user in jail ( vsftpd )

abd_bela · 03-12-2016, 08:47 AM

Hi,
I want to put ftp user in jail ( with vsftpd)
I configured as it is said in the doc, /etc/vsftpd.conf:
chroot_local_user=YES

but when I tried to access it refused completly for the user, here:

Name (localhost:bela2): abdou
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed.
421 Service not available, remote server has closed connection

I am using vsftpd 3.0.2-17 on debian jessie

Is there a bug ??
best regards

bathory · 03-12-2016, 10:51 AM

Hi,

You need to use the following in vsftpd.conf:

Code:

allow_writeable_chroot=YES

Regards

abd_bela · 03-18-2016, 02:21 AM

thanks a lot
that 's it !!
but in this case

it refuses the anonymous access

ftp localhost
Connected to localhost.
220 salam alykoum to FTP service.
Name (localhost:bela2): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Login failed.
421 Service not available, remote server has closed connection

in fact I want to allow the anonymous access, and put the local user in jail!!
for the best security!!

regards

bathory · 03-18-2016, 04:28 AM

Quote:

it refuses the anonymous access

Please note that for anonymous ftp, you cannot have a writable anon_root directory.
So create a subbir (e.g. uploads), where anonymous can write and chmod 555 the anon_root directory

Regards