Can't upload file using vsftp as anonymous user

SQADude · 11-17-2009, 08:41 PM

I have a vsftpd server running on an Ubuntu 9.04 version. The vsftpd server is set to accept anonymous users. The anonymous users are set to /var/ftp

My /etc/vsftpd.conf has these settings:

Code:

listen=YES

anonymous_enable=YES

anon_root=/var/ftp

local_root=/var/ftp

local_enable=YES

write_enable=YES

anon_upload_enable=YES

anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

secure_chroot_dir=/var/run/vsftpd

pam_service_name=vsftpd

tcp_wrappers=YES

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

From another host, I tried to FTP to the Ubuntu machine. I can log in as anonymous. However, when I try to "put" a file, I get a 553 error.

I don't have SELinux running on my system so it's not SELinux that's preventing anonymous FTP uploads.

I changed the permissions on /var/ftp to 777 but that prevents users from logging in as anonymous to the FTP server for some reason.

I looked at the /var/log/vsftpd.log and I see these log events:

Code:

Tue Nov 17 18:07:12 2009 [pid 13769] CONNECT: Client "10.xxx.1.130"
Tue Nov 17 18:07:17 2009 [pid 13768] [ftp] OK LOGIN: Client "10.xxx.1.130", anon password "password"
Tue Nov 17 18:08:57 2009 [pid 13771] [ftp] FAIL UPLOAD: Client "10.xxx.1.130", "/libflashplayer.so", 0.00Kbyte/sec
Tue Nov 17 18:28:17 2009 [pid 14256] CONNECT: Client "10.xxx.1.130"

I looked at the other threads about trying to upload as an anonymous user using vsftp but none of them have answers or solutions.

Is there anything else I need to do to allow an anonymous user to upload files to /var/ftp?

AuroraZero · 11-17-2009, 09:01 PM

Quote:

Originally Posted by SQADude

I have a vsftpd server running on an Ubuntu 9.04 version. The vsftpd server is set to accept anonymous users. The anonymous users are set to /var/ftp

My /etc/vsftpd.conf has these settings:

Code:

listen=YES

anonymous_enable=YES

anon_root=/var/ftp

local_root=/var/ftp

local_enable=YES

write_enable=YES

anon_upload_enable=YES

anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

secure_chroot_dir=/var/run/vsftpd

pam_service_name=vsftpd

tcp_wrappers=YES

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

From another host, I tried to FTP to the Ubuntu machine. I can log in as anonymous. However, when I try to "put" a file, I get a 553 error.

I don't have SELinux running on my system so it's not SELinux that's preventing anonymous FTP uploads.

I changed the permissions on /var/ftp to 777 but that prevents users from logging in as anonymous to the FTP server for some reason.

I looked at the /var/log/vsftpd.log and I see these log events:

Code:

Tue Nov 17 18:07:12 2009 [pid 13769] CONNECT: Client "10.xxx.1.130"
Tue Nov 17 18:07:17 2009 [pid 13768] [ftp] OK LOGIN: Client "10.xxx.1.130", anon password "password"
Tue Nov 17 18:08:57 2009 [pid 13771] [ftp] FAIL UPLOAD: Client "10.xxx.1.130", "/libflashplayer.so", 0.00Kbyte/sec
Tue Nov 17 18:28:17 2009 [pid 14256] CONNECT: Client "10.xxx.1.130"

I looked at the other threads about trying to upload as an anonymous user using vsftp but none of them have answers or solutions.

Is there anything else I need to do to allow an anonymous user to upload files to /var/ftp?

No clue to as to what 777 is but I think you mean 755. Also make sure the server did not accidentally ban your ip. I know sounds stupid but it has and does happen.

SQADude · 11-17-2009, 09:05 PM

Quote:

Originally Posted by AuroraZero

No clue to as to what 777 is but I think you mean 755. Also make sure the server did not accidentally ban your ip. I know sounds stupid but it has and does happen.

777 is RWX permission for all -- rwxrwxrwx
755 was the default permission for /var/ftp -- rwxr-xr-x

Also, how do I check to see that the vsftpd server didn't accidently ban my IP?

AuroraZero · 11-17-2009, 09:34 PM

Quote:

Originally Posted by SQADude

777 is RWX permission for all -- rwxrwxrwx
755 was the default permission for /var/ftp -- rwxr-xr-x

Also, how do I check to see that the vsftpd server didn't accidently ban my IP?

Ok I understand you want people to be able to upload and stuff to this right anonymously ? Do you have a firewall set up?

SQADude · 11-18-2009, 01:50 PM

Quote:

Originally Posted by AuroraZero

Ok I understand you want people to be able to upload and stuff to this right anonymously ? Do you have a firewall set up?

Not on the VSFTP server or the client attempting to upload files to it. Both machines are on a company intranet. There is a firewall for external access but between these two hosts, no, there is no firewall in effect.

bathory · 11-18-2009, 02:15 PM

Quote:

anon_root=/var/ftp

local_root=/var/ftp

I guess you cannot have the same dir for local user and anonymous users. Change or comment out the 2nd option and see if it works.

SQADude · 11-18-2009, 05:03 PM

Quote:

Originally Posted by bathory

I guess you cannot have the same dir for local user and anonymous users. Change or comment out the 2nd option and see if it works.

I changed the settings so local_root is /var/ftp and anon_root is /var/ftp/anonymous

I also created a /var/ftp/anonymous directory

Restarted vsftpd service.

I still cannot upload files to the /var/ftp/anonymous directory as anonymous.

Also, I put a file called foo.conf in the /var/ftp/anonymous directory. I can't get the foo.conf file because FTP complains that it cannot open the file.

Am I setting up the user correctly? Do I have to have a user named "anonymous" in the /etc/passwd file?

bathory · 11-19-2009, 03:28 AM

You can try this:

Code:

chown root:root /var/ftp/anonymous
mkdir /var/ftp/anonymous/uploads
chown -R ftp /var/ftp/anonymous/uploads

Add also

Code:

ftp_username=ftp

in vsftpd.conf
This way the anonymous user can upload in /var/ftp/anonymous/uploads dir

Regards