vsftpd: ECONNREFUSED with "allow_writeable_chroot=YES"

ubuntu permissions ftp vsftpd

26,050

Solution 1

I solved the problem by giving the user no write permission to his root directory but establishing subfolders with write permissions, so that he is still able to upload files. Not into the root, but into the subfolders. Not perfectly nice, but it works!

Solution 2

In earlier versions, the allow_writeable_chroot=YES configuration option is not available (it was added in vsftpd version 3 onwards).

As the other answer states, you can create write permissions on subfolders, but keep the chroot folder (and hidden files within) read-only.

In my implementation, you can create another /home/username folder within the chroot. In this way, connecting to the FTP server will default into the user's home directory relative to the chroot.

In my user account creation script, this is how this is accomplished (all commands run as sudo):

chown root:root /home/$username
mkdir -p /home/$username/home/$username
chown $username:$username /home/$username/home/$username

Then, when a user logs into the ftp server, they have a new home folder relative to their chroot. They own this folder, and they can make changes within the folder. Additional configuration may be required to set it as their default login folder (passwd?); when a user clicks on their "home" button on whichever ftp client they are using, it will take them to this folder.

26,050

heinob

We are running the first and only web-based physician's information system that is, due to client-side data encryption and many other state-of-the-art technologies, applicable with the german data security laws.

Updated on September 18, 2022

Comments

heinob over 1 year
When setting up vsftpd I am trapped. When I leave the ftpuser's home directory without write permission I can login and all is fine despite the fact, that I cannot write (of course). When I add write permission I get something like
```
cannot change to directory with write permissions if user is chrooted
```
Then I added
```
allow_writeable_chroot=YES
```
to vsftpd.conf. But now I get
```
ECONNREFUSED - Connection refused by serverss
```
I am lost. What am I doing wrong?

Here ist my configuration:

ubuntu 12.04 - vsftpd 2.3.5 - etc/vsftpd.conf:
```
write_enable=YES
dirmessage_enable=YES
ftpd_banner="Welcome to my FTP service."
local_enable=YES
local_umask=022
chroot_local_user=YES
allow_writeable_chroot=YES
anonymous_enable=YES
anon_upload_enable=YES
anon_umask=022
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
syslog_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
pam_service_name=vsftpd
listen=YES
```
- mgorven almost 12 years
  
  That usually means that vsftpd is not running. Check for output when you try to start it, and messages in logfiles.
- mgorven almost 12 years
  
  vsftpd on Ubuntu 12.04 does not have that allow_writeable_chroot option. What version of vsftpd are you running and on which OS? Please provide your entire configuration.
- heinob almost 12 years
  
  You both were right. I had a starting problem and now vsftpd sais: "500 OOPS: unrecognised variable in config file: allow_writeable_chroot". So, how can I chroot users in their home directory AND give them write permission?
- mgorven almost 12 years
  
  Please provide your entire configuration.