vsftpd virtual_users setup转(vsftpd虚拟用户配置)

STEP 1: Install Required packages:

pam (installed by default)
db4 (db4 is my version and was installed by default)
vsftpd
compat-db (this is the package name on fedora which provides the binary db42_load)
Check if the 'db' package is installed

[root@mysystem vsftpd]# rpm -qa | grep -i db

If the db4 package is not installed, do it:

[root@mysystem vsftpd]# yum install db4

The package compat-db will give us the db42_load binary used to build the virtual username/password db file

[root@mysystem vsftpd]# yum install compat-db
[root@mysystem vsftpd]#
yum install vsftpd





Can't find dbXX_load binary? check the locations of the files in this package

[root@mysystem vsftpd]# rpm -ql compat-db

STEP 2: Configure PAM

Confirm existance/location of the file /lib/security/pam_userdb.so

[root@mysystem vsftpd]# rpm -ql pam | grep pam_userdb.so
[root@mysystem
vsftpd]# vi /etc/pam.d/vsftpd
(I EDITED THE FILE TO LOOK LIKE
THIS:)
#%PAM-1.0
session optional pam_keyinit.so force
revoke
auth required /lib/security/pam_userdb.so
db=/etc/vsftpd/vsftpd_users
account required /lib/security/pam_userdb.so
db=/etc/vsftpd/vsftpd_users
#auth required pam_listfile.so item=user
sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required
pam_shells.so
#auth include system-auth
#account include
system-auth
#session include system-auth
#session required
pam_loginuid.so

(note: I had to comment out the bottom 6 lines to get the pam_userdb authentication to succeed for ftp logins. With them not commented out, authentication of known good users failed)

STEP 3: Create system user for vsftpd.conf (this is basically a dummy user, not logged into directly via FTP)

[root@mysystem vsftpd]# adduser -d /home/virtualftp/ virtualftp

STEP 4: Configure vsftpd for virtual users

[root@mysystem vsftpd]# cd /etc/vsftpd
[root@mysystem vsftpd]# vi
vsftpd.conf

(HERE IS MY vsftpd.conf FILE MINUS DEFAULT COMMENTS:)

local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
#
Virtual users will be logged into
/home/virtualftp/[username]/
user_sub_token=$USER
local_root=/home/virtualftp/$USER
guest_enable=YES
guest_username=virtualftp
#
Umask applied for virtual users and anon
anon_umask=0022
# Allows
uploading by virtual users
anon_upload_enable=YES
# Allows creation of
directories by virtual users
anon_mkdir_write_enable=YES
# Allows deletion
of files and directories by virtual users
anon_other_write_enable=YES

Now start up vsftpd (which is configured to run stand-alone in my config file):

[root@mysystem vsftpd]# vsftpd





STEP 5: Setup virtual FTP usernames and their passwords

[root@mysystem vsftpd]# vi /etc/vsftpd/vsftpd_users.txt
(FORMAT
OF THE
FILE:)
username1
passwordforusername1
username2
passwordforusername2
username3
passwordforusername3

Now we create the DB4 formatted username/password file from the plain text vsftpd_users.txt file that will be used by pam_userdb.so:

[root@mysystem vsftpd]# rm /etc/vsftpd/vsftpd_users.db
[root@mysystem
vsftpd]# db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt
/etc/vsftpd/vsftpd_users.db
[root@mysystem vsftpd]# chmod 600
/etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txt





STEP 6: Create directories for each virtual FTP user

[root@mysystem vsftpd]# mkdir -p /home/virtualftp/username1

STEP 7: Test an FTP virtual user login

[root@mysystem vsftpd]# ftp localhost
Connected to localhost.
220
(vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with
USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name
(localhost:root): username1
331 Please specify the
password.
Password:
230 Login successful.
Remote system type is
UNIX
Using binary mode to transfer files.
ftp>

Troubleshooting

If there are problems logging in with a virtual ftp user, check /var/log/secure FIRST!

[root@mysystem vsftpd]# tail -f /var/log/secure
Mar 2 15:07:04 mysystem
vsftpd: pam_userdb(vsftpd:auth): user 'testing' granted access
Mar 2 15:07:04
mysystem vsftpd: pam_unix(vsftpd:auth): check pass; user unknown
Mar 2
15:07:04 mysystem vsftpd: pam_unix(vsftpd:auth): authentication failure;
logname= uid=0 euid=0 tty=ftp ruser=testing rhost=mysystem.cluster
Mar 2
15:07:04 mysystem vsftpd: pam_succeed_if(vsftpd:auth): error retrieving
information about user testing
Mar 2 15:08:32 mysystem vsftpd:
pam_userdb(vsftpd:auth): user 'testing' granted access
Mar 2 15:11:15
mysystem vsftpd: pam_userdb(vsftpd:auth): user 'user0123456789012345678901234'
granted access
Mar 2 15:12:36 mysystem vsftpd: pam_userdb(vsftpd:auth): user
'user01234567890123456789012345' granted access
Mar 2 15:13:43 mysystem
vsftpd: pam_userdb(vsftpd:auth): user 'user012345678901234567890123456' granted
access
Mar 2 15:14:51 mysystem vsftpd: pam_userdb(vsftpd:auth): user
'user0123456789012345678901234567' granted access

在redhat as4.4 64位系统下安装vsftp时遇到的两个问题，都是因为搜寻lib的路径不对引起的

引用

/lib/libpam.so.0: could not read symbols: File in wrong format
collect2: ld
returned 1 exit status
make: *** [vsftpd] Error 1

将vsftp源文件下的vsf_findlibs.sh文件中的/lib，/usr/lib全部换成了/lib64，/usr/lib64再编译即可

第二个问题，登陆的时候验证错误

看vsftp的log没有任何信息。在/var/log/messages中发现了一段

引用

Dec 11 22:02:20 localhost vsftpd: PAM unable to
dlopen(/lib/security/pam_userdb.so)
Dec 11 22:02:20 localhost vsftpd: PAM
[dlerror: /lib/security/pam_userdb.so: cannot open shared object file: No such
file or directo
ry]
Dec 11 22:02:20 localhost vsftpd: PAM adding faulty
module: /lib/security/pam_userdb.so

验证的时候找不到pam_userdb.so这个文件

将/etc/pam.d/ftp中的/lib/security/pam_userdb.so 改为/lib64/security/pam_userdb.so 即可

I found a few times, which can be seen in the real log files above, that the
vsftpd_users.db file was not correctly recreated with the db42_load command over
the top of an existing vsftpd_users.db file. To resolve this, I simply remove
the current vsftpd_users.db file and recreate the file from scratch with the
db42_load.
[root@mysystem vsftpd]# strings
/etc/vsftpd/vsftpd_users.db
[root@mysystem vsftpd]# db42_load -T -t hash -f
/etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db





(possibly interesting note: The /var/log/secure messages above show some testing I did on the maximum allowed username character length. At this time, glibc limits usernames to 32 characters, as can be seen above with the longest username that successfully authenticates. For such a fundamental underlying library, I'd like to see it's limit higher so it is not the limiting factor for the higher level programs that use it.)

转帖http://alien2thisworld.net/sitePages/tutorials/vsftpd_virtual_users_setup.html

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch15_:_Linux_FTP_Server_Setup