Page 1 of 1

vsftpd => virtual user vs local user access

Posted: 2011/11/15 12:53:43
by ket_nn
Hi all,

I had a FTP server (default vsftpd) on my workstation with only one local user "EK". In order to add virtual users I used the scripts provided by the link:
http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users

The re-configuring proceeded in such way that I do not have FTP access any longer as local user, i.e. EK (error 530 login incorrect), however virtual user can connect and have access to his proper folder.
SSH/SFTP seems to be still ok.

In the following part I will provide the configuration info from different files:

# cat vsftpd.conf
ftpd_banner=
anon_world_readable_only=NO
anonymous_enable=NO
chroot_local_user=YES
guest_enable=NO
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=xxx.xxx.xxx.xxx
local_enable=YES
max_clients=100
max_per_ip=5
nopriv_user=ftp
pam_service_name=ftp
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
xferlog_enable=YES
anon_umask=0027
local_umask=022
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=NO
download_enable=YES


# cat denied_users
adm
avahi
avahi-autoipd
bin
daemon
dbus
flexlm
games
gdm
gopher
haldaemon
halt
hsqldb
lp
mail
mailnull
news
nfsnobody
nobody
nscd
ntp
operator
oprofile
pcap
root
rpc
rpcuser
shutdown
smmsp
sshd
sync
uucp
vcsa
xfs


# cat ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

# cat user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
EK /my comment: removing of given local user from this file does not help/
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

# cat /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so

# cat /etc/pam.d/ftp
auth required pam_userdb.so db=/etc/vsftpd/accounts
account required pam_userdb.so db=/etc/vsftpd/accounts


How can I figure out this problem ? Could it be a problem with PAM authentication ? How to resolve it ?

Thanks much in advance !

Re: vsftpd => virtual user vs local user access

Posted: 2011/11/15 12:57:38
by ket_nn
Information for general problems.
[code]
== BEGIN uname -rmi ==
2.6.18-274.7.1.el5.centos.plus x86_64 x86_64
== END uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
elrepo-release-5-3.el5.elrepo
adobe-release-i386-1.0-1
centos-release-5-7.el5.centos
rpmforge-release-0.5.2-2.el5.rf
epel-release-5-4
centos-release-notes-5.7-0
== END rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 5.7 (Final)
== END cat /etc/redhat-release ==

== BEGIN getenforce ==
Disabled
== END getenforce ==

== BEGIN free -m ==
total used free shared buffers cached
Mem: 32177 5542 26635 0 496 2567
-/+ buffers/cache: 2477 29699
Swap: 40954 0 40954
== END free -m ==

== BEGIN rpm -q yum rpm python ==
yum-3.2.22-37.el5.centos
rpm-4.4.2.3-22.el5_7.2
python-2.4.3-44.el5_7.1
== END rpm -q yum rpm python ==

== BEGIN ls /etc/yum.repos.d ==
adobe-linux-i386.repo
atrpms.repo
CentOS-Base.repo
CentOS-Base.repo.rpmnew
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Vault.repo
elrepo.repo
elrepo.repo.rpmnew
epel.repo
epel-testing.repo
mirrors-rpmforge
mirrors-rpmforge-extras
mirrors-rpmforge-testing
rpmforge.repo
== END ls /etc/yum.repos.d ==

== BEGIN cat /etc/yum.conf ==
[main]
cachedir=/var/cache/yum
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum

# Note: yum-RHN-plugin doesn't honor this.
metadata_expire=1h

installonly_limit = 5

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
== END cat /etc/yum.conf ==

