Allow anonymous upload for Vsftpd?

I need a basic FTP server on Linux (CentOS 5.5) without any security measure, since the server and the clients are located on a test LAN, not connected to the rest of the network, which itself uses non-routable IP's behind a NAT firewall with no incoming access to FTP.

Some people recommend Vsftpd over PureFTPd or ProFTPd. No matter what I try, I can't get it to allow an anonymous user (ie. logging as "ftp" or "anonymous" and typing any string as password) to upload a file:

# yum install vsftpd

# mkdir /var/ftp/pub/upload

# cat vsftpd.conf
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
xferlog_file=YES

#anonymous users are restricted (chrooted) to anon_root
#directory was created by root, hence owned by root.root
anon_root=/var/ftp/pub/incoming
anon_upload_enable=YES
anon_mkdir_write_enable=YES

#chroot_local_user=NO
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
chown_uploads=YES

When I log on from a client, here's what I get:

500 OOPS: cannot change directory:/var/ftp/pub/incoming

I also tried "# chmod 777 /var/ftp/incoming/", but get the same error.

Does someone know how to configure Vsftpd with minimum security?

Thank you.


Edit: SELinux is disabled and here are the file permissions:

# cat /etc/sysconfig/selinux
SELINUX=disabled
SELINUXTYPE=targeted
SETLOCALDEFS=0

# sestatus
SELinux status:                 disabled
# getenforce
Disabled

# grep ftp /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

# ll /var/
drwxr-xr-x  4 root root 4096 Mar 14 10:53 ftp

# ll /var/ftp/
drwxrwxrwx 2 ftp ftp 4096 Mar 14 10:53 incoming
drwxr-xr-x 3 ftp ftp 4096 Mar 14 11:29 pub

Edit: latest vsftpd.conf:

listen=YES
local_enable=YES
write_enable=YES
xferlog_file=YES

#anonymous users are restricted (chrooted) to anon_root
anonymous_enable=YES
anon_root=/var/ftp/pub/incoming
anon_upload_enable=YES
anon_mkdir_write_enable=YES

#500 OOPS: bad bool value in config file for: chown_uploads
chown_uploads=YES
chown_username=ftp

Edit: with trailing space removed from "chown_uploads", err 500 is solved, but anonymous still doesn't work:

client> ./ftp server
Connected to server.
220 (vsFTPd 2.0.5)
Name (server:root): ftp
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/var/ftp/pub/incoming
Login failed.
ftp> bye

With user "ftp" listed in /etc/passwd with home directory set to "/var/ftp" and access rights to /var/ftp set to "drwxr-xr-x" and /var/ftp/incoming to "drwxrwxrwx"...could it be due to PAM maybe? I don't find any FTP log file in /var/log to investigate.


Edit: Here's a working configuration to let ftp/anonymous connect and upload files to /var/ftp:

listen=YES
anonymous_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES

Solution 1:

You have created a dir called pub/upload:

# mkdir /var/ftp/pub/upload

But then you configured uploads to go to pub/incoming:

anon_root=/var/ftp/pub/incoming

So it's a simple path mismatch, all the rest seems OK.

Solution 2:

  1. For anonymous logins, change the "ftp" users home directory in /etc/passwd.

    ftp:x:119:131:ftp daemon,,,:/var/ftp/pub/:/bin/false
    
  2. And add this to your /etc/vsftpd.conf file.

    allow_writeable_chroot=YES
    
  3. And make sure that the ftp user has access (chmod 755) to enter every directory up to the location /var/ftp/pub/

I was fighting this problem for hours. vsftpd doesn't give clear help or suggestions for errors.