Simpler Navigation for Servers and Operating Systems
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

500 OOPS: vsftpd: refusing to run with writable anonymous root

Maaz
Valued Contributor

500 OOPS: vsftpd: refusing to run with writable anonymous root

OS: rhl 9.0 and rhel 3.0
# rpm -q vsftpd
vsftpd-1.2.0-4

I was running vsfptd with all default options for a long time.
I simply remove '#' to enable 'anon_upload_enable=YES', but by doing so, ftp/anonymous user is unable to login. when ftp 10.0.0.100
Connected to 10.0.0.100.
220 (vsFTPd 1.2.0)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.0.0.100:root): ftp
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.
421 Service not available, remote server has closed connection
ftp>

I even disable 'anon_upload_enable=YES' option by inserting '#', in vsftpd.conf file.. but it neither allowed anonymous/ftp user to even login, i.e vsftpd behave same as when 'anon_upload_enable=YES' was enable. hence, I then uninstall and then reinstall vsftpd, so that ftp/anonymous users can login, to download files

But real users can work pretty fine, i.e. real users are working without any error or prblm

/etc/vsftpd/vsftpd.conf is attached

Any help will b highly appreciated

Regards
Maaz
4 REPLIES
Vitaly Karasik_1
Honored Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

can you send us output of "ls -ld ~ftp" ?
Maaz
Valued Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Dear Vitaly Karasik ... Many Thanks for the help

hmm the prblm is that i did
'chmod o+w /var/ftp'
so that anonymous users can upload their files.. but this was the bad thing I did, bcause /var/ftp must be readonly for others. Now i created a directory /var/ftp/upload, and then
'chmod o+w /var/ftp/upload', and 'chmod o-w /var/ftp'

Regards
Maaz
Maaz
Valued Contributor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

anon_upload=YES only works when /var/ftp must be owned by owner and group root, and must have readonly permissions set for group, and others.
close
johnwei
Occasional Visitor

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Following are the common errors you will encounter when setting anonymous vsftp vsftpd-2.0.5

4) error: need to access to a designated dir for anonymous ftp
Set following:
anon_root=/var/www/html/docs

5) error: 500 OOPS: vsftpd: refusing to run with writable anonymous root
sympton:
[root@localhost ~]# ftp 70.234.256.239
Connected to 70.234.256.239.
220 Welcome to My FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (70.234.256.239:root): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.

Reason:
Change attribute of ftp directory from
drwxrwxrwx 3 root root 4096 Jun 13 18:42 docs
To
dr-xr-xr-x 3 root root 4096 Jun 13 18:42 docs

6) error: 553 Could not create file.
Sympton:
ftp> put t.txt
local: t.txt remote: t.txt
227 Entering Passive Mode (192,168,1,103,245,163)
553 Could not create file.

Reason:
You need to create a sub dir under ftp dir with 0777 attribute as

drwxrwxrwx 2 ftp ftp 4096 Jun 15 00:40 pub

7) error: anonymously uploaded file has attribute (mask) 0600,
these files could not be downloaded

rw------- 3 root root 4096 Jun 13 18:42 t.txt

Reason:
anon_umask=0133 does not take effect in the code.
In the file "postlogin.c", make following changes:

//vsf_sysutil_fchmod(new_file_fd, 0600); //jwei removes
vsf_sysutil_fchmod(new_file_fd, 0777^tunable_anon_umask); //jwei adds

recompile and cp to /usr/local/sbin/vsftpd

8) error: 425 Security: Bad IP connecting.
ftp>ls
425 Security: Bad IP connecting.

Reason:
Set following:
pasv_promiscuous=YES