[opensuse] vsftpd and virtual users???
Hi - I am trying to set up vsftpd and would like to configure it so that users who have web pages on my server can log directly in to their website files, via FTP, and not have to set up regular Linux accounts for them. Research on Google has lead me to what I believe is the solution, to set up virtual users for vsftpd, but it requires that I have a PAM password file authenticator called pam_pwdfile.so. (This is suppose to allow me to set up a file with user names and passwords and use that for PAM authentication, I believe.) Looking in /lib/security shows that this particular file did not come with the distribution of SuSE 11.0. Looking at all the various PAM modules available via Yast does not lead me to it either, though I could be mistaken as it is hard to know what files are included in modules that have not yet been installed... (that is a real drawback and makes it darn hard to find missing files... IMHO!) The documentation on the openSuSE website about PAM and VSFTPD is not very helpful either. Google seems to indicate this file does come with other distributions but I cannot determine where or what module should contain it.... So, does anyone have a clue where this particular PAM file is hiding? Or alternatively is there a better approach to setting up vsftp users without setting up regular Linux accounts for them, and chroot them to the location of their web files? Perhaps the PAM model has changed and we are now suppose to grok a new approach?? Marc... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Marc Chamberlin wrote:
but it requires that I have a PAM password file authenticator called pam_pwdfile.so. (This is suppose to allow me to set up a file with user names and passwords and use that for PAM authentication, I believe.) Looking in /lib/security shows that this particular file did not come with the distribution of SuSE 11.0. Looking at all the various PAM modules available via Yast does not lead me to it either, though I could be mistaken as it is hard to know what files are included in modules that have not yet been installed... (that is a real drawback and makes it darn hard to find missing files... IMHO!)
Have you tried http://rpmfind.net ?
So, does anyone have a clue where this particular PAM file is hiding?
http://cpbotha.net/software/pam_pwdfile/ -- /Per Jessen, Zürich -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Marc Chamberlin wrote:
Hi - I am trying to set up vsftpd and would like to configure it so that users who have web pages on my server can log directly in to their website files, via FTP, and not have to set up regular Linux accounts for them. Research on Google has lead me to what I believe is the solution, to set up virtual users for vsftpd, but it requires that I have a PAM password file authenticator called pam_pwdfile.so. (This is
You could also look at pam_userdb. This uses the hash databases from db_utils for lookups. No need for (virtual) entries in the pwd files. /etc/pam.d/ftp: auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd_login pam_service_name = ftp # (default) The format of the source file for db_utils is simply: user passwd user2 passwd and then you 'compile' with /usr/bin/db_load -T -t hash -f sourcefile hashfile.db
So, does anyone have a clue where this particular PAM file is hiding? Or alternatively is there a better approach to setting up vsftp users without setting up regular Linux accounts for them, and chroot them to the location of their web files? Perhaps the PAM model has changed and we are now suppose to grok a new approach??
Here's the vsftpd.conf I use listen=YES log_ftp_protocol=NO anonymous_enable=NO local_enable=YES write_enable=Yes chown_uploads=YES anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO chroot_local_user=YES guest_enable=YES virtual_use_local_privs=YES hide_ids=YES dirmessage_enable=YES ls_recurse_enable=YES xferlog_enable=YES syslog_enable=YES dual_log_enable=NO xferlog_std_format=NO ssl_enable=YES ssl_sslv2=NO ssl_sslv3=NO ssl_tlsv1=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO rsa_cert_file=/etc/ssl/certs/vsftpd.pem guest_username=virtual chown_username=virtual pasv_min_port=30000 pasv_max_port=30020 idle_session_timeout=600 data_connection_timeout=300 accept_timeout=300 connect_timeout=180 ftpd_banner=Welcome to ------ FTP service. user_sub_token=$USER nopriv_user=ftp force_dot_files=NO /etc/passwd: virtual:x:1001:1000::/srv/ftp/virtual/$USER:/bin/false This chroots the users to /srv/ftp/virtual/ Theo -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Marc Chamberlin wrote:
Looking at all the various PAM modules available via Yast does not lead me to it either, though I could be mistaken as it is hard to know what files are included in modules that have not yet been installed... (that is a real drawback and makes it darn hard to find missing files... IMHO!)
Although Yast could include a feature to list files from non installed rpms, you have it externally: - You can use the program "pin", which looks into an archive.gz file with the content list of the DVD (therefore, not the complete oss and non oss repo, although you can create it manually). - You can use the remote service "webpin" at <http://packages.opensuse-community.org/> - You can install the command line "webpin" client. About your main question, I'm not an expert :-) -- Cheers / Saludos, Carlos E. R. (from 11.1-factory) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (4)
-
Carlos E. R. -
Marc Chamberlin -
Per Jessen -
Theo van Werkhoven