vsftp help

KFC123 · 02-04-2010, 05:59 PM

From yesterday on, I started to work on building a ftp by vsftpd in our lab (that's only for our lab members). I am going to setup some the virtual users for each of the member. We have a CentOS5 (without upgrade after the fresh installation). I try several ways to setup the vsftpd for virtual users. 1) with db4 2) with mysql 3) without database and use htpasswd. But all fails. Actually, I don't want to use database, so I am going to find out the reason of failure on 'htpasswd' method

My vsftpd is installed in /etc/vsftpd (for only using ftp account, it is no problem to login). 1) I setup an account called vftpuser and build the corresponding home (/home/vftpuser), and then I setup another account call usera and also create a directory within /home/vftpuser.

2) I use htpasswd to add passwd to usera and store the passwd in /etc/vsftpd/passwd.

3) I added the name of usera to /etc/vsftpd/user_list

4) I create a directory /etc/vsftpd/user to store a unique conf for each user (for usera, the conf named usera) which contains the local root for users, which is

/home/vftpuser/usera

5) in /etc/pam.d/vsftpd, I have

auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so

6) in /etc/vsftpd/vsftpd.conf, I have

anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_list_file=/etc/vsftpd/user_list
listen=YES
pam_service_name=vsftpd
user_config_dir=/etc/vsftpd/user
userlist_enable=YES
tcp_wrappers=YES
virtual_use_local_privs=YES
dirlist_enable=YES
no_anon_password=NO
anon_max_rate=30000
data_connection_timeout=60
idle_session_timeout=600
max_clients=10
max_per_ip=2
chroot_local_user=YES
user_sub_token=$USER

local_root=/home/vftpuser/$USER
userlist_file=/etc/vsftpd/user_list

guest_enable=YES
guest_username=vftpuser

---------------------------------------------------------------------------------------------------------------------

So, after setting everything, I start the server vsftpd, it is running. But when I ftp the server, it directly gives

[kbc]$ ftp localhost
Connected to localhost
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:kbc): usera
530 Permission denied.
Login failed.
ftp>

==========================================================
After showning "530 Please login with USER and PASS." twice, I input the username usera but it doesn't even give me a chance to input the password.

I also try to login as vftpuser with correct password, but still no good. What's going on? Is it due to pam? I install all possible pam with

yum -y install pam*

and I run it twice for sure, it returns (at second time)

Package pam_shield-0.9.2-1.el5.rf.x86_64 already installed and latest version
Package pam_script-0.1.7-1.el5.rf.x86_64 already installed and latest version
Package pam_fprint-0.2-1.el5.rf.x86_64 already installed and latest version
Package pam_ccreds-3-5.x86_64 already installed and latest version
Package pam_ccreds-3-5.i386 already installed and latest version
Package pam_smb-1.1.7-7.2.1.x86_64 already installed and latest version
Package pam_smb-1.1.7-7.2.1.i386 already installed and latest version
Package pam_abl-0.2.3-1.el5.rf.x86_64 already installed and latest version
Package pam_krb5-2.2.14-10.x86_64 already installed and latest version
Package pam_krb5-2.2.14-10.i386 already installed and latest version
Package pamtester-0.1.2-1.el5.rf.x86_64 already installed and latest version
Package pam_pkcs11-0.5.3-23.x86_64 already installed and latest version
Package pam_pkcs11-0.5.3-23.i386 already installed and latest version
Package pam_ssh-1.91-1.el5.rf.x86_64 already installed and latest version
Package pam_keyring-0.0.9-1.el5.rf.x86_64 already installed and latest version
Package pam-0.99.6.2-6.el5.x86_64 already installed and latest version
Package pam-0.99.6.2-6.el5.i386 already installed and latest version
Package pam-devel-0.99.6.2-6.el5.x86_64 already installed and latest version
Package pam-devel-0.99.6.2-6.el5.i386 already installed and latest version
Package pam_passwdqc-1.0.2-1.2.2.x86_64 already installed and latest version
Package pam_passwdqc-1.0.2-1.2.2.i386 already installed and latest version

acid_kewpie · 02-05-2010, 12:39 PM

There's no need to have virtual users, just create system users, but use a user shell of /sbin/nologin to prevent shell logins if you wish to. That's the formal recommendation from redhat. In fact the default system is not able to use a virtual user file as you are trying to, as there are pam packages not present within it - pam_listfile i think.

http://kbase.redhat.com/faq/docs/DOC-6431