Arch Linux

GravityGripp

Member

Registered: 2008-12-03

Posts: 14

[solved] VSFTPD + Virtual Users + different home directories

Hi All,
   I've been trying to get VSFTPD setup to allow ftp access to some of my clients to access their web files. I've got VSFTPD up and running via the Wiki, but my virtual users can't log in. The only thing that I didn't do from the wiki was the "useradd virtual" as I didn't think it was needed. Also, the wiki only covers one directory for all users, I want to have each user to have access to their own web directory and nothing else.  I think I may just have something a little off in my vsftpd file. Thanks!

vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
data_connection_timeout=120
listen=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
guest_enable=YES
user_sub_token=$USER
chroot_local_user=YES
hide_ids=YES
local_root=/srv/http/$USER

Last edited by GravityGripp (2009-05-14 17:36:19)

lucke

Member

From: Poland

Registered: 2004-11-30

Posts: 4,018

Re: [solved] VSFTPD + Virtual Users + different home directories

Are the permissions on those dirs right?

Army

Member

Registered: 2007-12-07

Posts: 1,784

Re: [solved] VSFTPD + Virtual Users + different home directories

I would love to have that functionality too :-) Maybe I'll try a bit in the next days, in case noone knows a solution

GravityGripp

Member

Registered: 2008-12-03

Posts: 14

Re: [solved] VSFTPD + Virtual Users + different home directories

I don't think it's a directory permissions issue as it's telling me that my login is incorrect.

Here's my /etc/pam.d/ftp

auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash 
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash

here's part of my auth.log also.

May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1 
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1

Last edited by GravityGripp (2009-05-14 12:44:40)

cipparello

Member

From: Verona, Italy

Registered: 2008-05-19

Posts: 16

Re: [solved] VSFTPD + Virtual Users + different home directories

I don't think it's a directory permissions issue as it's telling me that my login is incorrect.

Here's my /etc/pam.d/ftp

auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash 
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash

here's part of my auth.log also.

May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:14:08 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1 
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
May 14 08:24:14 arthur vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=current_user rhost=127.0.0.1

Hi GravityGripp,
   as posted at the beginning of the thread in /etc/vsftpd.conf the 'pam_service_name' option is 'vsftpd' but here you are referencing /etc/pam.d/ftp as PAM service name but in vsftpd.conf you told to use 'vsftpd' as PAM service for auth.

About your need to define different directory for each ftp virtual user in my installation I allow ftp access to virtual users (defined in MySQL and auth  via pam_mysql); to let users have access to their own ftp directory (with different auth read only / read-write) I used the user_config_dir option (see man vsftpd.conf).

Here an extract of my '/etc/vsftpd.conf':

# This powerful option allows the override of any config option specified
# in the manual page, on a per-user basis. Usage is simple, and is best
# illustrated with an example. If you set user_config_dir to be /etc/vsftpd_user_conf
# and then log on as the user "chris", then vsftpd will apply the settings
# in the file /etc/vsftpd_user_conf/chris for the duration of the session.
# Default: (none)
user_config_dir=/etc/vsftpd/vsftpd-user-conf

Each time I add a new ftp virtual user that need a personal ftp directory, under the dir '/etc/vsftpd/vsftpd-user-conf' I create a file named as the username where I define the personal ftp directory and the auth on it (RO or RW).

Example for user 'test' (file '/etc/vsftpd/vsftpd-user-conf/test'):

# vsftpd per-user basis config file (override of any config option specified
# in the vsftpd server config file)
#
# TEMPLATE
#
# User test - Description for user test
#

# Set local root
local_root=/srv/vsftpd/test

# Disable any form of FTP write command.
# Allowed values: YES/NO
write_enable=YES

Of course the dir must exist and have the right permissions to allow the user to connect.

Hope that this will be of help.
bye

GravityGripp

Member

Registered: 2008-12-03

Posts: 14

Re: [solved] VSFTPD + Virtual Users + different home directories

cipparello, i had just caught that before I read your post. Thanks

I have one more question though. My goal here is to allow my users ftp access to their web directory. Currently, my web directories are set up as such: /srv/http/website1.com, /srv/http/website2.com, etc. They all owned by the webserver username. Is it possible to give my virtual users, access to write, download, and delete files from those directories? What should the permissions be?

cipparello

Member

From: Verona, Italy

Registered: 2008-05-19

Posts: 16

Re: [solved] VSFTPD + Virtual Users + different home directories

For your needs in /etc/vsftpd.conf you can set:

# If enabled, all non-anonymous logins are classed as "guest" logins. A guest
# login is remapped to the user specified in the guest_username setting.
# Default: NO (disabled)
guest_enable=YES

# This setting is the real username which guest users are mapped to. See the
# variable guest_enable for a description of what constitutes a guest login.
# Default: ftp
guest_username=http

In this way, assuming that your web server is running as http:http you say to vsftpd to map your virtual users to local user 'http'.

So.

On filesystem:

chown -R http:http /srv/http/website1.com
chown -R http:http /srv/http/website2.com

In file '/etc/vsftpd/vsftpd-user-conf/test':

# Set local root
local_root=/srv/http/website1.com

# Disable any form of FTP write command.
# Allowed values: YES/NO
write_enable=YES

P.S.
You can, if you want, put the option guest_username=http inside the personal file ('/etc/vsftpd/vsftpd-user-conf/test') of each FTP virtual user allowing to map each FTP user to different local uid.

bye

Last edited by cipparello (2009-05-14 17:26:29)

GravityGripp

Member

Registered: 2008-12-03

Posts: 14

Re: [solved] VSFTPD + Virtual Users + different home directories

awesome, thanks. I've got it working