I'm having a little issue with vsftpd on 7.1-release.
My plans are:
1 - Permit local users in the "trusted" group to login via ftp and be chrooted into their relevant home paths.
2 - Permit virtual users as listed in a pwdfile (htpasswd created) file to login and be chrooted to /home/virtual/{$USER} where {$USER} is their login name
3 - Permit anonymous access (read-only) to /home/anonftp
4 - Deny root
Now, the problem I have in requiring users to be in the "trusted" group. It seems the the pam_group line is not being considered at all here - the question is ... why?
Files:
/etc/pam.d/vsftpd
/usr/local/etc/vsftpd.passwords
/usr/local/etc/vsftpd.conf
My plans are:
1 - Permit local users in the "trusted" group to login via ftp and be chrooted into their relevant home paths.
2 - Permit virtual users as listed in a pwdfile (htpasswd created) file to login and be chrooted to /home/virtual/{$USER} where {$USER} is their login name
3 - Permit anonymous access (read-only) to /home/anonftp
4 - Deny root
Now, the problem I have in requiring users to be in the "trusted" group. It seems the the pam_group line is not being considered at all here - the question is ... why?
Files:
/etc/pam.d/vsftpd
Code:
auth requisite pam_nologin.so
auth sufficient /usr/local/lib/pam_pwdfile.so pwdfile /usr/local/etc/vsftpd.passwords
auth requisite pam_group.so no_warn group=trusted
auth required pam_unix.so
account required pam_permit.so
/usr/local/etc/vsftpd.passwords
Code:
alice:4TfZSeqr.rG8k
bob:7eyopIN7Xq086
/usr/local/etc/vsftpd.conf
Code:
ftpd_banner=Welcome...
anonymous_enable=YES
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_upload_enable=NO
anon_world_readable_only=YES
anon_root=/home/anonftp
local_enable=YES
chroot_local_user=YES
secure_chroot_dir=/usr/share/empty
listen=YES
virtual_use_local_privs=NO
write_enable=YES
connect_from_port_20=YES
pam_service_name=vsftpd
guest_enable=YES
user_sub_token=$USER
local_root=/home/virtual/$USER
hide_ids=YES
background=YES