vsftpd => virtual user vs local user access

Issues related to configuring your network

vsftpd => virtual user vs local user access

Postby ket_nn » 2011/11/15 12:53:43

Hi all,

I had a FTP server (default vsftpd) on my workstation with only one local user "EK". In order to add virtual users I used the scripts provided by the link:
http://wiki.centos.org/HowTos/Chroot_Vs ... stem_users

The re-configuring proceeded in such way that I do not have FTP access any longer as local user, i.e. EK (error 530 login incorrect), however virtual user can connect and have access to his proper folder.
SSH/SFTP seems to be still ok.

In the following part I will provide the configuration info from different files:

# cat vsftpd.conf
ftpd_banner=
anon_world_readable_only=NO
anonymous_enable=NO
chroot_local_user=YES
guest_enable=NO
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=xxx.xxx.xxx.xxx
local_enable=YES
max_clients=100
max_per_ip=5
nopriv_user=ftp
pam_service_name=ftp
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
xferlog_enable=YES
anon_umask=0027
local_umask=022
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=NO
download_enable=YES


# cat denied_users
adm
avahi
avahi-autoipd
bin
daemon
dbus
flexlm
games
gdm
gopher
haldaemon
halt
hsqldb
lp
mail
mailnull
news
nfsnobody
nobody
nscd
ntp
operator
oprofile
pcap
root
rpc
rpcuser
shutdown
smmsp
sshd
sync
uucp
vcsa
xfs


# cat ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

# cat user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
EK /my comment: removing of given local user from this file does not help/
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

# cat /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so

# cat /etc/pam.d/ftp
auth required pam_userdb.so db=/etc/vsftpd/accounts
account required pam_userdb.so db=/etc/vsftpd/accounts


How can I figure out this problem ? Could it be a problem with PAM authentication ? How to resolve it ?

Thanks much in advance !
ket_nn
 
Posts: 20
Joined: 2011/07/21 09:19:12
Location: FRANCE

Re: vsftpd => virtual user vs local user access

Postby ket_nn » 2011/11/15 12:57:38

Information for general problems.
Code: Select all
== BEGIN uname -rmi ==
2.6.18-274.7.1.el5.centos.plus x86_64 x86_64
== END   uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
elrepo-release-5-3.el5.elrepo
adobe-release-i386-1.0-1
centos-release-5-7.el5.centos
rpmforge-release-0.5.2-2.el5.rf
epel-release-5-4
centos-release-notes-5.7-0
== END   rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 5.7 (Final)
== END   cat /etc/redhat-release ==

== BEGIN getenforce ==
Disabled
== END   getenforce ==

== BEGIN free -m ==
             total       used       free     shared    buffers     cached
Mem:         32177       5542      26635          0        496       2567
-/+ buffers/cache:       2477      29699
Swap:        40954          0      40954
== END   free -m ==

== BEGIN rpm -q yum rpm python ==
yum-3.2.22-37.el5.centos
rpm-4.4.2.3-22.el5_7.2
python-2.4.3-44.el5_7.1
== END   rpm -q yum rpm python ==

== BEGIN ls /etc/yum.repos.d ==
adobe-linux-i386.repo
atrpms.repo
CentOS-Base.repo
CentOS-Base.repo.rpmnew
CentOS-Debuginfo.repo
CentOS-Media.repo
CentOS-Vault.repo
elrepo.repo
elrepo.repo.rpmnew
epel.repo
epel-testing.repo
mirrors-rpmforge
mirrors-rpmforge-extras
mirrors-rpmforge-testing
rpmforge.repo
== END   ls /etc/yum.repos.d ==

== BEGIN cat /etc/yum.conf ==
[main]
cachedir=/var/cache/yum
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
distroverpkg=redhat-release
tolerant=1
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum

# Note: yum-RHN-plugin doesn't honor this.
metadata_expire=1h

installonly_limit = 5

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
== END   cat /etc/yum.conf ==

