Allow anonymous upload for Vsftpd?
I need a basic FTP server on Linux (CentOS 5.5) without any security measure, since the server and the clients are located on a test LAN, not connected to the rest of the network, which itself uses non-routable IP's behind a NAT firewall with no incoming access to FTP.
Some people recommend Vsftpd over PureFTPd or ProFTPd. No matter what I try, I can't get it to allow an anonymous user (ie. logging as "ftp" or "anonymous" and typing any string as password) to upload a file:
# yum install vsftpd
# mkdir /var/ftp/pub/upload
# cat vsftpd.conf
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
xferlog_file=YES
#anonymous users are restricted (chrooted) to anon_root
#directory was created by root, hence owned by root.root
anon_root=/var/ftp/pub/incoming
anon_upload_enable=YES
anon_mkdir_write_enable=YES
#chroot_local_user=NO
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
chown_uploads=YES
When I log on from a client, here's what I get:
500 OOPS: cannot change directory:/var/ftp/pub/incoming
I also tried "# chmod 777 /var/ftp/incoming/", but get the same error.
Does someone know how to configure Vsftpd with minimum security?
Thank you.
Edit: SELinux is disabled and here are the file permissions:
# cat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
SETLOCALDEFS=0
# sestatus
SELinux status: disabled
# getenforce
Disabled
# grep ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
# ll /var/
drwxr-xr-x 4 root root 4096 Mar 14 10:53 ftp
# ll /var/ftp/
drwxrwxrwx 2 ftp ftp 4096 Mar 14 10:53 incoming
drwxr-xr-x 3 ftp ftp 4096 Mar 14 11:29 pub
Edit: latest vsftpd.conf:
listen=YES
local_enable=YES
write_enable=YES
xferlog_file=YES
#anonymous users are restricted (chrooted) to anon_root
anonymous_enable=YES
anon_root=/var/ftp/pub/incoming
anon_upload_enable=YES
anon_mkdir_write_enable=YES
#500 OOPS: bad bool value in config file for: chown_uploads
chown_uploads=YES
chown_username=ftp
Edit: with trailing space removed from "chown_uploads", err 500 is solved, but anonymous still doesn't work:
client> ./ftp server
Connected to server.
220 (vsFTPd 2.0.5)
Name (server:root): ftp
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/pub/incoming
Login failed.
ftp> bye
With user "ftp" listed in /etc/passwd with home directory set to "/var/ftp" and access rights to /var/ftp set to "drwxr-xr-x" and /var/ftp/incoming to "drwxrwxrwx"...could it be due to PAM maybe? I don't find any FTP log file in /var/log to investigate.
Edit: Here's a working configuration to let ftp/anonymous connect and upload files to /var/ftp:
listen=YES
anonymous_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
Solution 1:
You have created a dir called pub/upload:
# mkdir /var/ftp/pub/upload
But then you configured uploads to go to pub/incoming:
anon_root=/var/ftp/pub/incoming
So it's a simple path mismatch, all the rest seems OK.
Solution 2:
-
For anonymous logins, change the "ftp" users home directory in
/etc/passwd
.ftp:x:119:131:ftp daemon,,,:/var/ftp/pub/:/bin/false
-
And add this to your
/etc/vsftpd.conf
file.allow_writeable_chroot=YES
And make sure that the
ftp
user has access (chmod 755
) to enter every directory up to the location/var/ftp/pub/
I was fighting this problem for hours. vsftpd doesn't give clear help or suggestions for errors.