Allow anonymous upload for Vsftpd?
Solution 1
You have created a dir called pub/upload:
# mkdir /var/ftp/pub/upload
But then you configured uploads to go to pub/incoming:
anon_root=/var/ftp/pub/incoming
So it's a simple path mismatch, all the rest seems OK.
Solution 2
For anonymous logins, change the "ftp" users home directory in
/etc/passwd
.ftp:x:119:131:ftp daemon,,,:/var/ftp/pub/:/bin/false
And add this to your
/etc/vsftpd.conf
file.allow_writeable_chroot=YES
And make sure that the
ftp
user has access (chmod 755
) to enter every directory up to the location/var/ftp/pub/
I was fighting this problem for hours. vsftpd doesn't give clear help or suggestions for errors.
Related videos on Youtube
user15318
Updated on September 17, 2022Comments
-
user15318 over 1 year
I need a basic FTP server on Linux (CentOS 5.5) without any security measure, since the server and the clients are located on a test LAN, not connected to the rest of the network, which itself uses non-routable IP's behind a NAT firewall with no incoming access to FTP.
Some people recommend Vsftpd over PureFTPd or ProFTPd. No matter what I try, I can't get it to allow an anonymous user (ie. logging as "ftp" or "anonymous" and typing any string as password) to upload a file:
# yum install vsftpd # mkdir /var/ftp/pub/upload # cat vsftpd.conf listen=YES anonymous_enable=YES local_enable=YES write_enable=YES xferlog_file=YES #anonymous users are restricted (chrooted) to anon_root #directory was created by root, hence owned by root.root anon_root=/var/ftp/pub/incoming anon_upload_enable=YES anon_mkdir_write_enable=YES #chroot_local_user=NO #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list chown_uploads=YES
When I log on from a client, here's what I get:
500 OOPS: cannot change directory:/var/ftp/pub/incoming
I also tried "# chmod 777 /var/ftp/incoming/", but get the same error.
Does someone know how to configure Vsftpd with minimum security?
Thank you.
Edit: SELinux is disabled and here are the file permissions:
# cat /etc/sysconfig/selinux SELINUX=disabled SELINUXTYPE=targeted SETLOCALDEFS=0 # sestatus SELinux status: disabled # getenforce Disabled # grep ftp /etc/passwd ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin # ll /var/ drwxr-xr-x 4 root root 4096 Mar 14 10:53 ftp # ll /var/ftp/ drwxrwxrwx 2 ftp ftp 4096 Mar 14 10:53 incoming drwxr-xr-x 3 ftp ftp 4096 Mar 14 11:29 pub
Edit: latest vsftpd.conf:
listen=YES local_enable=YES write_enable=YES xferlog_file=YES #anonymous users are restricted (chrooted) to anon_root anonymous_enable=YES anon_root=/var/ftp/pub/incoming anon_upload_enable=YES anon_mkdir_write_enable=YES #500 OOPS: bad bool value in config file for: chown_uploads chown_uploads=YES chown_username=ftp
Edit: with trailing space removed from "chown_uploads", err 500 is solved, but anonymous still doesn't work:
client> ./ftp server Connected to server. 220 (vsFTPd 2.0.5) Name (server:root): ftp 331 Please specify the password. Password: 500 OOPS: cannot change directory:/var/ftp/pub/incoming Login failed. ftp> bye
With user "ftp" listed in /etc/passwd with home directory set to "/var/ftp" and access rights to /var/ftp set to "drwxr-xr-x" and /var/ftp/incoming to "drwxrwxrwx"...could it be due to PAM maybe? I don't find any FTP log file in /var/log to investigate.
Edit: Here's a working configuration to let ftp/anonymous connect and upload files to /var/ftp:
listen=YES anonymous_enable=YES write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES
-
user15318 about 13 yearsThanks for the tip, but still no go: SELinux is disabled, and the dir/file permissions seems OK. I edited the question.
-
user15318 about 13 yearsThanks for the tip, but SELinux is disabled: # /usr/sbin/setsebool -P ftp_home_dir 1 : "setsebool: SELinux is disabled."
-
ILMostro_7 over 6 yearsDisabling SELinux is a bad idea, especially when it's blindly used to "solve" a problem with configuration.