# If enabled, all non-anonymous logins are classed as "guest" logins. A guest
# login is remapped to the user specified in the guest_username setting.
# Default: NO (disabled)
guest_enable=YES
# This setting is the real username which guest users are mapped to. See the
# variable guest_enable for a description of what constitutes a guest login.
# Default: ftp
guest_username=http
In this way, assuming that your web server is running as http:http you say to vsftpd to map your virtual users to local user 'http'.
So.
On filesystem:
chown -R http:http /srv/http/website1.com
chown -R http:http /srv/http/website2.com
In file '/etc/vsftpd/vsftpd-user-conf/test':
# Set local root
local_root=/srv/http/website1.com
# Disable any form of FTP write command.
# Allowed values: YES/NO
write_enable=YES
P.S.
You can, if you want, put the option guest_username=http inside the personal file ('/etc/vsftpd/vsftpd-user-conf/test') of each FTP virtual user allowing to map each FTP user to different local uid.
bye
]]>I have one more question though. My goal here is to allow my users ftp access to their web directory. Currently, my web directories are set up as such: /srv/http/website1.com, /srv/http/website2.com, etc. They all owned by the webserver username. Is it possible to give my virtual users, access to write, download, and delete files from those directories? What should the permissions be?
]]>I don't think it's a directory permissions issue as it's telling me that my login is incorrect.
Here's my /etc/pam.d/ftp
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash account required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash
here's part of my auth.log also.
May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1 May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1
Hi GravityGripp,
as posted at the beginning of the thread in /etc/vsftpd.conf the 'pam_service_name' option is 'vsftpd' but here you are referencing /etc/pam.d/ftp as PAM service name but in vsftpd.conf you told to use 'vsftpd' as PAM service for auth.
About your need to define different directory for each ftp virtual user in my installation I allow ftp access to virtual users (defined in MySQL and auth via pam_mysql); to let users have access to their own ftp directory (with different auth read only / read-write) I used the user_config_dir option (see man vsftpd.conf).
Here an extract of my '/etc/vsftpd.conf':
# This powerful option allows the override of any config option specified
# in the manual page, on a per-user basis. Usage is simple, and is best
# illustrated with an example. If you set user_config_dir to be /etc/vsftpd_user_conf
# and then log on as the user "chris", then vsftpd will apply the settings
# in the file /etc/vsftpd_user_conf/chris for the duration of the session.
# Default: (none)
user_config_dir=/etc/vsftpd/vsftpd-user-conf
Each time I add a new ftp virtual user that need a personal ftp directory, under the dir '/etc/vsftpd/vsftpd-user-conf' I create a file named as the username where I define the personal ftp directory and the auth on it (RO or RW).
Example for user 'test' (file '/etc/vsftpd/vsftpd-user-conf/test'):
# vsftpd per-user basis config file (override of any config option specified
# in the vsftpd server config file)
#
# TEMPLATE
#
# User test - Description for user test
#
# Set local root
local_root=/srv/vsftpd/test
# Disable any form of FTP write command.
# Allowed values: YES/NO
write_enable=YES
Of course the dir must exist and have the right permissions to allow the user to connect.
Hope that this will be of help.
bye
Here's my /etc/pam.d/ftp
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash
here's part of my auth.log also.
May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1
vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
data_connection_timeout=120
listen=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
guest_enable=YES
user_sub_token=$USER
chroot_local_user=YES
hide_ids=YES
local_root=/srv/http/$USER