== BEGIN yum repolist all ==
Loaded plugins: fastestmirror, priorities
Excluding Packages from EL 5 - x86_64 - ATrpms
Finished
Reducing EL 5 - x86_64 - ATrpms to included packages only
Finished
repo id repo name status
C5.0-base CentOS-5.0 - Base disabled
C5.0-centosplus CentOS-5.0 - Plus disabled
C5.0-extras CentOS-5.0 - Extras disabled
C5.0-updates CentOS-5.0 - Updates disabled
C5.1-base CentOS-5.1 - Base disabled
C5.1-centosplus CentOS-5.1 - Plus disabled
C5.1-extras CentOS-5.1 - Extras disabled
C5.1-updates CentOS-5.1 - Updates disabled
C5.2-base CentOS-5.2 - Base disabled
C5.2-centosplus CentOS-5.2 - Plus disabled
C5.2-extras CentOS-5.2 - Extras disabled
C5.2-updates CentOS-5.2 - Updates disabled
C5.3-base CentOS-5.3 - Base disabled
C5.3-centosplus CentOS-5.3 - Plus disabled
C5.3-extras CentOS-5.3 - Extras disabled
C5.3-updates CentOS-5.3 - Updates disabled
C5.4-base CentOS-5.4 - Base disabled
C5.4-centosplus CentOS-5.4 - Plus disabled
C5.4-extras CentOS-5.4 - Extras disabled
C5.4-updates CentOS-5.4 - Updates disabled
C5.5-base CentOS-5.5 - Base disabled
C5.5-centosplus CentOS-5.5 - Plus disabled
C5.5-extras CentOS-5.5 - Extras disabled
C5.5-updates CentOS-5.5 - Updates disabled
C5.6-base CentOS-5.6 - Base disabled
C5.6-centosplus CentOS-5.6 - Plus disabled
C5.6-extras CentOS-5.6 - Extras disabled
C5.6-updates CentOS-5.6 - Updates disabled
addons CentOS-5 - Addons enabled: 0
adobe-linux-i386 Adobe Systems Incorporated enabled: 17
atrpms EL 5 - x86_64 - ATrpms enabled: 1,029+1,993
base CentOS-5 - Base enabled: 3,566
c5-media CentOS-5 - Media disabled
centosplus CentOS-5 - Plus enabled: 42
contrib CentOS-5 - Contrib disabled
debug CentOS-5 - Debuginfo disabled
elrepo ELRepo.org Community Enterprise Linu enabled: 349
elrepo-kernel ELRepo.org Community Enterprise Linu disabled
elrepo-testing ELRepo.org Community Enterprise Linu disabled
epel Extra Packages for Enterprise Linux disabled
epel-debuginfo Extra Packages for Enterprise Linux disabled
epel-source Extra Packages for Enterprise Linux disabled
epel-testing Extra Packages for Enterprise Linux disabled
epel-testing-debuginfo Extra Packages for Enterprise Linux disabled
epel-testing-source Extra Packages for Enterprise Linux disabled
extras CentOS-5 - Extras enabled: 237
rpmforge RHEL 5 - RPMforge.net - dag enabled: 10,853
rpmforge-extras RHEL 5 - RPMforge.net - extras disabled
rpmforge-testing RHEL 5 - RPMforge.net - testing disabled
updates CentOS-5 - Updates enabled: 393
repolist: 16,486
== END yum repolist all ==

== BEGIN egrep 'include|exclude' /etc/yum.repos.d/*.repo ==
/etc/yum.repos.d/atrpms.repo:exclude=*kmdl*i586*
/etc/yum.repos.d/atrpms.repo:includepkgs=*nvidia-graphics*
== END egrep 'include|exclude' /etc/yum.repos.d/*.repo ==

== BEGIN sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==
== END sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==

== BEGIN cat /etc/fstab ==
LABEL=/ / ext3 defaults 1 1
LABEL=/opt /opt ext3 defaults 1 2
LABEL=/home /home ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/sda2 swap swap defaults 0 0
/dev/sdb1 /home/EK/Disk1 ext3 defaults 1 2
/dev/sdc1 /home/EK/Disk2 ext3 defaults 1 2
/dev/sdd1 /home/EK/Disk3 ext3 defaults 1 2
/home/EK/Disk3/SHARE/ /var/ftp/virtual_users/jfcstudent/SHARE/ none bind 0 0
/home/EK/Disk3/DISTRIB/BOOKS/ /var/ftp/virtual_users/jfcstudent/BOOKS/ none bind 0 0
== END cat /etc/fstab ==

== BEGIN df -h ==
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 291G 7.5G 269G 3% /
/dev/sda5 97G 14G 79G 15% /opt
/dev/sda6 476G 180G 272G 40% /home
/dev/sda1 487M 42M 420M 9% /boot
tmpfs 16G 0 16G 0% /dev/shm
/dev/sdb1 917G 19G 852G 3% /home/EK/Disk1
/dev/sdc1 917G 200M 871G 1% /home/EK/Disk2
/dev/sdd1 917G 250G 621G 29% /home/EK/Disk3
== END df -h ==

== BEGIN blkid ==
/dev/sdd1: UUID="650c69f1-51b0-4226-9062-699cdde3e552" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdc1: UUID="e7b8c7c5-1af9-424f-9652-48af927e9c4d" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdb1: UUID="f91e77b6-c534-40a0-a072-5c637407b04b" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda6: LABEL="/home" UUID="fb970699-1c13-4086-a8db-bb6370ea185c" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda5: LABEL="/opt" UUID="dbe3d46b-8aa8-4338-8aa4-10a0896a3337" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda3: LABEL="/" UUID="cf9d07bc-eee9-4469-a96f-c00e11de5827" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda1: LABEL="/boot" UUID="05771dc3-2ea2-4d1f-942e-4ce186043d79" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda2: TYPE="swap" UUID="7e720970-1cf3-4e9f-8594-1d101cf1aeee"
== END blkid ==

== BEGIN cat /proc/mdstat ==
Personalities :
unused devices: <none>
== END cat /proc/mdstat ==

