login
Search
i want to add some virtual user into my FTP server,but...
my system is FC4 2.6.11 , db4 , vsftpd-2.0.3, already set SELINUX=disabled
my configure:
1)
#vi virtualus.txt
linux
123456
tt
123
2)
#db_load -T -t hash -f ./virtualus.txt /etc/vsftpd/vsftpd_login.db
#chmod 600 /etc/vsftpd/vsftpd_login.db
3)add virtual_user
#useradd -d /ftpsite virtualus
#chmod 700 /ftpsite
4)pam
#cat /etc/pam.d/vsftpd
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
5)my configure at /etc/vsftpd/vsftpd.conf
#cat /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
pam_service_name=vsftpd
connect_from_port_20=YES
ftpd_banner=Welcome to S_ FTP server.
listen=YES
listen_port=2121
one_process_model=NO
chroot_local_user=YES
guest_enable=YES
guest_username=virtualus
6)
#service vsftpd restart
7)when i try to enter my FTP server it show error
# ftp 127.0.0.1 2121
Connected to 127.0.0.1.
220 Welcome to S_FTP server.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): linux //linux is a virtual_user
331 Please specify the password.
Password:
500 OOPS: priv_sock_get_result
Login failed.
421 Service not available, remote server has closed connection
ftp>
8)when i use the system user "virtualus" to enter my FTP server,it show error like this:
# ftp 127.0.0.1 2121
Connected to 127.0.0.1.
220 Welcome to S_FTP server.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): virtualus
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>
9)the main problem maybe at this site,but i don't know what it imply me
# tail -f /var/log/messages
Oct 27 01:37:47 localhost vsftpd: PAM [dlerror: <*unknown module path*>: cannot open shared object file: No such file or directory]
Oct 27 01:37:47 localhost vsftpd: PAM adding faulty module: <*unknown module path*>
Oct 27 01:38:22 localhost vsftpd: PAM (vsftpd) illegal module type: r
Oct 27 01:38:22 localhost vsftpd: PAM (vsftpd) no control flag supplied
Oct 27 01:38:22 localhost vsftpd: PAM (vsftpd) no module name supplied
Oct 27 01:38:22 localhost vsftpd: PAM unable to dlopen(<*unknown module path*>)
Oct 27 01:38:22 localhost vsftpd: PAM [dlerror: <*unknown module path*>: cannot open shared object file: No such file or directory]
Oct 27 01:38:22 localhost vsftpd: PAM adding faulty module: <*unknown module path*>
Oct 27 02:01:01 localhost crond(pam_unix)[9531]: session opened for user root by (uid=0)
Oct 27 02:01:02 localhost crond(pam_unix)[9531]: session closed for user root
10)
# cat vsftpd.log
Wed Oct 26 12:28:46 2005 1 127.0.0.1 49 /pub/test.txt b _ o a ? ftp 0 * c
waitting for your help...
this never worked for me, but
this never worked for me, but I found a solutions for this on a gentoo board... (actually it's a workaround, by using pam_pwdfile...)
here:
http://forums.gentoo.org/viewtopic-t-302850-start-14-postdays-0-postorde...
my system is FC4,but that sol
my system is FC4,but that solutions just for gentoo system.
thanks all the same
standard subject
well, it works also on debian! OK, you have to change some paths here and there, but it work's great!
So, does it work?
more
sorry, could you give me a example as:
which paths should i change?
where i can put it?
questions...
yeah, but you must answer some questions:
1. does your FC4 have pam_pwdfile?
(_should_ be located in /lib/security/)
if not, here's the homepage, where you can get the source
http://cpbotha.net/pam_pwdfile.html
2. where're your vsftp.conf? (look in /etc, /etc/vsftpd, ...)?
3. do you have the /etc/pam.d/ directory?
next step?
