I’ve done this before with the help of a very good blog entry. But when I tried to do the same thing today I can’t find that page. So I decide to write this down, in case I’ll need it later.
The most problem of setting up Vsftpd with file based virtual user on FreeBSD is that we don’t have pam_userdb. So we’ll use /usr/ports/security/pam_pwdfile instead.
So after installing the vsftpd and pam_pwdfile ports, do the following:
(1) in /etc/pam.d, make a file named “vsftpd” and put the following lines in it:
account required /usr/lib/pam_permit.so
(2) make a password file with the apache htpasswd utility:
(3) make a local user with “nologin” as the shell and disable password login. I use “vsftp” for this.
(4) in /usr/local/etc/vsftpd.conf, disable anonymous access and enable local user access, and then add the following:
guest_enable=YES
guest_username=vsftp
listen=YES
background=YES
pam_service_name=vsftpd
user_config_dir=/usr/local/etc/vsftpd
virtual_use_local_privs=YES
Note the value of “guest_usrname” is the local user name you made in step (3)
(5) make a directory /usr/local/etc/vsftpd, and write user specific configurations in a file named after the user’s login name. For example, someone with full write access will have something like this:
anon_other_write_enable=YES
anon_upload_enable=YES
write_enable=YES
(6) It should be OK now, add vsftpd_enable=”YES” into /etc/rc.conf as usual, and restart vsftpd to see if everything works fine.
Tags: freebsd, apache, config, file based, ftp, pam, ports, security, virtual user, vsftpd
Comments 3
Hi.
I’ve tried to implement vsftpd using your recipe but I cannot log in with a valid user. The /var/log/messages file lists:
vsftpd: in openpam_load_module(): no /usr/local/lib/pam_pwdfile.so found
The point is that I can list /usr/local/lib/pam_pwdfile.so
Any idea?
Thanks
Posted 10 Dec 2009 at 10:40 pm ¶@Jose: I’ve got the same error. Seems to be a known issue in FreeBSD 8.0-RELEASE at the moment. This is very annoying concerning the fact that the pam_userdb.so module is not available in FreeBSD, either (which is how I do virtual users in Linux).
@dryice: Nice tut, anyway. Thx.
Posted 11 Mar 2010 at 7:58 am ¶Update: Problem solved!
1. uninstall broken pam_pwdfile:
pkg_delete pam_pwdfile-0.99
2. Install pam_pwdfile from the ports:
cd /usr/ports/security/pam_pwdfile
make install clean
3. Enjoy!
(4. optionally also install vsftpd from the ports, since it is also a newer release)
Posted 11 Mar 2010 at 8:30 am ¶Post a Comment
You could use <code type="name"> to get your code colorized