In acct-user/ftp-0-r2 the ownership of the home directory was reset to the default: ftp:root. This change made the directory writable by the ftp user and vsftpd doesn't like that (see https://security.appspot.com/vsftpd/FAQ.txt 4th Q/A). For non-anonymous logins the problem can be worked around by setting allow_writeable_chroot=YES in /etc/vsftpd/vsftpd.conf. But this option has no effect for anonymous logins. I propose restoring this line in the acct-user/ftp package: > ACCT_USER_HOME_OWNER=root:ftp Or, alternatively, making the home directory non-writable: > ACCT_USER_HOME_PERMS=0555 Reproducible: Always Steps to Reproduce: 1. emerge net-ftp/vsftpd 2. cp /etc/vsftpd/vsftpd.conf.example /etc/vsftpd/vsftpd.conf 3. rc-service vsftpd restart 4. Try to connect to the FTP server, for example using net-ftp/lftp: lftp -c 'open localhost; ls -la' Actual Results: lftp prints the following error instead of the directory listing: > ls: ls -la: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() Expected Results: No error occurs and the directory listing is printed (there should be at least .keep_acct-user_ftp-0 file). If the ownership of /var/lib/ftp is corrected manually: chown root:ftp /var/lib/ftp then the problem goes away.
Created attachment 726658 [details] emerge --info
Ack, you are correct. Thank you.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a4f660fa6870a2260d40282f4e2b0a78f822459 commit 0a4f660fa6870a2260d40282f4e2b0a78f822459 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2021-07-24 22:57:36 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2021-07-24 22:59:23 +0000 acct-user/ftp: update home owner Closes: https://bugs.gentoo.org/803932 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> acct-user/ftp/ftp-0-r3.ebuild | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
