Having a difficult time trying to setup VSFTPD as an anonymous read only FTP server

This is with a fresh install of openwrt on a wrt1900ac router using openwrt 18.06

The goal is to setup an anonymous read only VSFTPD server on my router running openwrt 18.06 that shares the contents i have stored in a drive which is attached to the router via USB.

I have been trying to setup an anonymous read only FTP server using VSFTPD. I am able to login using the root account login but it only shows me a blank directory which i believe is

/home/ftp

I did login to the router using winscp to edit the file "vsftpd.conf" which is located in the "/etc" folder and did this

background=YES
listen=YES
anonymous_enable=yes
anon_root=/tmp/mnt/sda1/FTP/Basmaff
local_enable=no
write_enable=no
local_umask=022
check_shell=NO
#dirmessage_enable=YES
#ftpd_banner=Welcome to blah FTP service.
session_support=NO
#syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem

I only did four changes which was enable anonymous, add an anon_root directory, and disable local_enable and write_enable.

So now when i attempt to login as anonymous this is what i get when trying to connect in filezilla

Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS *********************
Response: 500 OOPS: cannot change directory:/home/ftp
Error: Critical error: Could not connect to server

exactly how can i get vsftpd to share the contents stored on a drive i have attached to the router?

I did some googling and copy and pasting commands but i have not been able to accomplish my goal.

Anyone know of a solution for this?

pgrep -f -a ftp
ls -l -d /home /home/ftp

What about HTTP/SFTP?

I ran those commands and on running the second one, i got this

ls: /home: No such file or directory
ls: /home/ftp: No such file or directory

Still got the error message

Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS *********************
Response: 500 OOPS: cannot change directory:/home/ftp
Error: Critical error: Could not connect to server

Also, I like learning. Could you explain to me what that command does exactly?

Do i have to? I fail to see the reason why i would need to if this is an anonymous read only FTP server.

mkdir -p /home/ftp
chmod 755 /home
chmod 777 /home/ftp
1 Like

I copy and pasted the commands in a putty window and then made another attempt. But i got this error message in filezilla

Command: USER anonymous
Response: 331 Please specify the password.
Command: PASS *********************
Response: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
Error: Critical error: Could not connect to server

so i added this command

background=YES
listen=YES
listen_port=21
anonymous_enable=yes
local_root=/tmp/mnt/sda1/FTP/Basmaff
allow_writeable_chroot=YES   <**right here**
local_enable=no
write_enable=no
local_umask=022
check_shell=NO
#dirmessage_enable=YES
#ftpd_banner=Welcome to blah FTP service.
session_support=NO
#syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem

restarted vsftpd and still got the same error.

To connect, explicitly use LAN-interface IPv4-address.
I've just tested with anonymous_enable=YES and it works for me.

....ok?

I am connecting to it via lan IP address 192.168.1.1 via wired Ethernet. And it's plugged in directly from the computer I'm using to Port 1 on the router.

opkg update
opkg install vsftpd
sed -i -e "
/^anonymous_enable=/s/^/#/
\$a anonymous_enable=YES
" /etc/vsftpd.conf
service vsftpd restart
mkdir -p /home/ftp
touch /home/ftp/test_anon_ftp

Then try to connect and you should be able to see the file test_anon_ftp.

1 Like

i ran those commands in putty and found the test file.

i re-added the "anon_root" command with the directory going to the drive (and i even placed a picture in the drive) and restarted vsftpd. i logged back in filezilla and it shows me an empty directory but says it connected successfully.

When i try to login the ftp server via chrome browser, it says the site cannot be reached.

when i remove anon_root from the configuration file and restart vsftpd, things work again and i can see the test file.

1 Like

Most likely you don't have enough permissions to access the target directory.
Fix mount options in case of NTFS and fix permissions recursively in case of native Linux FS.

1 Like

I dont know how to set permissions in linux.

Sidenote: I should state that i am a windows user and now kind of a fan of dd-wrt. was a huge fan but not much anymore after what i have been seeing going on since around 2014.

-anyway-

So after checking the commands you had me write, this is what i did.

