vsftpd has a 530 and 500 error problem resolution

VSFTP 530 Login And And 500 OOPS: vsftpd: refusing to run with writable anonymous root wrong solution

530 Login incorrect:

To restrict anonymous users in the file, do the following Settings:

anonymous_enable=NO 
userlist_enable=YES 
userlist_deny=NO 
userlist_file=/etc/vsftpd.user_list 
 

This makes ftp accessible only to users inside user_list.

But after service vsftpd restart, ftp localhost test, after entering the correct user name and password, 1 straight display :530 Login incorrect
Login Failed

Later, I found a folder pam. d under etc. I went in and opened the file vsftpd

Interpretation of the fall:

#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

Problem solving.

500 OOPS: vsftpd: refusing to run with writable anonymous root

If we had started the vsFTPd server, the login test would have prompted something like the following:

500 OOPS: vsftpd: refusing to run with writable anonymous root

This means that the permissions of the ftp user's root directory are incorrect and should be changed.

[root@localhost ~]# more /etc/passwd | grep ftp
ftp:x:1000:1000:FTP User:/var/ftp:/sbin/nologin

We found that the root directory of ftp user is /var/ftp, which is caused by the incorrect permission of this /var/ftp. The permission of this directory cannot open all the permissions. You ran chmod 777/var /ftp; If you don't have the ftp user root, of course you have to create one yourself. The following root directory of FTP users is not fully open to all users, user groups, and other user groups.

[root@localhost ~]# ls -ld /var/ftp
drwxrwxrwx 3 root root 4096 2005-03-23 /var/ftp

To correct this error, you can:

[root@localhost ~]# chown root:root /var/ftp
[root@localhost ~]# chmod 755 /var/ftp

Some of you might say, what about the ability of anonymous users to read, download, and upload? This is also simple, under /var/ftp, create another directory with 777 permissions, and change 1 to vsftpd.conf to OK; Nothing is difficult;
For security reasons, vsFTPd is not allowed to allow the permissions of the root directory of ftp users to be completely unlimited. Otherwise it wouldn't be the most secure FTP server, would it?"
Attached is the configuration file of VSFTP:

#About host settings 
connect_from_port_20=YES 
# Remember the former 1 The active wiring used as mentioned in the section FTP The port number of the server? This is the ftp-data The port number;  
 
listen_port=21 
#vsftpd The port number of the command channel to use, if you want to use an informal port number, modify it in this configuration item! But you have to know that this setting is only appropriate stand alone The way to start wow!  ( for super daemon invalid ) 
 
dirmessage_enable=YES 
# When the user enters a directory, it will display the contents that the directory needs to pay attention to. The default file displayed is .message  , you can use the Settings below to modify!  
 
message_file=.message 
# when dirmessage_enable=YES , you can set the project to allow vsftpd Find this file to display messages!  
 
listen=YES 
# If set to YES said vsftpd Based on standalone The way to start!  
 
pasv_enable=YES 
# Activate the passive connection mode (passive mode) . 1 It has to be set to YES !  
 
use_localtime=YES 
# Are you using local time?  vsftpd Use the default GMT time ( Greenwich ) , so it will be later than Taiwan 8 Hour, it is recommended to set as YES !!!!  
 
write_enable=YES 
# If you allow users to upload data, this setting is activated;  
 
connect_timeout=60 
# The units are seconds, and in the active connection mode of data connection, we send the connection signal in 60 If you cannot get a response from the client within seconds, do not wait and force the disconnect.  
 
accept_timeout=60 
# When the user is passive PASV To perform data transfer if the host is enabled passive port And wait for client More than 60 Seconds and no response, then give him a forced break! The set value and connect_timeout Similar, but 1 One is managing active connections, 1 Manage passive connections.  
 
data_connection_timeout=300 
# If the data connection between the server and the client has been successfully established ( Whether active or passive ) But it could be due to a line problem 300 If the data transfer cannot be completed successfully within seconds, the client's connection will be terminated by us vsftpd Forced cull!  
 
idle_session_timeout=300 
# If the user is 300 No command action in seconds, force offline!  
 
max_clients=50 
# if vsftpd Based on stand alone The way to start, then the setting project can be set as 1 Time, at most client You can connect it at the same time vsftpd !   ?  
 
max_per_ip=5 
# With the above max_clients Similar, same here 1 a IP with 1 How many connections are allowed in time?  
 
pasv_min_port=0, pasv_max_port=0 
# The top two are and passive mode The use of port number About if you want to use 65400 to 65410 this 11 a port To make a passive connection mode connection, which can be set like this pasv_max_port=65410 As well as pasv_min_port=65400 . If it is 0 It means random access without restriction.  
 
