After upgrading vsftpd or vsftpd-ext you may be getting the following message when trying to log in.
500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
This is due to the following update:
- Add stronger checks for the configuration error of running with a writeable
root directory inside a chroot(). This may bite people who carelessly turned
on chroot_local_user but such is life.
The problem is that your users root directory is writable, which isn’t allowed when using chroot restrictions in the new update.
To fix this you must either remove write permissions on the users root directory with the following command, replacing the directory with your users root:
chmod a-w /home/user
Or you can work around this security check by adding either of the two below into your configuration file.
For the standard vsFTPd build (vsftpd):
allow_writeable_chroot=YES
For the extended vsFTPd build (vsftpd-ext):
allow_writable_chroot=YES
Removing the write permission on the root isn’t a perfect solution as doing this can cause a few problems with things that need to write to the root directory, such as the bash history file or some graphical environments.
Dmitriy has suggested 3 ways to also overcome this problem, be sure to check them out.