Discussion:
vsftpd and virtual users???
Marc Chamberlin
2008-10-26 04:29:22 UTC
Permalink
Hi - I am trying to set up vsftpd and would like to configure it so
that users who have web pages on my server can log directly in to their
website files, via FTP, and not have to set up regular Linux accounts
for them. Research on Google has lead me to what I believe is the
solution, to set up virtual users for vsftpd, but it requires that I
have a PAM password file authenticator called pam_pwdfile.so. (This is
suppose to allow me to set up a file with user names and passwords and
use that for PAM authentication, I believe.) Looking in /lib/security
shows that this particular file did not come with the distribution of
SuSE 11.0. Looking at all the various PAM modules available via Yast
does not lead me to it either, though I could be mistaken as it is hard
to know what files are included in modules that have not yet been
installed... (that is a real drawback and makes it darn hard to find
missing files... IMHO!)

The documentation on the openSuSE website about PAM and VSFTPD is not
very helpful either. Google seems to indicate this file does come with
other distributions but I cannot determine where or what module should
contain it....

So, does anyone have a clue where this particular PAM file is hiding? Or
alternatively is there a better approach to setting up vsftp users
without setting up regular Linux accounts for them, and chroot them to
the location of their web files? Perhaps the PAM model has changed and
we are now suppose to grok a new approach??

Marc...
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Per Jessen
2008-10-26 08:14:23 UTC
Permalink
but it requires that I have a PAM password file authenticator called
pam_pwdfile.so. (This is suppose to allow me to set up a file with
user names and passwords and use that for PAM authentication, I
believe.) Looking in /lib/security shows that this particular file did
not come with the distribution of SuSE 11.0. Looking at all the
various PAM modules available via Yast
does not lead me to it either, though I could be mistaken as it is
hard to know what files are included in modules that have not yet been
installed... (that is a real drawback and makes it darn hard to find
missing files... IMHO!)
Have you tried http://rpmfind.net ?
So, does anyone have a clue where this particular PAM file is hiding?
http://cpbotha.net/software/pam_pwdfile/
--
/Per Jessen, Zürich
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Theo van Werkhoven
2008-10-26 09:59:14 UTC
Permalink
Post by Marc Chamberlin
Hi - I am trying to set up vsftpd and would like to configure it so
that users who have web pages on my server can log directly in to their
website files, via FTP, and not have to set up regular Linux accounts
for them. Research on Google has lead me to what I believe is the
solution, to set up virtual users for vsftpd, but it requires that I
have a PAM password file authenticator called pam_pwdfile.so. (This is
You could also look at pam_userdb. This uses the hash databases from db_utils
for lookups.
No need for (virtual) entries in the pwd files.

/etc/pam.d/ftp:
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login

pam_service_name = ftp # (default)

The format of the source file for db_utils is simply:
user
passwd
user2
passwd

and then you 'compile' with
/usr/bin/db_load -T -t hash -f sourcefile hashfile.db
Post by Marc Chamberlin
So, does anyone have a clue where this particular PAM file is hiding? Or
alternatively is there a better approach to setting up vsftp users
without setting up regular Linux accounts for them, and chroot them to
the location of their web files? Perhaps the PAM model has changed and
we are now suppose to grok a new approach??
Here's the vsftpd.conf I use
listen=YES
log_ftp_protocol=NO
anonymous_enable=NO
local_enable=YES
write_enable=Yes
chown_uploads=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
chroot_local_user=YES
guest_enable=YES
virtual_use_local_privs=YES
hide_ids=YES
dirmessage_enable=YES
ls_recurse_enable=YES
xferlog_enable=YES
syslog_enable=YES
dual_log_enable=NO
xferlog_std_format=NO
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
guest_username=virtual
chown_username=virtual
pasv_min_port=30000
pasv_max_port=30020
idle_session_timeout=600
data_connection_timeout=300
accept_timeout=300
connect_timeout=180
ftpd_banner=Welcome to ------ FTP service.
user_sub_token=$USER
nopriv_user=ftp
force_dot_files=NO

/etc/passwd:
virtual:x:1001:1000::/srv/ftp/virtual/$USER:/bin/false

This chroots the users to /srv/ftp/virtual/

Theo
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Carlos E. R.
2008-10-26 10:24:28 UTC
Permalink
Post by Marc Chamberlin
Looking at all the various PAM modules available via Yast
does not lead me to it either, though I could be mistaken as it is hard
to know what files are included in modules that have not yet been
installed... (that is a real drawback and makes it darn hard to find
missing files... IMHO!)
Although Yast could include a feature to list files from non installed
rpms, you have it externally:

- You can use the program "pin", which looks into an archive.gz file
with the content list of the DVD (therefore, not the complete oss and
non oss repo, although you can create it manually).

- You can use the remote service "webpin" at
<http://packages.opensuse-community.org/>

- You can install the command line "webpin" client.


About your main question, I'm not an expert :-)
--
Cheers / Saludos,

Carlos E. R.
(from 11.1-factory)
--
To unsubscribe, e-mail: opensuse+***@opensuse.org
For additional commands, e-mail: opensuse+***@opensuse.org
Continue reading on narkive:
Loading...