I just recently tried setting up vsftpd
, following this nixCraft article on cyberciti and their article to set up virutal users.
I can connect using ftp localhost
but it doesn't recognize the username vivek
as pointed out by the log:
vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=vivek
vsftpd: pam_succeed_if(vsftpd:auth): error retrieving information about user vivek
everything should have been done the exact same as the tutorials, with the exception that I used /var/www/$USER
rather than what they had specified.
It's almost like it can't find the db for pam_userdb.so or it can't read it properly to be able to find the password.
Here's my /etc/vsftpd/vsftpd.conf
file:
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
hide_ids=YES
log_ftp_protocol=YES
banner_file=/etc/vsftpd/issue
Here's my /etc/pam.d/vsftpd
file:
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/f$
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so
auth required pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account required pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session required pam_loginuid.so
Does anyone know what's going on here?
Is there any way I can find out more info to see if it's finding/using the correct file?
Best Answer
In the
/etc/pam.d/vsftpd
file, it turns out I was only supposed to have the last three lines (the ones they provided in the tutorial).After I changed the file to this:
It worked just fine. However, I haven't used it long enough to figure out whether it created errors elsewhere. Please let me know if anyone sees anything wrong with this change.