# vsftpd: allow_writeable_chroot option not working

## Bigun

As of vsftpd version 2.3.5, they added extra security to the program that will disallow the user from logging in if their root home directory has write permissions.  According to this page, putting the option allow_writeable_chroot=YES into your vsftpd.conf file would disable this new security.  However, it seems in Gentoo, it does not.  

```
unrecognised variable in config file: allow_writeable_chroot
```

As a temporary fix, I have masked v2.3.5 and gone back to v2.3.4.

AND before the lectures begin on good security practice, keep in mind that most of my users have SSH access as well, this would effect the bash history files among other things.  It's just annoying to force users into a corner by not running a critical service if a possible security risk could exist.

----------

## gerdesj

 *Bigun wrote:*   

> As of vsftpd version 2.3.5, they added extra security to the program that will disallow the user from logging in if their root home directory has write permissions.  According to this page, putting the option allow_writeable_chroot=YES into your vsftpd.conf file would disable this new security.  However, it seems in Gentoo, it does not.  
> 
> ```
> unrecognised variable in config file: allow_writeable_chroot
> ```
> ...

 

First off if your users have ssh access why not simply use sftp and get rid of ftp(s)?

I have not done a great deal of testing but I emerged vsftp and added this to the conf:

```

chroot_local_user=YES

allow_writeable_chroot=YES

```

and had no errors and I uploaded a large file to the server.

Sorry, just checked again and I have version 3.0.0 installed, perhaps you should try that.

Cheers

Jon

----------

