Hi everybody,
I'm running a Gentoo virtual machine and I'm playing around with vsFTPd version 3.0.2, I have it pretty much working the way that I want, but I have just one problem that I'd like to see if I can resolve.
I have a virtual and local user setup. I have created the user 'virtual' in the group 'virtual'. Both virtual users and local users can log-in, virtual users can upload, but local users cannot. Clearly the problem is that all users, local and virtual, are acting as the user 'virtual' (
guest_username=virtual) - I have the virtual users'
local_roots owned by the user 'virtual', but local users'
local_root is just their home directory, which is clearly not owned by 'virtual'.
Each virtual user has a configuration file (
user_config_dir=/etc/vsftpd/user_conf) - in each of those files I specify the
local_root for that user, which will be owned by 'virtual' - it works great. If I do not make a config file for each local user (also in
/etc/vsftpd/user_conf/) the local user is directed to the home directory for the user 'virtual' when they log-in.
So, my questions:
1) How can I make it so that local users log-in as themselves, and not as the guest user 'virtual' - such that they have permission to write to their home directories.
2) Is there a better, more automated way of having vsFTPd determining the
local_root of a local user than looking at that user's config file in
user_config_dir? Such that if a local user logs-in that they are acting as themselves (thus they are able to write to their home directory).
I have tried setting
local_root=/home/$USER in vsftpd.conf, which won't work, a) because the user 'virtual's home folder isn't at
/home/virtual (just the way I set it up), b) and all users come in as the user 'virtual', so even if
/home/virtual did exist I would still not be accomplishing what I want.
My vsftp.conf:
Code:
#GENERAL
#------
listen=YES
dirmessage_enable=YES
# banner_file=/etc/vsftpd/vsftpd.banner # edit banner first
chown_uploads=YES
xferlog_enable=YES
idle_session_timeout=600
data_connection_timeout=120
#ascii_upload_enable=YES
#ascii_download_enable=YES
ls_recurse_enable=NO
pam_service_name=ftp
file_open_mode=0666
local_umask=0002
#LOCAL
#----
local_enable=YES
write_enable=YES
#the next 3 settings make it such that only users listed in user_list have access
userlist_file=/etc/vsftpd/user_list
userlist_enable=YES
userlist_deny=NO
#ANON
#----
anonymous_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
#CHROOT
#------
allow_writeable_chroot=YES
chroot_list_enable=YES
virtual_use_local_privs=YES
chroot_local_user=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot
#VIRTUAL
#------
guest_enable=YES
guest_username=virtual
user_config_dir=/etc/vsftpd/user_conf
anon_upload_enable=YES
My
/etc/pam.d/ftp file:
Code:
auth sufficient /lib/security/pam_unix.so
account sufficient /lib/security/pam_unix.so
auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_users
account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/virtual_users
A typical file in
/etc/vsftpd/user_conf (
/etc/vsftpd/user_conf/queen here):
Code:
local_root=/var/www/virtual/queen
Any ideas? I would greatly appreciate any help!
Thanks a lot!
