LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
LinkBack Search this Thread
Old 07-17-2012, 02:05 AM   #1
sanjay87
Member
 
Registered: Oct 2011
Posts: 164

Rep: Reputation: Disabled
500 OOPS: vsftpd: refusing to run with writable anonymous root: Anonymous Login


Hi
I had modified the default login path for anon user in /etc/vsftpd/vsftpd.conf.Any help what are the conf file to be modfied to change the default path of anon user in ftp


# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#Modifing the anononymous default path /var/ftp/pub

anon_root=/ftp


#Locking the user to there home directory

chroot_local_user=YES


# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES



Quote:
[root@example ~]# chmod -R 777 /ftp/
[root@example ~]# ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.
ftp>
 
Old 07-17-2012, 04:01 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,771

Rep: Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283
Hi,

You should leave the default permissions for /ftp (755) and create a subdirectory uploads (world writable if you want) to upload files

Regards
 
Old 07-17-2012, 04:42 AM   #3
sanjay87
Member
 
Registered: Oct 2011
Posts: 164

Original Poster
Rep: Reputation: Disabled
Thanks, Bathory it works

root@example ~]# chmod 755 /ftp/
[root@example ~]# ls -al /ftp
total 52
drwxr-xr-x 12 root root 4096 Jul 17 09:17 .
drwxr-xr-x 29 root root 4096 Jul 17 09:20 ..
drwxr-xr-x 2 root root 4096 Jul 17 07:51 1
drwxr-xr-x 2 root root 4096 Jul 17 07:51 2
drwxr-xr-x 2 root root 4096 Jul 17 07:51 3
drwxr-xr-x 2 root root 4096 Jul 17 07:51 4
drwxr-xr-x 2 root root 4096 Jul 17 07:51 5
drwxr-xr-x 2 root root 4096 Jul 17 07:51 6
drwxr-xr-x 2 root root 4096 Jul 17 07:51 7
drwxr-xr-x 2 root root 4096 Jul 17 07:51 8
drwxr-xr-x 2 root root 4096 Jul 17 07:51 9
drwxr-xr-x 2 root root 4096 Jul 17 09:17 ftps
[root@example ~]# ftp 10.200.2.36
Connected to 10.200.2.36.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.200.2.36:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,200,2,36,39,96)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 1
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 2
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 3
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 4
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 5
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 6
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 7
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 8
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 9
drwxr-xr-x 2 0 0 4096 Jul 17 13:17 ftps
226 Directory send OK.
ftp> dir
227 Entering Passive Mode (10,200,2,36,59,4)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 1
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 2
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 3
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 4
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 5
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 6
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 7
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 8
drwxr-xr-x 2 0 0 4096 Jul 17 11:51 9
drwxr-xr-x 2 0 0 4096 Jul 17 13:17 ftps
226 Directory send OK.
ftp>
 
Old 08-10-2012, 07:23 AM   #4
venkatganesh
LQ Newbie
 
Registered: Sep 2011
Posts: 11

Rep: Reputation: Disabled
hi

I am new to ftp server and installed ftp and vsftpd following error:

ftp> open localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 2.3.2)
Name (localhost:root): milan
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
500 OOPS: socket
ftp> ls
500 OOPS: priv_sock_get_result
421 Service not available, remote server has closed connection


my configuration file:
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
## Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600

# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
##
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default. These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
 
Old 08-10-2012, 03:42 PM   #5
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,771

Rep: Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283Reputation: 1283
@venkatganesh

Please don't hijack other people's threads. You should start a new thread describing your problem.
In the meantime check if this applies to your case

Regards
 
Old 08-14-2012, 01:28 AM   #6
arun5002
Member
 
Registered: Aug 2011
Location: Chennai,India
Distribution: Redhat,Centos,Ubuntu,Dedian
Posts: 548
Blog Entries: 5

Rep: Reputation: Disabled
@venkatganesh


Its not advisable to enable anonymous login to enable in ftp. If you want to configure vsftpd look after these article


http://www.cyberciti.biz/tips/centos...ual-users.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with anonymous login proftp 1.3.1: 530-Unable to set anonymous priviliges. gentooox Linux - Server 3 05-03-2009 02:46 PM
vsftpd error: refusing to run with writable anonymous root abd_bela Debian 2 04-15-2008 05:42 AM
vsftpd anonymous login r.stiltskin Linux - Networking 4 03-16-2007 11:19 PM
vsftpd problems with anonymous login checta Linux - Networking 7 06-30-2004 09:25 AM
Anonymous AND Normal Login with VsFTPd Fussi Linux - Networking 1 06-18-2004 10:11 PM


All times are GMT -5. The time now is 02:20 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration