FTP server trouble

Need to install an FTP server. OpenWRT docs describe installation of vsftpd, proftpd and pure-ftpd. Only proftpd and pure-ftpd seem to not exist in OpenWRT v19.07.2? No maintainer?

So I installed vsftpd, being the only existing one. After mastering several idiosyncrasies, I'm stuck with

500 OOPS: vsftpd: refusing to run with writable root inside chroot()

The medium to be accessed is mounted on /storage, and this is to be the directory where ftp users can work. The ftp server runs on a travel router, is not accessible from WAN, and only me and my wife access it. So there are no security issues. So I decided to allow anonymous access only.

However the login fails with the message cited above. Plenty of advice from the Internet tells to use the


option which is available since version 3 of the daemon. The OpenWRT package has v3.0.3, but the option apparently has no effect whatsoever. Did the maintainer take out parts of the code? Or, what else could cause this problem?

Here is the vsftpd.conf


Does this help?

It worked by inspiring me to think of further experiments.

The first one is that I changed anon_root=/storage to anon_root=/. The ftp (or anonymous) user's home directory is /storage. Now I could login. BUT: Working directory at login is /, listing ("dir") the directory lists the root directory of the device. I could "cd" into /etc and list all the configuration files, and presumably mess them up too. This is unacceptable, of course, and it completely surprised me, as I had set


for which the docs say

If set to YES, local users will be (by default) placed in a chroot() jail in
their home directory after login.

Obviously this didn't happen (there is no chroot exception list to make it deviate from default). Either this is another case where the OpenWRT version of vsftpd deviates from upstream, or the anonymous user is not considered a local user (even though there is a /etc/passwd entry for it). But, what bizarre logic is that: local users, which are supposed to be more trustable than anonymous, are jailed while anonymous can roam freely? There seems to be no option available to specifically jail the anonymous user.

My other experiment was about moving the home directory to /storage/ftp. So I changed /etc/passwd to reflect this, created the /storage/ftp directory, and reverted to anon_root=/storage. With that change I'm back to what I had before:

500 OOPS: vsftpd: refusing to run with writable root inside chroot()

and, like before, allow_writeable_chroot=YES did not have any effect whatsoever. So it seems the only way to get it working like this is by removing all the write permissions from /storage. But that is silly, as I have half a dozen other services related to that directory, like samba, nfs, etc., those would break, or be rendered useless. Conversely, with write permission, some samba user, for instance, may accidentally delete the /storage/ftp directory, presumably disabling ftp login.

I read the clear statement that enforcing non-writable root is a security measure introduced in version 3, with the option to switch it off (allow_writeable_chroot) implemented at the same time, recognising the measure could be harmful. So there should be no way of the measure biting me with no way to switch it off. Then, why does allow_writeable_chroot not work? Did some security-moron(*) take the code out?

I looked for the source under openwrt.git/tree, but I cannot find it there. Where should I look for the source of the OpenWRT package of vsftpd?

(*) security-moron: security fanatic that fails to realise that any security measure under certain circumstances can do little good but great harm.

Hmm, maybe that was wrong information. On the webpage suggested by tmomas I found the following remark:

Somebody backported the feature to add allow_writeable_chroot=YES 
from version 3.0.0 to 2.3.5

That would indicate the discussed security measure was introduced in version 2.3.5 or earlier.

I ran into same problem. Anyone have some ideas?

Turns out that's because the option allow_writeable_chroot is meaningless in anonymous mode: