vsFTPd stopped working after update

12.04 vsftpd

50,393

Solution 1

I have this issue as well and think it's because of the new vsFTPd update to enhance security, so in the meantime I use this solution.

I chmod the folder that my FTP user comes in to as he/she first login (root folder) by using this in the terminal: sudo chmod a-w /home/user

You can change /home/user to whatever is your FTP user's root folder.
Create a subfolder within the folder, either by the use of GUI, or if you only have a terminal, it's: sudo mkdir /home/user/newfolder

Now you should be able to log in and read write within the "newfolder". You will NOT be able to write in the root folder itself from the FTP client with the chmod a-w, so that is the reason for the subfolder, and there you can.

I guess there will be a fix in a not-so-long time, but in the meantime I hope this helps.

Solution 2

Somebody backported the feature to add allow_writeable_chroot=YES from version 3.0.0 to 2.3.5 (see this blog entry).

To install on Ubuntu 12.04 (Precise Pangolin), run the following commands as root:

add-apt-repository ppa:thefrontiergroup/vsftpd
apt-get update
apt-get install vsftpd
echo allow_writeable_chroot=YES >> /etc/vsftpd.conf

Note that there seems to an option allow_writable_chroot=YES in vsftpd-ext - note the mssing e! (or is this a typo in the blog post?)

Solution 3

vsFTPd 3.0.0 adds a configuration option,

allow_writeable_chroot=YES

to again enable the previous behavior (source: Fixing 500 OOPS: vsFTPd: refusing to run with writable root inside chroot(), comment from Brian K. White).

Unfortunately, 3.0.0 is not yet packaged by Ubuntu. So in the meantime, downgrade to some older version. For example, I am using this one on Ubuntu 12.04 (Precise Pangolin): http://packages.ubuntu.com/oneiric-updates/vsftpd

50,393

Goulash

I prefer to keep an air of mystery about me.

Updated on September 18, 2022

Comments

Goulash almost 2 years
I have just updated to Ubuntu 12.04 LTS (Precise Pangolin) from Ubuntu Server 11.10 (Oneiric Ocelot).

It updated my vsFTPd installation, and it seems that something has changed :/ I use PAM authentication. What could have changed to cause this?

When trying to connect to the FTP server I get this error:
```
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
```
I tried googling it, and it said to add allow_writable_root=YES to the configuration file - however when I try this and try restarting vsftpd it can't restart. Why?

Here is how I actually fixed it:
```
wget http://http.us.debian.org/debian/pool/main/v/vsftpd/vsftpd_3.0.2-3_amd64.deb -O vsftpd.deb
dpkg -i vsftpd.deb
echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf
service vsftpd reload
```
And voila :)
- trejder about 11 years
  
  Link, you provided for wget parameter, is dead. Probably, because version 3.0.2-3 is now out. Anyone facing this problem, should visit this site to get correct link. Above mentioned link is for 64-bit platform. To find links for this package for other platforms, like for example 32-bit, follow to this page and scroll down to Download vsftpd section.
Goulash about 12 years

The only fix I can find is to install vsftpd-ext and replace vsftpd which allows the use of allow_writable_root, but it only comes as a .tar.gz file, and I am very new to linux and can't seem to get it to build :/ in the end i just forced a downgrade to the old version of vsftpd I used to run
Admin almost 12 years

Isnt doing a chmod a-w "forbidden" by the linux jedi masters? since youd be granting 666 permission?
lumbric over 11 years

Could you add instructions how to install the Oneiric package you linked? Should I manually download the package? I suppose adding oneiric-updates to my repositories will mess up things quite a lot.
Anish about 11 years

+1 - this certainly seems like the best option, and thanks to The Frontier Group for providing this PPA. But users should note that this takes you "off-piste". Due to the nature of what it does, vsftpd is a little exposed security-wise, and should a vulnerability be found in vsftpd in the future, then users are dependent on the PPA owner to update it, or users will need to find another solution at that time. It would be wise to subscribe to the ubuntu-security-announce mailing list and watch for vsftpd security announcements if you go down this route.
mlambie over 10 years

Our DEVOPS team created that package - leave a comment on the blog article if you have any individual problems you need help solving and they'll assist you.