# ftp server (vsftpd) anon write access [solved]

## ahadley

I am running (just setting up) vsftpd to allow anonymous write access (so people can upload pictures in bulk for a gallery site...), however, i can have anon log on, and ls and the like, but cannot mkdir or put unless i chmod the ftp folder to 777 on the server, 775 or 755 wont let anonymous do that.

Now, i am fairly new to the server game, and am concerned that 777ing it would allow anon users to execute scripts on my server, am i right in this, and if so does anyone have any suggestions?

thanks in advance,

alex

----------

## benjones

Make sure anon_upload_enable and write_enable are set in vsftpd.conf.  Set anon_mkdir_write_enable if you want users to be able to create directories.  Then just chown the ftp area so that the ftp user (or something else if you set it with ftp_username in vsftpd.conf) has write access, and you should be ok.  No need for 777.

----------

## ahadley

I tried chown /path/to/ftp/area to ftp_user and also tried to ftp_group (both exist and have been entered in the conf) but to no avail.

```

anonymous_enable=YES

#local_enable=YES

write_enable=YES

local_umask=077

anon_upload_enable=YES

anon_mkdir_write_enable=YES

dirmessage_enable=YES

connect_from_port_20=YES

# recommended!

#chown_uploads=YES

#chown_username=whoever

xferlog_enable=YES

#xferlog_std_format=YES

xferlog_file=/server/ftp/vsftpd.log

#idle_session_timeout=600

#data_connection_timeout=120

nopriv_user=ftp_user

#async_abor_enable=YES

#ascii_upload_enable=YES

#ascii_download_enable=YES

#ftpd_banner=Welcome to blah FTP service.

#deny_email_enable=YES

#banned_email_file=/etc/vsftpd/vsftpd.banned_emails

#chroot_list_enable=YES

#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

#ls_recurse_enable=YES

anon_root=/path/to/ftp/area

```

I have also tried various chowns, currently:

```

ls -l

drwxrwxr-x  3 ftp_user ftp_group 160 Jan  9 12:25 ftp

```

but to no avail either.

I appologies for being a pain,

and thanks for the help thus far.

Alex

----------

## benjones

Hmmm, from man vsftpd.conf - 

```

       ftp_username

              This is the name of the user we use for handling anonymous  FTP.

              The home directory of this user is the root of the anonymous FTP

              area.

              Default: ftp

```

You seem to have your ftp dir chowned to ftp_user.  How about adding:

```

ftp_username=ftp_user

```

I see that you've set nopriv_user to ftp_user, but that is the user that vsftpd itself drops to when it doesn't need to run as root.

----------

## ahadley

Cheers for the insight,

 I set

```
nopriv_user=nobody
```

and also added

```
ftp_username=ftp_user
```

but now have a privaleges problem:

When logging on with ftp folder as anything such as 700, 755, 777 or the like it gives:

```
500 OOPS: vsftpd: refusing to run with writable anonymous root

Login failed.

```

but logging on as anything like 500 lets me get on but won't even let me ls or mkdir or the like... e.g.

```
ls

Transfer done (but failed to open directory).
```

The only way i can find to work is to:

```
chmod 500 ftp

ftp localhost

chmod 700 ftp (whilst ftp'd on in another session)
```

that way i can get on and also actually do stuff when on...

but this obviously isn't possible for remote users

----------

## benjones

Oh yeah, your ftp / can't be writeable, I think vsftpd considers that insecure (and it is the very secure ftpd after all).  Create an /incoming, and allow that to be writeable by ftp_user.

See the third Q in the FAQ at www.polarhome.com:793/manual/vsftpd-1.1.3/FAQ

----------

## ahadley

Thankyou indeed... this was the key information i was looking for,

 sorry for not being a little more sensible...  oh well, we live and learn,

Thanks,

Alex

----------

## ahadley

have changed title to solved to reflect this fact.

thanks again Ben

----------

