Operating System - Linux
1748008 Members
4726 Online
108757 Solutions
New Discussion юеВ

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

 
Maaz
Valued Contributor

500 OOPS: vsftpd: refusing to run with writable anonymous root

OS: rhl 9.0 and rhel 3.0
# rpm -q vsftpd
vsftpd-1.2.0-4

I was running vsfptd with all default options for a long time.
I simply remove '#' to enable 'anon_upload_enable=YES', but by doing so, ftp/anonymous user is unable to login. when ftp 10.0.0.100
Connected to 10.0.0.100.
220 (vsFTPd 1.2.0)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.0.0.100:root): ftp
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.
421 Service not available, remote server has closed connection
ftp>

I even disable 'anon_upload_enable=YES' option by inserting '#', in vsftpd.conf file.. but it neither allowed anonymous/ftp user to even login, i.e vsftpd behave same as when 'anon_upload_enable=YES' was enable. hence, I then uninstall and then reinstall vsftpd, so that ftp/anonymous users can login, to download files

But real users can work pretty fine, i.e. real users are working without any error or prblm

/etc/vsftpd/vsftpd.conf is attached

Any help will b highly appreciated

Regards
Maaz
4 REPLIES 4
Vitaly Karasik_1
Honored Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

can you send us output of "ls -ld ~ftp" ?
Maaz
Valued Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Dear Vitaly Karasik ... Many Thanks for the help

hmm the prblm is that i did
'chmod o+w /var/ftp'
so that anonymous users can upload their files.. but this was the bad thing I did, bcause /var/ftp must be readonly for others. Now i created a directory /var/ftp/upload, and then
'chmod o+w /var/ftp/upload', and 'chmod o-w /var/ftp'

Regards
Maaz
Maaz
Valued Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

anon_upload=YES only works when /var/ftp must be owned by owner and group root, and must have readonly permissions set for group, and others.
close
johnwei
New Member

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Following are the common errors you will encounter when setting anonymous vsftp vsftpd-2.0.5

4) error: need to access to a designated dir for anonymous ftp
Set following:
anon_root=/var/www/html/docs

5) error: 500 OOPS: vsftpd: refusing to run with writable anonymous root
sympton:
[root@localhost ~]# ftp 70.234.256.239
Connected to 70.234.256.239.
220 Welcome to My FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (70.234.256.239:root): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.

Reason:
Change attribute of ftp directory from
drwxrwxrwx 3 root root 4096 Jun 13 18:42 docs
To
dr-xr-xr-x 3 root root 4096 Jun 13 18:42 docs

6) error: 553 Could not create file.
Sympton:
ftp> put t.txt
local: t.txt remote: t.txt
227 Entering Passive Mode (192,168,1,103,245,163)
553 Could not create file.

Reason:
You need to create a sub dir under ftp dir with 0777 attribute as

drwxrwxrwx 2 ftp ftp 4096 Jun 15 00:40 pub

7) error: anonymously uploaded file has attribute (mask) 0600,
these files could not be downloaded

rw------- 3 root root 4096 Jun 13 18:42 t.txt

Reason:
anon_umask=0133 does not take effect in the code.
In the file "postlogin.c", make following changes:

//vsf_sysutil_fchmod(new_file_fd, 0600); //jwei removes
vsf_sysutil_fchmod(new_file_fd, 0777^tunable_anon_umask); //jwei adds

recompile and cp to /usr/local/sbin/vsftpd

8) error: 425 Security: Bad IP connecting.
ftp>ls
425 Security: Bad IP connecting.

Reason:
Set following:
pasv_promiscuous=YES