vsftpd: refusing to run with writable root inside chroot()

July 27, 2013 16.9k views
I have installed vsftpd on my Ubuntu 12.04 x32 I have set up vsftpd.conf and uncommented local_enable=YES and write_enable=YES and chroot_local_user=YES (both of them). I had already installed apache server in /home/var/www/ so I did a chown root:root /var/www/ When I try to login with the root username and password to the ftp server. I get the error vsftpd: refusing to run with writable root inside chroot()
22 Answers
Try a another user then root
what other user? The installation did not ask me to assign or create a new user for vsftpd.
I don't know what else to try.
I just created another username and gave it root access. I'm getting the same error.
You have to chmod 755 /var/www as well, it's a vsftpd restriction.
Now I'm getting [7/27/2013 7:57:27 AM] 530 Login incorrect.
I have no idea what's going on.
I did chmod 755 /var/www
no good
Do you see any errors in vsftpd's logs?
How can I check them?
I'm not very experienced with this, sorry.
Run "tail /var/log/vsftpd.log"
I got this

root@maghnatis:~# tail /var/log/vsftpd.log
Sat Jul 27 18:57:50 2013 [pid 2] CONNECT: Client "41.159.129.15"
Sat Jul 27 18:57:52 2013 [pid 1] [root] FAIL LOGIN: Client "41.159.129.15"
Sat Jul 27 18:59:34 2013 [pid 2] CONNECT: Client "41.159.129.15"
Sat Jul 27 18:59:37 2013 [pid 1] [root] FAIL LOGIN: Client "41.159.129.15"
Sat Jul 27 19:01:10 2013 [pid 2] CONNECT: Client "41.159.129.15"
Sat Jul 27 19:01:12 2013 [pid 1] [root] FAIL LOGIN: Client "41.159.129.15"
Sat Jul 27 19:01:29 2013 [pid 2] CONNECT: Client "41.159.129.15"
Sat Jul 27 19:01:32 2013 [pid 1] [root] FAIL LOGIN: Client "41.159.129.15"
Sat Jul 27 19:01:46 2013 [pid 2] CONNECT: Client "41.159.129.15"
Sat Jul 27 19:01:46 2013 [pid 1] [snitz] OK LOGIN: Client "41.159.129.15"
You can't log in as root via FTP. You have to use another user: https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-12-04
by Etel Sverdlov
This tutorial covers how to login with root, how to change the root password, how to create a new user, how to give the new user root privileges, how to change the port, and how to disable root login in. This tutorial is written for Ubuntu. When you first create your server, this tutorial explains the first steps you need to take. This tutorial is written for Ubuntu 12.04.
I did. I created "snitz" and gave it root access. I tried logging in with that, didn't work.
> Sat Jul 27 19:01:46 2013 [pid 1] [snitz] OK LOGIN: Client "41.159.129.15"

You were able to log in as snitz. Does your FTP client output an error when you try to login as snitz?
How did you give snitz root access?
I was just able to login with "snitz" but its taking me to /home/snitz but my files are in /var/www

I gave "snitz" root access following this tutorial: https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-12-04

visudo
by Etel Sverdlov
This tutorial covers how to login with root, how to change the root password, how to create a new user, how to give the new user root privileges, how to change the port, and how to disable root login in. This tutorial is written for Ubuntu. When you first create your server, this tutorial explains the first steps you need to take. This tutorial is written for Ubuntu 12.04.
Have you tried employing the solution that @vic.palm2849 described, here: Set up vsftpd but now I'm getting 550 Permission denied error?
Yes, I tried that. It stopped logging in altogether.

Now I am able to login just fine but it's taking me to the wrong directory. Maybe I need to tie the username I'm login in with to /var/www
"Maybe I need to tie the username I'm login in with to /var/www"

Yes! You need to do that. You don't necessarily have to have the user own that directory, however. Simply put the user in the same group.
I have no idea how to do that. I'm googling it, no luck so far.
The Ubuntu Server Guide suggests:

Sharing Write Permission


For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www to the group webmasters.

sudo chgrp -R webmasters /var/www

sudo find /var/www -type d -exec chmod g=rwxs "{}" \;
sudo find /var/www -type f -exec chmod g=rws "{}" \;

See HTTPD - Apache2 Web Server.
Since you're chrooted to /home/snitz, move /var/www/* to /home/snitz/www/* so that you can edit the files.
I'v added allow_writeable_chroot=YES to the end of the vsftp.conf file, located on /etc/
Have another answer? Share your knowledge.