The Problem
Log into vsftp server with anonymous user from ftp client, try to upload a file fails with error message:
# ftp vsftpsrv Connected to vsftpsrv (10.182.38.176). 220 (vsFTPd 2.0.5) Name (10.182.38.176:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> ls 227 Entering Passive Mode (10,182,38,176,29,34) 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Jan 09 2013 pub 226 Directory send OK. ftp> put vsftpd.txt mput vsftpd.txt? y 227 Entering Passive Mode (10,182,38,176,182,24) 550 Permission denied. ftp>
The Solution
By default, the anonymous user could not upload file nor create a directory on vsftp server by restricted in the configuration file.
1. On vsftp server, make sure below line exist and is not comment out in /etc/vsftpd/vsftpd.conf:
anon_upload_enable=YES
2. On vsftp server, create a sub directory under vsftpd “/” directory /var/ftp/
# mkdir /var/ftp/anon_upload
3. Then change the directory ownership to ftp:root and permission to 0777:
# chown ftp:root /var/ftp/anon_upload/ # chmod 0777 /var/ftp/anon_upload/ # stat /var/ftp/anon_upload/ File: `/var/ftp/anon_upload/' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fc00h/64512d Inode: 719500 Links: 2 Access: (0777/drwxrwxrwx) Uid: ( 14/ ftp) Gid: ( 0/ root) Access: 2014-02-25 09:27:47.000000000 -0500 Modify: 2014-02-25 09:26:04.000000000 -0500 Change: 2014-02-25 09:38:17.000000000 -0500
4. Restart vsftpd service on vsftp server:
# service vsftpd restart Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ]
5. Log into vsftp server from ftp client, upload file under new created directory:
# ftp vsftpsrv Connected to vsftpsrv (10.182.38.176). 220 (vsFTPd 2.0.5) Name (10.182.38.176:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> ls 227 Entering Passive Mode (10,182,38,176,205,23) 150 Here comes the directory listing. drwxrwxrwx 2 14 0 4096 Feb 25 14:26 anon_upload drwxr-xr-x 2 0 0 4096 Jan 09 2013 pub 226 Directory send OK. ftp> cd anon_upload 250 Directory successfully changed. ftp> put vsftpd.txt local: vsftpd.txt remote: vsftpd.txt 227 Entering Passive Mode (10,182,38,176,34,113) 150 Ok to send data. 226 File receive OK. 38 bytes sent in 1.3e-05 secs (2923.08 Kbytes/sec) ftp> ls 227 Entering Passive Mode (10,182,38,176,124,56) 150 Here comes the directory listing. -rw------- 1 14 50 38 Feb 25 14:39 vsftpd.txt 226 Directory send OK. ftp>
Common Errors:
1. If solution step 3 above is not set, then upload file with anonymous user will encounter below error:
# ftp vsftpsrv Connected to vsftpsrv (10.182.38.176). 220 (vsFTPd 2.0.5) Name (10.182.38.176:root): anonymous 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> ls 227 Entering Passive Mode (10,182,38,176,159,123) 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Feb 25 14:26 anon_upload drwxr-xr-x 2 0 0 4096 Jan 09 2013 pub 226 Directory send OK. ftp> cd anon_upload 250 Directory successfully changed. ftp> pwd 257 "/anon_upload" ftp> put vsftpd.txt local: vsftpd.txt remote: vsftpd.txt 227 Entering Passive Mode (10,182,38,176,179,248) 553 Could not create file. ftp>
2. If grant vsftpd “/” directory with 0775 permission: “# chmod -R 0775 /var/ftp”, then log in anonymous user will fail for security concern:
# ftp vsftpsrv Connected to vsftpsrv (10.182.38.176). 220 (vsFTPd 2.0.5) Name (10.182.38.176:root): anonymous 331 Please specify the password. Password: 500 OOPS: vsftpd: refusing to run with writable anonymous root Login failed. ftp>