Configuring Simple Virtual FTP Users in vsftpd using PAM
This tutorial will set up a basic virtual user config for vsftpd on a RHEL5-based system. I recommend that you make backups of existing config files before implementing this solution, in case you need to revert. This allows virtual “guest” users to log in with individual usernames and passwords and have access to a base directory.
I suggest building the initial files in a directory of their own first, and the steps below outline copying the files into place.
Six simple steps:
Step 1: Create the virtual user database.
Create a text file with each username/password pair on two lines, i.e:
# cat /etc/logins.txt
username
password
username2
password2Then, use BerkleyDB to has the file, and change its permissions:
# db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
# chmod 600 /etc/vsftpd_login.db
Step 2: Create a PAM file which uses your new database.
# cat > vsftpd.pam
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login# cp vsftpd.pam /etc/pam.d/vsftpd
Step 3: Set up the location of the files for the virtual users by creating a “wrapper user”.
# useradd -d /home/ftpsite virtual
Step 4: Create your vsftpd.conf config file.
# cat > vsftpd.virtusr.conf
anonymous_enable=NO
local_enable=YES
write_enable=NO # change to YES if you want uploads available
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
chroot_local_user=YES
guest_enable=YES
guest_username=virtual
listen=YES
listen_port=10021 # optional
pasv_min_port=30000 # optional
pasv_max_port=30999 # optional# cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
# cp vsftpd.virtusr.conf /etc/vsftpd.conf
Step 5: Restart vsftpd.
# /etc/init.d/vsftpd restart
Step 6: Test. I think you can figure this one out on your own.
Hold on to the logins.txt file, and simply update it and rebuild the DB when you need to add a user. This allows several users access to the same directory and files. Only give access to people you trust.
/cs