vsftpd: refusing to run with writable root inside chroot

I want to setup a anonymous only ftp server (able to upload files). Here is my config file:

listen=YES

anonymous_enable=YES
anon_root=/var/www/ftp

local_enable=YES
write_enable=YESr.

anon_upload_enable=YES
anon_mkdir_write_enable=YES

xferlog_enable=YES
connect_from_port_20=YES

chroot_local_user=YES

dirmessage_enable=YES
use_localtime=YES
secure_chroot_dir=/var/run/vsftpd/empty
rsa_cert_file=/etc/ssl/private/vsftpd.pem
pam_service_name=vsftpd

But when i try to connect it:

kan@kan:~$ ftp yxxxng.bej
Connected to yxxx.
220 (vsFTPd 2.3.5)
Name (yxxxg.bej:kan): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed
Can anyone help ?

Solution 1:

either do the both other answers (downgrading, or reducing security by disabling the check)

Another option would be to actually fix the issue by having correct permissions for the root chroot folder.

Qouting a nice blogpost, which Marek already linked

– Add stronger checks for the configuration error of running with a writeable root directory inside a chroot(). This may bite people who carelessly turned on chroot_local_user but such is life.

the chrooted root directory is writeable by the user, this is not allowed anymore by the update Marek mentioned.

So fixing it would require you to:

Change the write permissions of the chrooted home root

f.e.

chmod a-w /home/user

forcing your users to upload to a subdirectory though.

Solution 2:

Change vsftpd to lower version. This is a security patch introduced in vsftpd 2.3.5

http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/

Solution 3:

Your write enable is set to YESr instead of YES also try adding

allow_writeable_chroot=YES

Usually this helps

sudo add-apt-repository ppa:thefrontiergroup/vsftpd
sudo apt-get update
sudo apt-get install vsftpd