vsftpd:refusing to run with writable root inside chroot()

说明:
一直使用vsftpd作为ftp服务器,最近升级了一下ubuntu系统,vsftpd版本升为2.3.5-1,仍然使用原来配置,登陆时出现问题:500 OOPS: vsftpd: refusing to run with writable root inside chroot()。新版vsftpd出于安全考虑,取消了用户对自己ftp家目录写的权限,用户不能拥有他被chroot限制的家目录写的权限。
如用户user1,ftp家目录为/src/ftp/user1,那么/src/ftp/user1对user1权限就应该是r__r__r__,不能有w的权限

实现:
因此解决方法是定义用户家目录为其上层目录。配置user1的家目录,将local_root=/srv/ftp/改为/srv/ftp/user1/这样以后进ftp就是进入/src/ftp,但要进入user1家目录还得再cd进去,有点麻烦。

有一种方法是把取消/src/ftp/user1目录写的权限,chmod a-w /src/ftp/user1,但这样,ftp用户user1没办法在自己的家目录下写,那还有什么意义!!

附录:
I’ve installed vsftp FTP server in Arch Linux, and trying to run it with pam virtual users in a chroot’ed environment I’ve got this error:

500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
This problem is caused because the users should not be able to write in the root directory they are chrooted to. One way to solve it, is to declare the root folder one level above the user folder.

Let’s say /srv/ftp/ instead of /srv/ftp/user1/

So, define:

local_root=/srv/ftp/
Instead of:

local_root=/srv/ftp/$USER/
The usual work around of doing this: chmod a-w /home/user will cause more problems than any good, as the user will lose his rights on his own home folder.

发表评论

邮箱地址不会被公开。 必填项已用*标注