== BEGIN rpm -qa kernel\* | sort ==
kernel-2.6.18-238.12.1.el5.centos.plus
kernel-2.6.18-238.19.1.el5.centos.plus
kernel-2.6.18-238.9.1.el5.centos.plus
kernel-2.6.18-274.3.1.el5.centos.plus
kernel-2.6.18-274.7.1.el5.centos.plus
kernel-devel-2.6.18-238.12.1.el5.centos.plus
kernel-devel-2.6.18-238.19.1.el5.centos.plus
kernel-devel-2.6.18-238.9.1.el5.centos.plus
kernel-devel-2.6.18-274.3.1.el5.centos.plus
kernel-devel-2.6.18-274.7.1.el5.centos.plus
kernel-headers-2.6.18-274.7.1.el5.centos.plus
== END rpm -qa kernel\* | sort ==

== BEGIN lspci ==
00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 22)
00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 (rev 22)
00:05.0 PCI bridge: Intel Corporation 5520/X58 I/O Hub PCI Express Root Port 5 (rev 22)
00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 (rev 22)
00:09.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 9 (rev 22)
00:13.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub I/OxAPIC Interrupt Controller (rev 22)
00:14.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers (rev 22)
00:14.1 PIC: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers (rev 22)
00:14.2 PIC: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers (rev 22)
00:14.3 PIC: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers (rev 22)
00:1a.0 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #4
00:1a.1 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #5
00:1a.2 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #6
00:1a.7 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #2
00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio Controller
00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 1
00:1c.4 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 5
00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 6
00:1d.0 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #1
00:1d.1 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #2
00:1d.2 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #3
00:1d.7 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #1
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface Controller
00:1f.2 IDE interface: Intel Corporation 82801JI (ICH10 Family) 4 port SATA IDE Controller #1
00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
00:1f.5 IDE interface: Intel Corporation 82801JI (ICH10 Family) 2 port SATA IDE Controller #2
01:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 10)
01:01.0 Multimedia audio controller: Ensoniq 5880B [AudioPCI] (rev 02)
02:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
03:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
04:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E PCI-Express Fusion-MPT SAS (rev 08)
08:00.0 VGA compatible controller: nVidia Corporation G92 [GeForce 9800 GT] (rev a2)
80:00.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express Root Port 0 (rev 22)
80:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 22)
80:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 (rev 22)
80:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 (rev 22)
80:10.0 PIC: Intel Corporation 5520/5500/X58 Physical and Link Layer Registers Port 0 (rev 22)
80:10.1 PIC: Intel Corporation 5520/5500/X58 Routing and Protocol Layer Registers Port 0 (rev 22)
80:11.0 PIC: Intel Corporation 5520/5500 Physical and Link Layer Registers Port 1 (rev 22)
80:11.1 PIC: Intel Corporation 5520/5500 Routing & Protocol Layer Register Port 1 (rev 22)
80:13.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub I/OxAPIC Interrupt Controller (rev 22)
80:14.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers (rev 22)
80:14.1 PIC: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers (rev 22)
80:14.2 PIC: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers (rev 22)
80:14.3 PIC: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers (rev 22)
== END lspci ==

== BEGIN lspci -n ==
00:00.0 0600: 8086:3406 (rev 22)
00:01.0 0604: 8086:3408 (rev 22)
00:03.0 0604: 8086:340a (rev 22)
00:05.0 0604: 8086:340c (rev 22)
00:07.0 0604: 8086:340e (rev 22)
00:09.0 0604: 8086:3410 (rev 22)
00:13.0 0800: 8086:342d (rev 22)
00:14.0 0800: 8086:342e (rev 22)
00:14.1 0800: 8086:3422 (rev 22)
00:14.2 0800: 8086:3423 (rev 22)
00:14.3 0800: 8086:3438 (rev 22)
00:1a.0 0c03: 8086:3a37
00:1a.1 0c03: 8086:3a38
00:1a.2 0c03: 8086:3a39
00:1a.7 0c03: 8086:3a3c
00:1b.0 0403: 8086:3a3e
00:1c.0 0604: 8086:3a40
00:1c.4 0604: 8086:3a48
00:1c.5 0604: 8086:3a4a
00:1d.0 0c03: 8086:3a34
00:1d.1 0c03: 8086:3a35
00:1d.2 0c03: 8086:3a36
00:1d.7 0c03: 8086:3a3a
00:1e.0 0604: 8086:244e (rev 90)
00:1f.0 0601: 8086:3a16
00:1f.2 0101: 8086:3a20
00:1f.3 0c05: 8086:3a30
00:1f.5 0101: 8086:3a26
01:00.0 0300: 1a03:2000 (rev 10)
01:01.0 0401: 1274:5880 (rev 02)
02:00.0 0200: 8086:10d3
03:00.0 0200: 8086:10d3
04:00.0 0100: 1000:0058 (rev 08)
08:00.0 0300: 10de:0614 (rev a2)
80:00.0 0604: 8086:3420 (rev 22)
80:01.0 0604: 8086:3408 (rev 22)
80:03.0 0604: 8086:340a (rev 22)
80:07.0 0604: 8086:340e (rev 22)
80:10.0 0800: 8086:3425 (rev 22)
80:10.1 0800: 8086:3426 (rev 22)
80:11.0 0800: 8086:3427 (rev 22)
80:11.1 0800: 8086:3428 (rev 22)
80:13.0 0800: 8086:342d (rev 22)
80:14.0 0800: 8086:342e (rev 22)
80:14.1 0800: 8086:3422 (rev 22)
80:14.2 0800: 8086:3423 (rev 22)
80:14.3 0800: 8086:3438 (rev 22)
== END lspci -n ==

== BEGIN lsusb ==
Bus 004 Device 001: ID 0000:0000
Bus 002 Device 004: ID 046b:ff01 American Megatrends, Inc.
Bus 002 Device 005: ID 046b:ff10 American Megatrends, Inc.
Bus 002 Device 001: ID 0000:0000
Bus 005 Device 002: ID 0a81:0101 Chesen Electronics Corp. Keyboard
Bus 005 Device 001: ID 0000:0000
Bus 006 Device 002: ID 046d:c062 Logitech, Inc. LS1 Laser Mouse, corded
Bus 006 Device 001: ID 0000:0000
Bus 007 Device 002: ID 046d:c30e Logitech, Inc. UltraX Keyboard (Y-BL49)
Bus 007 Device 001: ID 0000:0000
Bus 003 Device 001: ID 0000:0000
Bus 001 Device 001: ID 0000:0000
Bus 008 Device 001: ID 0000:0000
== END lsusb ==

== BEGIN ifconfig -a ==
eth0 Link encap:Ethernet HWaddr xxx
inet addr:xxx.xxx.xxx.xxx Bcast:xxx.xxx.xxx.xxx Mask:255.255.0.0
inet6 addr: fe80::2e0:81ff:fed1:eb5d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:856963 errors:0 dropped:0 overruns:0 frame:0
TX packets:204511 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:196417906 (187.3 MiB) TX bytes:152219322 (145.1 MiB)
Interrupt:177 Memory:fbae0000-fbb00000

eth1 Link encap:Ethernet HWaddr xxx
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:169 Memory:fb9e0000-fba00000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8762 errors:0 dropped:0 overruns:0 frame:0
TX packets:8762 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5884766 (5.6 MiB) TX bytes:5884766 (5.6 MiB)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vmnet1 Link encap:Ethernet HWaddr xxx
inet addr:172.16.141.1 Bcast:172.16.141.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:261 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

vmnet8 Link encap:Ethernet HWaddr xxx
inet addr:192.168.224.1 Bcast:192.168.224.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:261 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

== END ifconfig -a ==

== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.224.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet8
172.16.141.0 0.0.0.0 255.255.255.0 U 0 0 0 vmnet1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
xxx.xxx.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 xxx.xxx.xxx.xxx 0.0.0.0 UG 0 0 0 eth0
== END route -n ==

== BEGIN cat /etc/resolv.conf ==
# Generated by NetworkManager


# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
== END cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
netmasks: files
networks: files
netgroup: nisplus
== END grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
NetworkManager 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
== END chkconfig --list | grep -Ei 'network|wpa' ==
[/code]

vsftpd => virtual user vs local user access

Posted: 2011/11/18 11:28:57
by TrevorH
I suspect that your problem stems from

[code]
pam_service_name=ftp
[/code]

as this means that /etc/pam.d/vsftpd is no longer used. All users will now need to be in the /etc/vsftpd/accounts.db file

Re: vsftpd => virtual user vs local user access

Posted: 2011/11/18 17:42:21
by ket_nn
yep.
When I change pam_service_name variable to vsftpd - noone can login, neither local user nor virtual users...
File accounts.db cannot be edited ?



[quote]
TrevorH wrote:
I suspect that your problem stems from

[code]
pam_service_name=ftp
[/code]

as this means that /etc/pam.d/vsftpd is no longer used. All users will now need to be in the /etc/vsftpd/accounts.db file[/quote]

Re: vsftpd => virtual user vs local user access

Posted: 2011/11/18 19:30:37
by TrevorH
[u]You[/u] created the /etc/vsftpd/accounts.db file by following the instructions in that wiki entry. You added entries to it by running db_load to do so. I've not investigated further since I had the opposite requirement - to not allow local users to logon and to restrict it to [u]only[/u] virtual users. When I followed that wiki article I had the opposite problem - local users could still logon even though I didn't want them to.