Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Distributions > Linux Mint
User Name
Linux Mint This forum is for the discussion of Linux Mint.


  Search this Thread
Old 07-27-2013, 03:22 PM   #1
Registered: Feb 2007
Posts: 36

Rep: Reputation: 15

hello all,

Im running nadia and have install vsftpd through the software manager. I have secusfully added a user and can loginto the ftp server, unfortunatly the user has complete access to my computer. if I enable chroot local user and try to log in I get a error "cannot chroot into a writeable directory". my question is how does one go about finding where the user directory is located, I've searched the root and home directorys and just cannot find it.

any help will be greatly appreciated


Old 07-28-2013, 01:28 AM   #2
Registered: Jan 2006
Distribution: Slackware
Posts: 841

Rep: Reputation: 165Reputation: 165
If you set chroot_local_user=YES in vsftpd.conf, the directory vsftpd puts him in when he connects will be his standard local login home directory. Since that directory is writable by the user, the connection will fail because vsftp does not allow the root of the chroot jail to be writable by the user. That is why you get the "500 OOPS: vsftpd: refusing to run with writable root inside chroot ()" error message.

The solution is to make the root of his chroot jail something other than his normal login directory. You use the local_root directive to do that. For example, if user1 has a home directory at /home/user1, then if you could tell vsftpd to make /home his local root provided he does not have write access to /home. He'd have to change directory into his home directory after connecting.

You could also set up an entirely different directory structure separate from the user's normal login directory, and bind mount his normal home directory on a writable subdirectory of his chrooted local root.

For example, you could create a /home/ftpuser/<username> directory for each user. For user1, create /home/ftpuser/user1. In vsftpd for user1, set local_root=/home/ftpuser/user1. Grant user1 read and execute access, but not write access, to /home/ftpuser/user1 to satisfy the vsftpd local root restriction. Create a directory under /home/ftpuser/user1 called home (i.e., /home/ftpuser/user1/home), and set permissions to 700 to make it writable by user1. Then bind mount the user's normal login home directory on this one.

vsftpd.conf would need to include something like the following:

The effect of the above is that only users listed in the userlist_file can login, all users are chrooted except for those listed as exceptions in the chroot_list_file, and the chroot home for each user is specified in the user's config file under the user_config_dir directory.

/etc/vsftpd/vsftpd.user_list is a list of all the ftp users allowed to login.

# cat /etc/vsftpd/vsftpd.user_list
Directory listing of /etc/vsftpd/vsftpd_user_conf shows the config file for each allowed user.

# ls -l vsftpd_user_conf
-rw-r--r-- 1 root root   29 Dec  5 11:20 user1
-rw-r--r-- 1 root root   24 Dec  5 11:07 user2
-rw-r--r-- 1 root root   27 Dec  4 23:32 user3
The contents of /etc/vsftpd/vsftpd_user_conf/user1, user2, user3 files show the chroot home directory for each.

# cat vsftpd_user_conf/user1   
# cat vsftpd_user_conf/user2  
# cat vsftpd_user_conf/user3   
These commands mount the normal login /home/<username> directory on top of the "home" subdirectory under the user's ftp local root.

mount --bind /home/user1 /home/ftpuser/user1/home
mount --bind /home/user2 /home/ftpuser/user2/home
mount --bind /home/user3 /home/ftpuser/user3/home
Or you could put it in /etc/fstab:

/home/user1  /home/ftpuser/user1/home  none  defaults,bind  0  0
/home/user2  /home/ftpuser/user2/home  none  defaults,bind  0  0
/home/user3  /home/ftpuser/user3/home  none  defaults,bind  0  0
Now when user1 connects via ftp, his local root will be /home/ftpuser/user1. It is non-writable for him. There will be a home subdirectory that he can cd into, and that will have his normal login home directory bind mounted on it.

I hope that is helpful.
1 members found this post helpful.
Old 07-28-2013, 03:44 AM   #3
Senior Member
Registered: May 2010
Location: Planet Earth
Distribution: Debian
Posts: 1,030

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
You do not need chroot enabled to be able to login into your user directory, all you need is to add this to the end of the vsftpd.conf
Also is a good thing to read the manual!
$ man vsftpd
1 members found this post helpful.
Old 07-29-2013, 08:55 AM   #4
Registered: Feb 2007
Posts: 36

Original Poster
Rep: Reputation: 15
Thanks ZO38 and uKiuki for your help, It will be a few days berfore I can try out your suggestions.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting vsftpd for vsftpd: 500 OOPS: SSL: cannot load RSA certificate MisterTickle Linux - Server 2 02-11-2011 07:41 PM
vsftpd settingd and VSFTPD DEAD BUT SUBSYS LOCKED pc_copat Linux - Newbie 15 11-05-2009 10:31 PM
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 07:24 PM
vsftpd & ssl - how do I tell if it's actually vsftpd maintaining the connections?? hunterhunter Linux - General 0 03-27-2006 04:41 PM
VSFTPD with 500 oops :vsftpd: missing argv[0] mole_13 Linux - Newbie 0 05-04-2005 01:05 AM > Forums > Linux Forums > Linux - Distributions > Linux Mint

All times are GMT -5. The time now is 09:28 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration