500 OOPS: vsftpd: refusing to run with writable anonymous root (1812 Views)
Reply
Valued Contributor
Maaz
Posts: 1,229
Registered: ‎03-10-2004
Message 1 of 5 (1,812 Views)

500 OOPS: vsftpd: refusing to run with writable anonymous root

OS: rhl 9.0 and rhel 3.0
# rpm -q vsftpd
vsftpd-1.2.0-4

I was running vsfptd with all default options for a long time.
I simply remove '#' to enable 'anon_upload_enable=YES', but by doing so, ftp/anonymous user is unable to login. when ftp 10.0.0.100
Connected to 10.0.0.100.
220 (vsFTPd 1.2.0)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.0.0.100:root): ftp
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.
421 Service not available, remote server has closed connection
ftp>

I even disable 'anon_upload_enable=YES' option by inserting '#', in vsftpd.conf file.. but it neither allowed anonymous/ftp user to even login, i.e vsftpd behave same as when 'anon_upload_enable=YES' was enable. hence, I then uninstall and then reinstall vsftpd, so that ftp/anonymous users can login, to download files

But real users can work pretty fine, i.e. real users are working without any error or prblm

/etc/vsftpd/vsftpd.conf is attached

Any help will b highly appreciated

Regards
Maaz
Honored Contributor
Vitaly Karasik_1
Posts: 1,461
Registered: ‎10-22-2002
Message 2 of 5 (1,812 Views)

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

can you send us output of "ls -ld ~ftp" ?
Valued Contributor
Maaz
Posts: 1,229
Registered: ‎03-10-2004
Message 3 of 5 (1,812 Views)

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Dear Vitaly Karasik ... Many Thanks for the help

hmm the prblm is that i did
'chmod o+w /var/ftp'
so that anonymous users can upload their files.. but this was the bad thing I did, bcause /var/ftp must be readonly for others. Now i created a directory /var/ftp/upload, and then
'chmod o+w /var/ftp/upload', and 'chmod o-w /var/ftp'

Regards
Maaz
Valued Contributor
Maaz
Posts: 1,229
Registered: ‎03-10-2004
Message 4 of 5 (1,812 Views)

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

anon_upload=YES only works when /var/ftp must be owned by owner and group root, and must have readonly permissions set for group, and others.
close
Occasional Visitor
johnwei
Posts: 1
Registered: ‎06-14-2007
Message 5 of 5 (1,812 Views)

Re: 500 OOPS: vsftpd: refusing to run with writable anonymous root

Following are the common errors you will encounter when setting anonymous vsftp vsftpd-2.0.5

4) error: need to access to a designated dir for anonymous ftp
Set following:
anon_root=/var/www/html/docs

5) error: 500 OOPS: vsftpd: refusing to run with writable anonymous root
sympton:
[root@localhost ~]# ftp 70.234.256.239
Connected to 70.234.256.239.
220 Welcome to My FTP service.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (70.234.256.239:root): anonymous
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login failed.

Reason:
Change attribute of ftp directory from
drwxrwxrwx 3 root root 4096 Jun 13 18:42 docs
To
dr-xr-xr-x 3 root root 4096 Jun 13 18:42 docs

6) error: 553 Could not create file.
Sympton:
ftp> put t.txt
local: t.txt remote: t.txt
227 Entering Passive Mode (192,168,1,103,245,163)
553 Could not create file.

Reason:
You need to create a sub dir under ftp dir with 0777 attribute as

drwxrwxrwx 2 ftp ftp 4096 Jun 15 00:40 pub

7) error: anonymously uploaded file has attribute (mask) 0600,
these files could not be downloaded

rw------- 3 root root 4096 Jun 13 18:42 t.txt

Reason:
anon_umask=0133 does not take effect in the code.
In the file "postlogin.c", make following changes:

//vsf_sysutil_fchmod(new_file_fd, 0600); //jwei removes
vsf_sysutil_fchmod(new_file_fd, 0777^tunable_anon_umask); //jwei adds

recompile and cp to /usr/local/sbin/vsftpd

8) error: 425 Security: Bad IP connecting.
ftp>ls
425 Security: Bad IP connecting.

Reason:
Set following:
pasv_promiscuous=YES

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.