I swapped the drive for a fat32 drive with the same files on it and plugged it into openwrt. i set it up the same way did with the other drive and then ran the same chmod commands but with 755 pointing to /tmp/mnt/sda1/ and the 777 pointing to /tmp/mnt/sda1/FTP/Basmaff. Which did not work. I have no idea what the chmod commands and their numbers mean or do.

|Command:|USER anonymous|
|---|---|
|Response:|500 OOPS: vsftpd: refusing to run with writable root inside chroot()|
|Error:|Could not connect to server|

I am going to stop for now. take a short break because all i expected to do was this.

install openwrt
install vsftpd via command line
edit configuration text file for vsftpd
run vsftpd via command line
up and running with files on seperate usb drive attached to router now being shared via anonymous FTP.

But instead I have been stuck for the past 4-5 hours, along with a couple of other days, trying to share a folder on a router via FTP with users being able to login anonymously to grab whatever they want from shared folder.

So why would someone like me choose to use openwrt?

Because its lightweight upon install. Just install your programs and your good to go. It also has better ipv6 support. But i did not realize that it would be this complex and hard to carry out some tasks like these that are not in the gui.

If i am getting no more help on this, please let me know. Thanks.

Directory /tmp is not a proper place for mounts.
Change it to one of those:

/mnt
/mnt/usb
/home
/home/ftp
/home/username

Also FAT and NTFS are not native Linux FS.
So, you need to set up permissions via mount options.
It should be something like:

umask=0

I went to mount points and remounted it as /mnt/usb1

I also added "umask=0" in the options box for that mount point.

anything else? I do not know where else to go from here. I did ask someone else on a discord server what chmod is and showed him this thread. And he said "so that's why your having a difficult time. you do not know chmod" and then explained to me that its some kind of thing where you take some values, add them up, and get something like 777 or some other number that will apply whatever permissions it is that your trying to apply.

I've tested anonymous access to custom directory.
It seems that the issue is not related to permissions, but the acecess is limited to home directory of user ftp.
Still have not googled the option responsible for this behavior.
So, you can either change user ftp home directory inside /etc/passwd, or mount your drive in the /home/ftp.
It would be the simplest workaround for now.

2 Likes

I remounted /dev/sda1 to /home/ftp. I reconnected to the FTP server using filezilla and its giving me the error message

|Command:|USER anonymous|
|---|---|
|Response:|331 Please specify the password.|
|Command:|PASS *********************|
|Response:|500 OOPS: vsftpd: refusing to run with writable root inside chroot()|
|Error:|Critical error: Could not connect to server|

And even when i put ...

background=YES
listen=YES
listen_port=21
anonymous_enable=YES
allow_writeable_chroot=YES <   ...THIS COMMAND RIGHT HERE...
local_enable=no
write_enable=no
local_umask=022
check_shell=NO
#dirmessage_enable=YES
#ftpd_banner=Welcome to blah FTP service.
session_support=NO
#syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj /C="DE"/ST="Saxony"/L="Leipzig"/CN="OpenWrt"
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem

...saved it, restarted vsftpd and it still gives me the same error message.

Hey, you might have sorted this by now but I think the problem was you missing the ftp_username=nobody attribute. Once I put that in it all worked as expected.

I've done a write up of my OpenWRT WRT 1900 ACS Config at Linksys WRT 1900 ACS with Huawei E3372 Hi-Link LTE Dongle

my /etc/vsftpd.conf is as follows:

background=YES
listen=YES
anonymous_enable=YES
ftp_username=nobody
anon_root=/mnt/sda2/lab
no_anon_password=YES
local_enable=NO
write_enable=NO
local_umask=022
check_shell=NO
dirmessage_enable=YES
ftpd_banner=Welcome to Glovebox FTP service.
session_support=NO
#syslog_enable=YES
#userlist_enable=YES
#userlist_deny=NO
#userlist_file=/etc/vsftpd/vsftpd.users
#xferlog_enable=YES
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
###
### TLS/SSL options
### example key generation: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd_privkey.pem -out /etc/vsftpd/vsftpd_cert.pem -subj >
#ssl_enable=YES
#allow_anon_ssl=NO
#force_local_data_ssl=NO
#force_local_logins_ssl=NO
#ssl_tlsv1=YES
#ssl_sslv2=NO
#ssl_sslv3=NO
#rsa_cert_file=/etc/vsftpd/vsftpd_cert.pem
#rsa_private_key_file=/etc/vsftpd/vsftpd_privkey.pem
2 Likes