There is no pam_pwdfile in my FC4, but now,i have completed install tht pam_pwdfile-0.99 ,i also copy the pam_pwdfile.so to /lib/security/
when i follow the solution at http://forums.gentoo.org/viewtopic-t-302850-start-14-postdays-0-postorder-asc-highlight-.html
but there is no /etc/portage/ in my FC4
my vsftpd.conf in the /etc/vsftpd/ directory
i have the /etc/pam.d/ directory
please tell me how to do next step,thanks.
hmm
Well, I should have tell you this sooner, but "portage" is gentoo's package management (like RPM for Red Hat)... so you can skip the first step...
so, go directly to: "Previously, vsftpd used the file /etc/pam.d/vsftpd [...]".. so, the next thing you've to do is modifying the "/etc/pam.d/vsftpd" file to:
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd_ftp
account required pam_permit.so
now, change the layout of "virtualus.txt"
linux
123456
tt
123
to:
linux:123456
tt:123
then put the perl-script into "filter.pl"
#! /usr/bin/perl -w
use strict;
# filter "user:cleartext" lines into "user:md5_crypted"
# probably requires glibc
[...]
now, you can generate the access control list "passwd_ftp" with
perl filter.pl ./virtualus.txt > /etc/vsftpd/passwd_ftpfinally, you can restart the vsftpd - daemon (/etc/init.d/vsftpd restart)...
now, it should work, if not... please add "/var/log/message", your vsftpd.conf, /etc/pam.d/vsftpd, ...
haha^_^
ok!ok!Now i can use the virtual user to enter my ftp server.
thank you so so much.
does it really work? (Keep
does it really work?
(Keep in mind, you've to LOCKDOWN the important files so that only the vsftpd-daemon & you can read/write them!)
Yes!it really work,use the vi
Yes!it really work,use the virtual user i can down/up laod all files
you said "LOCKDOWN the important files" ,but i don't know which file is.
Is it important?
This Worked for Me
I ran into the same problem, and found that pam was changed:
change the pam line to:
auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login crypt=hash
Adding the "crypt=hash" got rid of the priv_soc error
Hope this works..
Great, I've tested it and it
Great, I've tested it and it works - fine so far :)
BR / Bart
Problem while implementing it!
Hello :)!
I am new for Linux environment and trying to create virtual users for VS-ftpd.I have tried to implement the above given solution but getting an error.
If anyone of you can help me out with this.I'll be very thankful.
I have installed Red Hat FC 2,SELINUX is disabled.I have performed the following steps:
1.Downloading of pam_pwdfile as i don't have it.
2.Downloading of Linux-PAM-0.75, as given in installation instructions for pam_pwdfile.
3.Unzipped pam_pwdfile in Linux-PAM-0.75/modules.
4.I didn't had default.defs.So,just performed linkage for debian.defs .
5.Removed all modules from module except pam_pwdfile.
6.Installed it and copied pam_pwdfile.so to lib/security.
7.Created virtualus.txt in root.
8.Created /etc/vsftpd/vsftpd_login.db
9.
#db_load -T -t hash -f ./virtualus.txt /etc/vsftpd/vsftpd_login.db
#chmod 600 /etc/vsftpd/vsftpd_login.db
10.
#useradd -d /ftpsite virtualus
#chmod 700 /ftpsite
11.Modified /etc/pam.d/vsftpd to:
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd_ftp
account required pam_permit.so
12.Copied the given vsftpd.conf file to /etc/vsftpd/vsftpd.conf
13.Created filter.pl in /etc/vsftpd and added the given script in How TO to it.
14.chmod +x /etc/vsftpd/filter.pl
15.Created passwd_ftp in /etc/vsftpd and added this script to it:
perl filter.pl ./virtualus.txt
16.In /var/log i have file named messages but not message, i hope its ok.
17. service vsftpd restart
Now when i try to enter it using username: linux and password 123456,i get the following error:
[root@hina root]# ftp 192.168.0.102 2121
Connected to 192.168.0.102.
220 Welcome to S_ FTP server.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.0.102:root): linux
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>
Similar is the case with username:tt and password:123.
If any one of you can point out where implementaion has been wrong, it will be very helpful to me.
???
???
FUBARed! (I'll explain it later... but please, undo all steps!)
(It's not always _wise_, if you _screw_ two tutorials (with different solutions, for different distributions) in one running system)...
Its done :) !
Hello! :)
Its working now......i can login using a virtual user....thanku for your concern Anonymous....:)
heloo iam try to folowing
heloo
iam try to folowing the honey_bee, and iam try undo all step
and modified because iam using SuSE 9.3 and 10
but iam realy can't login with virtual user as i make..
or maybe honey_bee can explain with me where wrongs about tutorial
pls....
thx for our atentionx,.,.
Specs required....!
Hello! :)
Can you give me details which steps you followed exactly.......then i think i'll be able to help you out
first thx for ur attention..
first thx for ur attention.. :)
0. create user system with name virtual and set dir /home/ftp with user virtual
1. take Linux-PAM-0.75.ta.gz and extract in /home/admin/
2. take linux_pwdfile-0.99.tar.gz and extract in /home/admin/Linux-PAM-xxx/modules
3. move on the top Linux-PAM direktori and make all
4. and then copy file pam_pwdfile.so in dir inside the Linux-PAM-xxx/modules/pam_pwdfile-xxx/ to dir /lib/security
5. then it's my /etc/pam.d/vsftpd
6. next make user virtual with the name linux:admin and i save with name virtual.txt
7. with filter.pl as i get from gento forum, then i run this script with user in the virtual.txt and save the file as filter.pl created with the name /etc/ftp.passwd
8. it's my vsftpd.conf
9. because vsftpd run with xinetd so /etc/init.d/xinetd restart
10. so iam try login with username linux password admin is still failed..
it's maybe information can be i explain to you..
sorry for my bad english... :)
Hello! :) OK....first of a
Hello! :)
OK....first of all tell me....when you installed pam_pwdfile.so file...in its installation details....in the fourth step i.e.
4. Prepare Linux-PAM
rm default.defs
ln -s defs/whatever.defs default.defs
1. Which ".defs" file you have used instead of "whatever.defs".As you are are having SUSE so use "suse.defs".Have you used it or not?
2. Then perform installation and place the pam_pwdfile.so created in /lib/security folder.
3. Then in /etc/pam.d folder create file with name "vsftpd".I have the following lines in it:
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftp_passwd
account required pam_permit.so
I think yours are also fine.Just change your password file name.
4. Now my "vsftpd.conf" file's path is /etc/vsftpd/vsftpd.conf.
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
pam_service_name=vsftpd
connect_from_port_20=YES
ftpd_banner=Welcome to S_ FTP server.
chroot_local_user=YES
guest_enable=YES
guest_username=virtual
where virtual is a folder created in /home directory.
5. So i have created my passwd file in /etc/vsftpd folder.Its name is "ftp_passwd".In the file write username and password in the following syntax:
linux:admin
where "linux" is virtual username and "admin" is password.Now save it.
6. Create "filter.pl" and save it in the same folder i.e. /etc/vsftpd.Text for filter.pl is:
#! /usr/bin/perl -w
use strict;
# filter "user:cleartext" lines into "user:md5_crypted"
# probably requires glibc
while (<>) {
chomp;
(my $user, my $pass) = split /:/, $_, 2;
my $crypt = crypt $pass, '$1$' . gensalt(8);
print "$user:$crypt\n";
}
sub gensalt {
my $count = shift;
my @salt = ('.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z');
my $s;
$s .= $salt[rand @salt] for (1 .. $count);
return $s;
}
Remember to:
chmod +x /etc/vsftpd/filter.pl
7. Now write the following lines on your terminal:
cd /etc/vsftpd
touch cleartext
chmod go= cleartext
echo linux:admin >> cleartext (echo your username:passwd)
./filter cleartext > passwd_ftp
8. Restart you xinetd service:
service xinetd restart
9. and login through username and password.Hope it'll work.
You can also take tips from the following link:
http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users
Hope it'll work.If still any problems you can ask.Best of luck! :):):)
k to the point.. when i ext
k to the point..
when i extract Linux-PAM-0.75 i didn't find defaults.defs in inside dir..
it's true ???
so i just following your command with ln -s defs/suse.defs defaults.defs
and tryng to undo all step..
"hi is really different "ftp_passwd" it's u defined in /etc/pam.d/vsftp(5) with passwd_ftp (7) or you just wrong type..???"
after here look's like all thing's is same...
but i still don't know why is failed...
you said the answer in this topic that if virtual user it's working so real user can't login,
but i try login with my real user, login is succes...
i think my vsftpd just read user from system..
what do you think....????
and iam trying too just make sure that my vsftpd load pam...,
change the text in /etc/pam.d/vsftpd is /lib/security/pam_pwdfile.so to /lib/security/pam_pwdfile1.so, iam restart xinetd, dan login ftp with result it's still failed
and there's no messages error while using command tail -f /var/log/messages
i have opinion that my vsftpd don't load pam...
what version vsftpd, linux-PAM, dan pam_pwdfile that you use?
Try it once again!
Hello! :)
OK......i think we should discuss it again.First of all undo all the things.Remove the files that you created or save them with new names.
