroot all users except listened inside chroot_list chroot_list_enable=YES # Exception list. Ideally, it should be blank ;) chroot_list_file=/etc/vsftpd/chroot_list # Map ftp root directory to specific directory local_root=/home/someuser/ftp
This configuration works great with a single-user configuration. For multi-user, the "user_config_dir" directive should be used additionally.
**UPDATE 20/09
------**
Here is tricky workaround, not best idea to use, but.... If u need writable ftp root folder, just insert permission change commands in pre-start and post-start commands.
Pre-start - change permissions to read-only, which the server requires (:
Start server
Post-start - change permission to read-write, or which you need.
Solution 5:
It's pretty much what toastboy70 mentioned. Make ftp-root dir chown'd to ftp.ftp and non-writable (/etc/vsftpd.conf): anon_root=/srv/ftp
Then make a writable child dir: /srv/ftp/upload