Tuesday, March 15, 2011

500 OOPS: vsftpd: refusing to run with writable anonymous root

Here's a semi-common issue that you'll see when setting up vsftpd. The particular case where I ran into the issue was one where I wanted to setup anonymous FTP upload (but not download). Plus I wanted to allow local users the ability to read/write the FTP upload folder.

The primary mistakes here were two-fold:

1. The ftp directory should not be owned by the 'ftp' user.

2. The ftp user must not be a member of the group that owns the directory.

It's generally not a vsftpd.conf file issue, just a permissions issue.

(Note that SELinux will not allow anonymous uploads by default, you must change the boolean. See: setsebool -P allow_ftpd_anon_write=1. Also, you will need to change the directory to have a different file context such as "public_content_rw_t " using "semanage fcontext" and "restorecon -vv -F -R". )

And if you absolutely, positively, need to allow anonymous FTP uploads, then you'll have to do it with a subdirectory off of the anon's root folder. So if you have pointed "anon_root=/var/ftp/anon", then create a world-writable subdirectory below that point for uploads.

5 comments:

Alex said...

I was tearing my hair out over this and I couldn't find a fix for about what seems like a million hours. This fixed it. Thank you so much! :3

Anonymous said...

As simple as that, but you explained it like a Pro. Thanks!

Anonymous said...

Saved my day. Thanks very much!!!

sagar said...

I am getting same error.
But my
Anon_root=/mascom/you
Please suggest me.
What to do

Anonymous said...

Someone who can explain this in plain English!! Wonderful, thank you much!!