search

michalpolkowski / alt-f

Automatically exported from code.google.com/p/alt-f
0 stars 0 forks source link

500 OOPS on vsftpd #85

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Connecting with FTP produces this error :
500 OOPS: vsftpd: refusing to run with writable root inside chroot()

It should connect correctly.

Using ALT-F Version 0.1 RC2. It was workign well on 0.1RC1.

Revision B1.

Disk configured as RAID1.

This error is due to vsftpd being version 2.3.5 and preventing write in 
chrooted users because of a vulnerability.

A way to bypass this or a downgrade of vsftpd to the version used in Alt-F 
0.1RC1 is needed to use FTP without hassle.

Original issue reported on code.google.com by gregory....@gmail.com on 21 Mar 2012 at 2:41

GoogleCodeExporter commented 9 years ago 
Or don't check "Restrict directories" in the ftp configuration (do not restrict 
users 
to theirs home directories -- this means does not chroot)

As this is not an Alt-F issue, neither a vsftpd bug (it seems to be deliberate, 
although silly -- I'm no security guru), I will not fix it, as removing write 
permissions from the users home directory is also silly.

I could change the source, but I'm not a security expert, so what is the point 
of using vsftpd and them removing the "vs" from its name?

Other suggestions?

Original comment by whoami.j...@gmail.com on 21 Mar 2012 at 9:08

GoogleCodeExporter commented 9 years ago 
Thank you for the quick answer. I know the change in vsftp is not your doing. 
Disabling chroot effectively works, but i'll not use it for security reasons 
(dir listing of whole nas). I reverted back to 0.1RC1 in the meantime. I hope 
vsftp author will realize how silly this is and provide a fix/workaround in the 
next version.

Original comment by gregory....@gmail.com on 21 Mar 2012 at 9:57

GoogleCodeExporter commented 9 years ago 
> I reverted back to 0.1RC1 in the meantime

You know that RC1 and RC2 packages are not compatible, don't you?
This means that you can't install packages automatically, you have to look at 
its date, download and install manually.

Original comment by whoami.j...@gmail.com on 22 Mar 2012 at 2:19

GoogleCodeExporter commented 9 years ago 
If you mean Alt-F packages like minidlna, then I did not upgrade them while on 
RC2. So I still had those of RC1 while I downgraded.

Original comment by gregory....@gmail.com on 22 Mar 2012 at 8:23