When setting up a test FTP server in an isolated LAN environment, Vsftpd provides a lightweight solution that can be configured with minimal security constraints. The key configuration directives for anonymous uploads require careful attention to both permissions and vsftpd settings.
# Basic operational parameters
listen=YES
anonymous_enable=YES
write_enable=YES
# Anonymous upload configuration
anon_upload_enable=YES
anon_mkdir_write_enable=YES
Even with correct vsftpd settings, improper file permissions will block anonymous uploads. Here's the proper way to set up the directory structure:
# Create and permission the upload directory
mkdir -p /var/ftp/pub/incoming
chown ftp:ftp /var/ftp/pub/incoming
chmod 730 /var/ftp/pub/incoming # Read/execute for group, full for owner
The infamous "500 OOPS: cannot change directory" error typically stems from one of these issues:
- Incorrect ownership of parent directories (/var/ftp must be owned by root:root)
- SELinux restrictions (even if disabled, cached policies might interfere)
- Missing execute permissions on parent directories
Here's a battle-tested configuration that works for anonymous uploads:
# Network settings
listen=YES
listen_ipv6=NO
# Authentication
anonymous_enable=YES
local_enable=NO
# Permissions
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# Security (minimal for test environment)
anon_world_readable_only=NO
hide_ids=YES
Test your configuration using command-line FTP:
$ ftp your-server-ip
Connected to your-server-ip.
220 (vsFTPd 3.0.3)
Name (your-server-ip:user): anonymous
331 Please specify the password.
Password: (press enter)
230 Login successful.
Remote system type is UNIX.
ftp> cd incoming
250 Directory successfully changed.
ftp> put testfile
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp> quit
221 Goodbye.
For more controlled environments, consider these additional parameters:
# Limit upload speed (bytes/sec)
anon_max_rate=102400
# Restrict file permissions on upload
anon_umask=077
# Custom welcome message
ftpd_banner=Welcome to TEST FTP service
When setting up vsftpd for anonymous uploads in a test environment, many administrators encounter the "500 OOPS" error despite what appears to be correct permissions. The root cause typically lies in multiple interacting configuration elements.
Here's the minimal working configuration that solves the problem:
listen=YES
anonymous_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YESThe permissions structure must satisfy both the FTP daemon and the underlying filesystem:
# Directory structure
mkdir -p /var/ftp/incoming
chown ftp:ftp /var/ftp/incoming
chmod 777 /var/ftp/incoming # For testing only
# Verify SELinux context if enabled
ls -Zd /var/ftp/incomingWhen you encounter the "500 OOPS: cannot change directory" error, check these aspects:
- The parent directory (/var/ftp) must be owned by root with 755 permissions
- The upload directory must be owned by the FTP user (typically ftp:ftp)
- All parent directories must have +x permission for the FTP user
For more control over anonymous uploads:
# Restrict uploads to specific directory
anon_root=/var/ftp/incoming
# Change ownership of uploaded files
chown_uploads=YES
chown_username=ftp
# Limit upload permissions
anon_umask=022While we're disabling security for testing, these practices help prevent accidental exposure:
# Always isolate test FTP
listen_address=192.168.1.100 # Your test LAN IP
# Basic rate limiting
max_clients=10
max_per_ip=2
# Disable non-anonymous access
local_enable=NOTest the setup using command-line FTP:
ftp> open your.server.ip
Connected to your.server.ip.
220 (vsFTPd 3.0.3)
Name (your.server.ip:user): anonymous
331 Please specify the password.
Password: (any email or just press enter)
230 Login successful.
ftp> cd incoming
250 Directory successfully changed.
ftp> put testfile
200 PORT command successful.
150 Ok to send data.
226 Transfer complete.