Ubuntu: VSFTPd stopped working after update



Question:

I have just updated to Ubuntu 12.04 LTS from Ubuntu Server 11.10, It updated my vsftpd install, and it seems that something has changed :/ I use PAM authentication, does anyone have any ideas what could have changed to cause this?: When trying to connect to FTP is get this error:

500 OOPS: vsftpd: refusing to run with writable root inside chroot()  

I tried googling it, and it said to add allow_writable_root=YES to the config file - however when i try this and try restarting vsftpd it cant restart? :/

Due to the popularity of this question, here is how I actually fixed it:

wget http://http.us.debian.org/debian/pool/main/v/vsftpd/vsftpd_3.0.2-3_amd64.deb -O vsftpd.deb  dpkg -i vsftpd.deb  echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf  service vsftpd reload  

and viola :)


Solution:1

i have this issue aswell, think its because of the new vsftpd update to enhance security, so in the meantime i use this solution.

  1. i chmod the folder that my ftp user comes in to as he first login (root folder) by using in terminal: sudo chmod a-w /home/user

you can change /home/user to whatever is your ftp users root folder.

  1. Create a subfolder with in the folder, either by the use of GUI or if you only have terminal it's: sudo mkdir /home/user/newfolder

now you should be able to log in and read write within the "newfolder". You will NOT be able to write in the root folder itself from the ftp with the chmod a-w, so that is the reason for the subfolder, there you can.

I guess there will be a fix in not so long, but in the meantime i hope this helps.


Solution:2

Somebody backported the feature to add allow_writeable_chroot=YES from Version 3.0.0 to 2.3.5 (see this blog entry).

To install on Precise 12.04 run the following commands as root:

add-apt-repository ppa:thefrontiergroup/vsftpd  apt-get update  apt-get install vsftpd  echo allow_writeable_chroot=YES >> /etc/vsftpd.conf  

Note that there seems to an option allow_writable_chroot=YES in vsftpd-ext - note the mssing e! (or is this a typo in the blog post?)


Solution:3

vsftpd 3.0.0 adds a config option

allow_writeable_chroot=YES  

to again enable the previous behavoir (source: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/ comment from Brian K. White).

Unfortunately, 3.0.0 is not yet packaged by Ubuntu. So in the meantime, downgrade to some older version, for example I am using this one on precise: http://packages.ubuntu.com/oneiric-updates/vsftpd


Solution:4

Another way of doing thing as user Kristian it does: It worked for me. The username I use is 'john'. Replace it for the username you want.

sudo chmod a-w /home/john - Removes permission for all users to delete or modify a file.

sudo mkdir /home/john/ftp - Creates a folder named 'ftp' in the home dir of user 'john'

sudo chown -Rv john.john /home/john/ftp - Changes ownership of the dir to group 'john' and user 'john'.


Solution:5

Why?

Taken and adapted from my own answer in bug 1065714.

In order to keep stable releases stable, updates after release are only considered under specific circumstances. Details of the process and of the criteria required are listed here: https://wiki.ubuntu.com/StableReleaseUpdates#When

This does make it difficult for users of the LTS release to have writeable chroots, since the upstream vsftpd project decided to release without this feature at the time that 12.04 was released. Now that 12.04 is released and the fix doesn't meet the above criteria, I don't think this will change for 12.04. But note that the Stable Release Updates Team makes the final decision on this, and an update hasn't been proposed to them.

If you'd like a newer version of vsftpd to be made generally available for users who do want to use the "allow_writeable_chroot" option, then the backports repository is an appropriate venue for this. With a backport, users who want the feature could just add the backports repository and install vsftpd from there. You can find out more about backports and how to request one here: https://wiki.ubuntu.com/UbuntuBackports

In the meantime, The Frontier Group has kindly provided a PPA, as described in lumbric's answer. Or you can use one of the other answers here that works for you.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »