If you’re using VSFTP as your FTP server, and would like to have Virtual Users who are restricted to using their ‘home’ directory when they log in, then probably the easiest way to achieve that is with PAM.
I’ve just set up something similar on my VPS – working through this very useful VSFTPD and PAM tutorial. I’m using CentoOS on the VPS, but it should work for most other distros too, although you may need to change some of the paths to work with your installation.
I ran into a couple of issues with the tutorial. First, I was getting 530 Login-Errors. A look at the log file from:
tail -f /var/log/secure
Brought up this error:
vsftpd: PAM [error: /lib/security/pam_userdb.so: wrong ELF class: ELFCLASS32]
This is a simple fix – there’s a 64 bit version of pam_userdb.so, which you need to point to in your /etc/pam.d/vsftpd file. Change the part that says /lib/security/pam_userdb.so to reference /lib64/security/pam_userdb.so instead – there should be two instances to change.
Restarting VSFTP with:
service vsftp restart
Showed that there were still more problems. I was still getting 530 errors, and tailing the logs again I found a whole catalogue of errors:
vsftpd: PAM (vsftpd) no module name supplied
vsftpd: PAM (vsftpd) illegal module type: file=/etc/vsftpd/vsftpd_users
vsftpd: PAM pam_parse: expecting return value; […onerr=succeed]
vsftpd: PAM (vsftpd) no module name supplied
vsftpd: pam_userdb(vsftpd:auth): can not get the database name
vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory
vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory
Desperate, I double checked every step, everything had been done correctly.
So, I re-created my user file and DB, thinking that it may have been corrupted somehow (I’m using db4, not db3, by the way) – and it worked fine.
The difference, the second time I made the file? The second time, I used vi to make my users.txt file, which was then converted into the DB. The first time, I had used nano.
So, if you’re running into problems with VSFTPD, and you’re convinced you’ve done everything correctly, try using a different text editor. Vi may not be the prettiest editor in the world, but it gets the job done 🙂
vsftpd: PAM (vsftpd) no module name supplied
Jun 10 17:38:58 mythgames vsftpd: PAM (vsftpd) illegal module type: file=/etc/vsftpd/vsftpd_users
Jun 10 17:38:58 mythgames vsftpd: PAM pam_parse: expecting return value; […onerr=succeed]
Jun 10 17:38:58 mythgames vsftpd: PAM (vsftpd) no module name supplied
Jun 10 17:38:58 mythgames vsftpd: pam_userdb(vsftpd:auth): can not get the database name
Jun 10 17:40:29 mythgames vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory
Jun 10 17:44:10 mythgames sshd[7470]: pam_unix(sshd:session): session closed for user root
Jun 10 17:44:31 mythgames sshd[24274]: Accepted password for root from 86.167.187.254 port 52023 ssh2
Jun 10 17:44:31 mythgames sshd[24274]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 10 17:46:06 mythgames vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vsftpd_users.db’: No such file or directory