Environment: Ubuntu9.04Server + VSFTPD2.0.7slmagicbox @ ubuntu904server :~ $ Uname-aLinuxubuntu904server2.6.28-11-server #42-effectusmpfriapr1702: 48: 10UTC2009i686GNU/Linuxslmagicbox @ ubuntu904server :~ $ Environment: Ubuntu 9.04 Server + VSFTPD 2.0.7slmagicbox @ ubuntu904server :~ $ Uname-
Linux ubuntu904server 2.6.28-11-server # 42-Ubuntu SMP Fri Apr 17 02:48:10 UTC 2009 i686 GNU/Linux
Slmagicbox @ ubuntu904server :~ $ Dpkg-l | grep vsftpd
Ii vsftpd 2.0.7-0ubuntu1 The Very Secure FTP Daemon
Original configuration file/etc/vsftpd. conf: This configuration file is generated by default after vsftpd is installed. It starts with "#" as a comment.
# Example config file/etc/vsftpd. conf Listen = YES# Run vsftpd in standalone Mode # Listen_ipv6 = YES Anonymous_enable = YES# Allow anonymous users to access # Local_enable = YES # Write_enable = YES # Local_umask = 022 # Anon_upload_enable = YES # Anon_mkdir_write_enable = YES Dirmessage_enable = YES# When you enter the FTP server directory for the first time, the message under the directory is displayed. The default value is the. message file, which can be defined by message_file. Xferlog_enable = YES# Enable log, default path/var/log/vsftpd. log Connect_from_port_20 = YES# Use the default ftp-data port (Port 20) for data connection) # Chown_uploads = YES # Chown_username = whoever # Xferlog_file =/var/log/vsftpd. log # Xferlog_std_format = YES # Idle_session_timeout = 600 # Data_connection_timeout = 120 # Nopriv_user = ft1_cure # Async_abor_enable = YES # Ascii_upload_enable = YES # Ascii_download_enable = YES # Ftpd_banner = Welcome to blah FTP service. # Deny_email_enable = YES # Banned_email_file =/etc/vsftpd. banned_emails
# Chroot_list_enable below. # Chroot_local_user = YES # Chroot_list_enable = YES # Chroot_list_file =/etc/vsftpd. chroot_list # Ls_recurse_enable = YES
# Debian customization Secure_chroot_dir =/var/run/vsftpd# Ignore Pam_service_name = vsftpd# Ignore Rsa_cert_file =/etc/ssl/certs/ssl-cert-snakeoil.pem# Ignore Rsa_private_key_file =/etc/ssl/private/ssl-cert-snakeoil.key# Ignore |
Slmagicbox @ ubuntu904server :~ $Cd/home
Slmagicbox @ ubuntu904server:/home $Ls-l | grep ftp
Drwxr-xr-x 2 root nogroup 4096 ftp
Function: 1) default features:
Anonymous Users can log on and download images. However, you do not have the upload or modification permissions. Www.linuxidc.com and restricted access under the ftp user folder (/home/ftp.
2) Anonymous user upload:
Write_enable = YES # Enable global upload
Anon_upload_enable = YES # Enable Anonymous user upload
Anon_mkdir_write_enable = YES # Enable the Folder creation permission for anonymous users. We recommend that you do not enable this permission.
Slmagicbox @ ubuntu904server:/home $ sudo chown-R ftp \: ftp/
Slmagicbox @ ubuntu904server:/home $ ls-l | grep ftp
Drwxr-xr-x 2 ftp nogroup 4096 ftp
Result error:500 OOPS: vsftpd: refusing to run with writable anonymous root
Cause:The user that runs as the daemon (in this case user "ftp") cannot have write access to the anonymous root directory.
Conclusion:The root directory of an anonymous user (/home/ftp) cannot be used as the upload directory. You need to create a folder and enable the write permission.
Slmagicbox @ ubuntu904server:/home $ sudo chown-R root: nogroup ftp
Slmagicbox @ ubuntu904server:/$ cd/home/ftp
Slmagicbox @ ubuntu904server:/home/ftp $ sudo mkdir upload
Slmagicbox @ ubuntu904server:/home/ftp $ sudo chown ftp \: upload/
Slmagicbox @ ubuntu904server:/home/ftp $ sudo chmod 755 upload
Slmagicbox @ ubuntu904server:/home/ftp $ ls-l
Drwxr-xr-x 2 ftp nogroup 4096 upload
Verification: ### *** (1) create a folder through ftp (2) upload a file to the upload directory through ftp, and check the permissions of both ***###
Slmagicbox @ ubuntu904server:/home/ftp/upload $ ls-l
-Rw ------- 1 ftp nogroup 0 test2 # By default, an anonymous user uploads umask = 077, so the File Upload permission is 666-077 = 600.
Drwx ------ 2 ftp nogroup 4096 test # By default, an anonymous user uploads umask = 077, so the upload folder permission is 777-077 = 700.