VSFTPD and virtual user

I will show you how to install FTP server on RedHat Linux and made virtual user "upload" with password "kuku" for uploading and downloading files.

First, you need to run

[alexey@blogger ~]$ sudo yum install vsftpd

i got version 2.0.1

[alexey@blogger ~]$ vsftpd -v
vsftpd: version 2.0.1

than let's backup original config

[alexey@blogger ~]$ sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default

now we can edit config for our needs, open vi

[alexey@blogger ~]$ sudo vi /etc/vsftpd/vsftpd.conf

paste the following

listen=YES
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/usr/share/empty
pam_service_name=vsftpd
guest_enable=YES
guest_username=www
local_root=/path/to/ftp-directory
chroot_local_user=YES
hide_ids=YES
dirmessage_enable=NO
tcp_wrappers=YES
check_shell=NO
userlist_enable=YES
anon_umask=0644
ftpd_banner=Welcome to my FTP!

Now we should create virtual users authentication file, you can use Apache's tools.
'-c' creates new file (remove it when adding new users), '-b' will take password from command line

[alexey@blogger ~]$ /usr/local/httpd/bin/htpasswd -cb /path/to/ftp/users upload kuku
Adding password for user default

Now we need to tell how vsftpd should check users, it will use PAM that described in

[alexey@blogger ~]$ cat /etc/pam.d/vsftpd
#%PAM-1.0
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth       required     pam_stack.so service=system-auth
auth       required     pam_shells.so
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth

backup it with

[alexey@blogger ~]$ sudo cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.default

and paste the following

[alexey@blogger ~]$ cat /etc/pam.d/vsftpd
# MaggaPlus access
auth    required pam_pwdfile.so pwdfile /path/to/ftp/users
account required pam_permit.so
[alexey@blogger ~]$

At this point you can start deamon with

[alexey@blogger ~]$ sudo /etc/init.d/vsftpd start

and if everything is ok, try to connect to your new FTP.

I was dealing with some problem that even if i use username and password pair I just created, it always was return me "Invalid login". I thought that the problem was in the users file and i rewrited it many time. But it was just pwdfile file missing, that I got from

[alexey@blogger ~]$ sudo tail /var/log/messages
Oct  5 20:21:57 blogger vsftpd: vsftpd vsftpd succeeded
Oct  5 20:21:59 blogger vsftpd[27288]: PAM unable to dlopen(/lib/security/pam_pwdfile.so)
Oct  5 20:21:59 blogger vsftpd[27288]: PAM [dlerror: /lib/security/pam_pwdfile.so: cannot open shared object file: No such file
Oct  5 20:21:59 blogger vsftpd[27288]: PAM adding faulty module: /lib/security/pam_pwdfile.so

All PAM plugins placed in

[alexey@blogger ~]$ ll /lib/security/
total 1884
-rwxr-xr-x  1 root root  15560 May 12  2006 pam_access.so
-rwxr-xr-x  1 root root  52334 Oct 13  2004 pam_ccreds.so
-rwxr-xr-x  1 root root   6004 May 12  2006 pam_chroot.so
...

And pam_pwdfile.so was missing :-(
I found it and installed

[alexey@blogger ~]$ sudo rpm -i pam-pam_pwdfile-0.99-2.i586.rpm
warning: pam-pam_pwdfile-0.99-2.i586.rpm: V3 DSA signature: NOKEY, key ID 1bbd5459

Now it is fine, and FTP auth worked!

[alexey@blogger ~]$ ll /lib/security/pam_pwdfile.so
-rwxr-xr-x  1 root root 14572 Jul 30  2004 /lib/security/pam_pwdfile.so

Make sure that FTP root is readable and writable for specified user

[alexey@blogger ~]$ chmod 777 -R /path/to/ftp-directory

[alexey@blogger ~]$ ftp localhost
Connected to localhost (127.0.0.1).
220 Welcome to my FTP!
Name (blogger:alexey): upload
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> close
221 Goodbye.
ftp> bye
[alexey@blogger ~]$

Information used

• Setup Virtual Users and Directories in VSFTPD
• VSFTPD.CONF