500 oops: vsftpd: refusing to run with writable root inside chroot

If you’re using vsftpd with chroot local user option and write enable like this:

write_enable=YES
chroot_local_user=YES

and you’re getting following error when you log-in through ftp:

500 OOPS: vsftpd: refusing to run with writable root inside chroot()

you can fix the problem with adding following line to /etc/vsftpd.conf and restart the vsftpd service:

allow_writeable_chroot=YES

There is an alternative solution to vsftpd’s “writable root” problem.

You can make root directory (not /, it would be home directory of logged-in user if chroot setup activated) as non-writable and create a subdirectory with write permissions enabled.

You can write into all of the subdirectories without making any configuration change.

If we take security more seriously, we should go with your suggested solution.

Because of the FTP is not an encrypted protocol, allowing writing to root directory of logged-in user can be harmful. It is possible to overwrite .bashrc, .profile, change default PATH, put infected binaries and prepare aliases for that etc.

Most of the cases, it would be a better solution to prevent ftp uploads on root directory of logged-in user and giving write permissions only to the subfolders rather than allowing with allow_writeable_chroot=YES option.