Installation of pam_pwdfile involves installation of Linux-PAM-0.75.When we install Linux-PAM-0.75 in its main folder we have folder named "defs" ,open def and you'll find a different ".defs" extension files.As you are using SUSE so you must use "suse.defs" file.
If you are not having "default.defs" in main Linux-PAM-0.75 folder there is no problem, if you have it first of all remove it.Now, execute the following command in terminal:
ln -s defs/suse.defs default.defs
Now, if you notice you'll be having "deafult.defs" file in main folder.So, now you must follow the remaining steps in INSTALL file for
pam_pwdfile-0.99.
Now, follow the steps from step(3) in my last mail.Another thing is that when enter the username and password in "ftp_passwd", its syntax should be strictly followed i.e
username:password
there should be no spaces between them and every new username and password should be on new line.
And yes in step(7) the name i gave was incorrect.Its "ftp_passwd" not "passwd_ftp".
After performing step(7) ,open your /etc/vsftpd/ftp_passwd file, you'll notice that your passwd will be converted to some type of encoded data, while username will be the same.
Another thing that you'll notice that a new file "cleartext" will be created that will be having username and passwd in its original form.
Do tell me if you didn't noticed anything i told you.Or anything missing.
Ok...yes my vsftpd verion is "vsftpd-1.2.1-5".
Best of Luck! :)
helooo i make new topic.. be
helooo i make new topic..
because in here is to long...
there is link...
please come...
thx..
my Vsftpd can't work well
I followd your replays,but local user can't login!
Hello! :) In the above set
Hello! :)
In the above settings we change /etc/pam.d/vsftpd file settings, that disables local users to login.This is because we change the path for the file where usernames and their login passwords are placed.
I don't know how to allow both type of users i.e. virtual and local user at the same time, but that's the reason .If you change your file back to the previous settings, you'll be able to login as local users.
first thx for ur attention..
first thx for ur attention.. :)
0. create user system with name virtual and set dir /home/ftp with user virtual
1. take Linux-PAM-0.75.ta.gz and extract in /home/admin/
2. take linux_pwdfile-0.99.tar.gz and extract in /home/admin/Linux-PAM-xxx/modules
3. move on the top Linux-PAM direktori and make all
4. and then copy file pam_pwdfile.so in dir inside the Linux-PAM-xxx/modules/pam_pwdfile-xxx/ to dir /lib/security
5. then it's my /etc/pam.d/vsftpd
6. next make user virtual with the name linux:admin and i save with name virtual.txt
7. with filter.pl as i get from gento forum, then i run this script with user in the virtual.txt and save the file as filter.pl created with the name /etc/ftp.passwd
8. it's my vsftpd.conf
9. because vsftpd run with xinetd so /etc/init.d/xinetd restart
10. so iam try login with username linux password admin is still failed..
it's maybe information can be i explain to you..
sorry for my bad english... :)
i wait you comment...
k to the point.. when i extr
k to the point..
when i extract Linux-PAM-0.75 i didn't find defaults.defs in inside dir..
it's true ???
so i just following your command with ln -s defs/suse.defs defaults.defs
and tryng to undo all step..
"hi is really different "ftp_passwd" it's u defined in /etc/pam.d/vsftp(5) with passwd_ftp (7) or you just wrong type..???"
after here look's like all thing's is same...
but i still don't know why is failed...
you said the answer in this topic that if virtual user it's working so real user can't login,
but i try login with my real user, login is succes...
i think my vsftpd just read user from system..
what do you think....????
and iam trying too just make sure that my vsftpd load pam...,
change the text in /etc/pam.d/vsftpd is /lib/security/pam_pwdfile.so to /lib/security/pam_pwdfile1.so, iam restart xinetd, dan login ftp with result it's still failed
and there's no messages error while using command tail -f /var/log/messages
i have opinion that my vsftpd don't load pam...
what version vsftpd, linux-PAM, dan pam_pwdfile that you use?
pam_userdb.so fixed
Stunning, I have read most of the internet to find this.
I read a bug report for pam_userdb.so for this problem.
I also read that the same file copied from RedHat FC3 works.
I also read this thing about using pam_pwdfile, which looked promising, but I could not find an RPM or anyway to compile the source (no configure and make refused to do anything either) since it seems to be debian specific (what do I know?)
so I add this crypt=hash and bingo, everything falls into place.
I am soooo pleased with this result, thanks so much - I can now do a garbage dump of the internet.