#ftpd_banner=1 The words are clear  
 
# When the user connects to the vsftpd When the FTP A caption that appears on the client software. However, this set point data is less! It is recommended that you use the Settings below to replace the item;  
 
banner_file=/etc/vsftpd/welcome.txt 
# This project can specify a text file to log in as a user vsftpd The welcome word displayed on the server.  
# 
 
# 
# 
#Entity user settings 
# 
guest_enable=NO 
# If this value is set to YES When, then any non anonymous The login account will be assumed as guest ( visitors ) B: oh! As for visitors vsftpd In which, by default, is obtained ftp The relevant permissions for this user. But you can get through guest_username To modify.  
 
guest_username=ftp 
# in guest_enable=YES It only takes effect when you specify the identity of the visitor.  
 
local_enable=YES 
# The set value must be YES When the /etc/passwd You can log into our account as a physical user vsftpd The host!  
 
write_enable=YES 
# Whether entity users are allowed to write  
 
local_max_rate=60000 
# The transmission speed limit of the entity user, in units of bytes/second .  0 For no limitation.  
 
chroot_local_user=YES 
# Restrict users to their home directory (chroot) ! This is set at vsftpd The default is NO , because there are the following two Settings of the project assistance oh! So you don't need to start him  
# But if it is enabled, the entity user has been enabled by default chroot , it is written in /etc/vsftpd/chroot_list The user is not chroot the . 
 
 
chroot_list_enable=YES 
# Is restricting certain entity users to their home directory enabled? The default is NO  , however, if you want to keep some users from leaving their home directory, consider setting this to YES  And plan the next set point  
 
chroot_list_file=/etc/vsftpd/chroot_list 
# if chroot_list_enable=YES Then you can set the project! He can specify that 1 Physical users will be restricted to their home directory and cannot leave!  (chroot)1 line 1 An account can!  
 
userlist_enable=YES 
# Whether with the help of vsftpd Blocking mechanism to handle some unpopular accounts, related to the Settings below;  
 
userlist_deny=YES 
# when userlist_enable=YES , if the set value is YES When a user's account is entered into a file, the user in the file will not be able to log in vsftpd Server! The file name is associated with the following Settings.  
userlist_file=/etc/vsftpd/user_list 
# If the above userlist_deny=YES When, then this file has the use! The accounts in this file are not available vsftpd B: oh!  
# 
# 
# 
#Anonymous settings 
# 
anonymous_enable=YES 
# Set to allow anonymous Log on to our vsftpd The host! The default is YES  , all the relevant Settings at the bottom need to set this as anonymous_enable=YES It doesn't take effect until later!  
 
anon_root=/var/ftp 
anon_world_readable_only=YES 
# Only allow anonymous Has the permission to download the readable file, default is YES .  
 
anon_other_write_enable=YES 
# Whether to allow anonymous Have write permissions? The default is NO ! If I want to set it to YES So open to anonymous Write to the directory also need to adjust permissions, so vsftpd the PID The owner can write!  
 
anon_mkdir_write_enable=YES 
# Whether to let anonymous Have permissions to create directories? The default value is NO ! If I want to set it to YES , then anony_other_write_enable Must be set to YES  !  
 
# Whether to let anonymous It has the function of uploading data. The default is NO , if you want to set it to YES  , anon_other_write_enable=YES Must be set.  
 
deny_email_enable=YES 
# Will be something special email address Resist, don't let those anonymous Login! If the anonymous When you log on to the host, don't you ask for a password? The password is not for you to enter yours email address ? If you really hate something email address  , you can use this setting to cancel his access! To be coordinated with the next setting project:  
 
#banned_email_file=/etc/vsftpd/banned_emails 
# if deny_email_enable=YES , you can use this setup item to specify which email address You can't log on to us vsftpd B: oh! In the file set above, 1 Line of input 1 a email address Can!  
 
no_anon_password=YES 
# When set to YES Said, anonymous Will skip the password check step and enter directly vsftpd Inside the server! so 1 The general presupposition is NO !!!!  
 
anon_max_rate=40000 
# The unit of value following the set value is bytes/ Second, limiting anonymous The transmission speed, if yes 0 Don't limit ( Limited by the maximum bandwidth ) If you want to anonymous only 30 KB/s The speed can be set" anon_max_rate=30000 "  
 
anon_umask=077 
# limit anonymous The permissions! If it is 077 the anonymous The file permissions will be -rw------- B: oh!  
# 
# 
# 
# About system settings 
ascii_download_enable=YES 
# If I set it to YES  , then client You can use ASCII Format download file.  
 
ascii_upload_enable=YES 
# And on the 1 A similar setting, but this setting is for uploading! The default is NO 
 
one_process_model=NO 
# This setup is dangerous 1 Point ~ when set to YES , means that each established line will have 1 the process In charge, can increase vsftpd The effectiveness of. However, unless your system is relatively secure and equipped with high hardware, it is easy to run out of system resources. 1 The general recommendation is set as NO !  
 
tcp_wrappers=YES 
# Of course we're all used to support TCP Wrappers ! So let's say YES !!!!  
 
xferlog_enable=YES 
# When set to YES When users upload and download files, they will be recorded. Record the file with the following 1 About the following setting items:  
 
xferlog_file=/var/log/vsftpd.log 
# If the 1 a xferlog_enable=YES If so, you can set it here! This is the file name of the login file!  
 
xferlog_std_format=NO 
# Whether to set as wu ftp Same login file format?   ! The default for NO  Because the login file will be easier to read! However, if you have use wu ftp Login file analysis software, here need to be set as YES 
 
nopriv_user=nobody 
# our vsftpd The default to nobody As this 1 The authority of the service practitioner. because nobody The permissions are quite low, so even if hacked, the intruder can only gain access nobody Permission!  
 
pam_service_name=vsftpd 
# This is a pam The name of the module we placed in /etc/pam.d/vsftpd That's this!  

Thank you for reading, I hope to help you, thank you for your support of this site!