vsftpd: ECONNREFUSED with "allow_writeable_chroot=YES"
Solution 1
I solved the problem by giving the user no write permission to his root directory but establishing subfolders with write permissions, so that he is still able to upload files. Not into the root, but into the subfolders. Not perfectly nice, but it works!
Solution 2
In earlier versions, the allow_writeable_chroot=YES
configuration option is not available (it was added in vsftpd version 3 onwards).
As the other answer states, you can create write permissions on subfolders, but keep the chroot folder (and hidden files within) read-only.
In my implementation, you can create another /home/username folder within the chroot. In this way, connecting to the FTP server will default into the user's home directory relative to the chroot.
In my user account creation script, this is how this is accomplished (all commands run as sudo):
chown root:root /home/$username
mkdir -p /home/$username/home/$username
chown $username:$username /home/$username/home/$username
Then, when a user logs into the ftp server, they have a new home folder relative to their chroot. They own this folder, and they can make changes within the folder. Additional configuration may be required to set it as their default login folder (passwd?); when a user clicks on their "home" button on whichever ftp client they are using, it will take them to this folder.
Related videos on Youtube
heinob
We are running the first and only web-based physician's information system that is, due to client-side data encryption and many other state-of-the-art technologies, applicable with the german data security laws.
Updated on September 18, 2022Comments
-
heinob over 1 year
When setting up vsftpd I am trapped. When I leave the ftpuser's home directory without write permission I can login and all is fine despite the fact, that I cannot write (of course). When I add write permission I get something like
cannot change to directory with write permissions if user is chrooted
Then I added
allow_writeable_chroot=YES
to vsftpd.conf. But now I get
ECONNREFUSED - Connection refused by serverss
I am lost. What am I doing wrong?
Here ist my configuration:
ubuntu 12.04 - vsftpd 2.3.5 - etc/vsftpd.conf:
write_enable=YES dirmessage_enable=YES ftpd_banner="Welcome to my FTP service." local_enable=YES local_umask=022 chroot_local_user=YES allow_writeable_chroot=YES anonymous_enable=YES anon_upload_enable=YES anon_umask=022 anon_mkdir_write_enable=YES anon_other_write_enable=YES syslog_enable=YES connect_from_port_20=YES ascii_upload_enable=YES ascii_download_enable=YES pam_service_name=vsftpd listen=YES
-
mgorven almost 12 yearsThat usually means that vsftpd is not running. Check for output when you try to start it, and messages in logfiles.
-
mgorven almost 12 yearsvsftpd on Ubuntu 12.04 does not have that
allow_writeable_chroot
option. What version of vsftpd are you running and on which OS? Please provide your entire configuration. -
heinob almost 12 yearsYou both were right. I had a starting problem and now vsftpd sais: "500 OOPS: unrecognised variable in config file: allow_writeable_chroot". So, how can I chroot users in their home directory AND give them write permission?
-
mgorven almost 12 yearsPlease provide your entire configuration.
-