vsftpd: refusing to run with writable anonymous root

I have an annoying problem with vsftpd. Everytime I try to log in
anonymously to vsftpd, I get the following error:

500 OOPS: vsftpd: refusing to run with writable anonymous root

I checked the FAQ and it says that the user that runs as the daemon (in this
case user "ftp") cannot have write access to the anonymous root directory
(this is an anonymous only ftp server). Ummm, but if this is the case, how
is it possible that ANYONE can upload files then? Doesn't the daemon user
need would have to have "write access" on the directory for a user to upload
anonymously? So why is teh computer saying: "". this doesn't make sense!

I set anonymous uploading made possible by the following directives:
anonymous_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_root=/usr/VOL1/ftp


Anyways, I have tried checking google, and deja and even went waded through
some of the C code to see what was going on, but I am at a loss. Yes, I have
checked the FAQ, and this is the only thing it says:
> Q) Help! I'm getting the error message "refusing to run with writable
anonymous
> root".
> A) vsftpd is protecting against dangerous configurations. The cause of
this
> message is usually dodgy ownership of the ftp home directory. The home
> directory should NOT be owned by the ftp user itself. Neither should it
> be writable by the ftp user. A way to fix this is:
> chown root ~ftp; chmod -w ~ftp

But it contradicts the whole concept of uploading!

Anyone can help me out on this one?

- Steve

PS Here is my configuration file. I am using vsftpd 1.1.3

500 OOPS: vsftpd: refusing to run with writable anonymous root

anonymous_enable=YES
local_enable=NO
write_enable=YES
local_umask=117
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=NO
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftpsecure
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to Model Printing ftp service
ls_recurse_enable=YES
anon_root=/usr/VOL1/ftp
log_ftp_protocol=YES
xferlog_enable=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty








----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Quezadas wrote:
| I have an annoying problem with vsftpd. Everytime I try to log in
| anonymously to vsftpd, I get the following error:
|
| 500 OOPS: vsftpd: refusing to run with writable anonymous root
|
| I checked the FAQ and it says that the user that runs as the daemon
(in this
| case user "ftp") cannot have write access to the anonymous root directory
| (this is an anonymous only ftp server). Ummm, but if this is the case, how
| is it possible that ANYONE can upload files then? Doesn't the daemon user
| need would have to have "write access" on the directory for a user to
upload
| anonymously? So why is teh computer saying: "". this doesn't make sense!
|
| I set anonymous uploading made possible by the following directives:
| anonymous_enable=YES
| anon_upload_enable=YES
| anon_mkdir_write_enable=YES
| anon_root=/usr/VOL1/ftp
|
|
| Anyways, I have tried checking google, and deja and even went waded
through
| some of the C code to see what was going on, but I am at a loss. Yes,
I have
| checked the FAQ, and this is the only thing it says:
|
|>Q) Help! I'm getting the error message "refusing to run with writable
|
| anonymous
|
|>root".
|>A) vsftpd is protecting against dangerous configurations. The cause of
|
| this
|
|>message is usually dodgy ownership of the ftp home directory. The home
|>directory should NOT be owned by the ftp user itself. Neither should it
|>be writable by the ftp user. A way to fix this is:
|>chown root ~ftp; chmod -w ~ftp
|
|
| But it contradicts the whole concept of uploading!
|
| Anyone can help me out on this one?
|
| - Steve
|
| PS Here is my configuration file. I am using vsftpd 1.1.3
|
| 500 OOPS: vsftpd: refusing to run with writable anonymous root
|
| anonymous_enable=YES
| local_enable=NO
| write_enable=YES
| local_umask=117
| anon_upload_enable=YES
| anon_mkdir_write_enable=YES
| dirmessage_enable=NO
| xferlog_enable=YES
| connect_from_port_20=YES
| chown_uploads=YES
| chown_username=ftpsecure
| ascii_upload_enable=YES
| ascii_download_enable=YES
| ftpd_banner=Welcome to Model Printing ftp service
| ls_recurse_enable=YES
| anon_root=/usr/VOL1/ftp
| log_ftp_protocol=YES
| xferlog_enable=YES
| secure_chroot_dir=/usr/local/share/vsftpd/empty
|
|

Hi, A wild guess from me, (using vsftpd also. )

who's the owner of dir '/usr/VOL1/ftp' ? This should be set to user
'ftp'. Good luck!

- --

Best regards,
Wong Kum Weng

+----------------------------------------------------------+
| If it happens once, it's a bug. |
| If it happens twice, it's a feature. |
| If it happens more than twice, it's a design philosophy. |
+----------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAYX1H1bXyj+2X4JERApFLAJ9bADBHLKxbM2+1/MKkLOE1QB4z+QCcCqPI
dDez9QPYnYK8NclBrebUGnA=
=bvNa
-----END PGP SIGNATURE-----