== BEGIN yum repolist all ==
Loaded plugins: fastestmirror, priorities
Excluding Packages from EL 5 - x86_64 - ATrpms
Finished
Reducing EL 5 - x86_64 - ATrpms to included packages only
Finished
repo id                repo name                            status
C5.0-base              CentOS-5.0 - Base                    disabled
C5.0-centosplus        CentOS-5.0 - Plus                    disabled
C5.0-extras            CentOS-5.0 - Extras                  disabled
C5.0-updates           CentOS-5.0 - Updates                 disabled
C5.1-base              CentOS-5.1 - Base                    disabled
C5.1-centosplus        CentOS-5.1 - Plus                    disabled
C5.1-extras            CentOS-5.1 - Extras                  disabled
C5.1-updates           CentOS-5.1 - Updates                 disabled
C5.2-base              CentOS-5.2 - Base                    disabled
C5.2-centosplus        CentOS-5.2 - Plus                    disabled
C5.2-extras            CentOS-5.2 - Extras                  disabled
C5.2-updates           CentOS-5.2 - Updates                 disabled
C5.3-base              CentOS-5.3 - Base                    disabled
C5.3-centosplus        CentOS-5.3 - Plus                    disabled
C5.3-extras            CentOS-5.3 - Extras                  disabled
C5.3-updates           CentOS-5.3 - Updates                 disabled
C5.4-base              CentOS-5.4 - Base                    disabled
C5.4-centosplus        CentOS-5.4 - Plus                    disabled
C5.4-extras            CentOS-5.4 - Extras                  disabled
C5.4-updates           CentOS-5.4 - Updates                 disabled
C5.5-base              CentOS-5.5 - Base                    disabled
C5.5-centosplus        CentOS-5.5 - Plus                    disabled
C5.5-extras            CentOS-5.5 - Extras                  disabled
C5.5-updates           CentOS-5.5 - Updates                 disabled
C5.6-base              CentOS-5.6 - Base                    disabled
C5.6-centosplus        CentOS-5.6 - Plus                    disabled
C5.6-extras            CentOS-5.6 - Extras                  disabled
C5.6-updates           CentOS-5.6 - Updates                 disabled
addons                 CentOS-5 - Addons                    enabled:           0
adobe-linux-i386       Adobe Systems Incorporated           enabled:          17
atrpms                 EL 5 - x86_64 - ATrpms               enabled: 1,029+1,993
base                   CentOS-5 - Base                      enabled:       3,566
c5-media               CentOS-5 - Media                     disabled
centosplus             CentOS-5 - Plus                      enabled:          42
contrib                CentOS-5 - Contrib                   disabled
debug                  CentOS-5 - Debuginfo                 disabled
elrepo                 ELRepo.org Community Enterprise Linu enabled:         349
elrepo-kernel          ELRepo.org Community Enterprise Linu disabled
elrepo-testing         ELRepo.org Community Enterprise Linu disabled
epel                   Extra Packages for Enterprise Linux  disabled
epel-debuginfo         Extra Packages for Enterprise Linux  disabled
epel-source            Extra Packages for Enterprise Linux  disabled
epel-testing           Extra Packages for Enterprise Linux  disabled
epel-testing-debuginfo Extra Packages for Enterprise Linux  disabled
epel-testing-source    Extra Packages for Enterprise Linux  disabled
extras                 CentOS-5 - Extras                    enabled:         237
rpmforge               RHEL 5 - RPMforge.net - dag          enabled:      10,853
rpmforge-extras        RHEL 5 - RPMforge.net - extras       disabled
rpmforge-testing       RHEL 5 - RPMforge.net - testing      disabled
updates                CentOS-5 - Updates                   enabled:         393
repolist: 16,486
== END   yum repolist all ==

== BEGIN egrep 'include|exclude' /etc/yum.repos.d/*.repo ==
/etc/yum.repos.d/atrpms.repo:exclude=*kmdl*i586*
/etc/yum.repos.d/atrpms.repo:includepkgs=*nvidia-graphics*
== END   egrep 'include|exclude' /etc/yum.repos.d/*.repo ==

== BEGIN sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==
== END   sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==

== BEGIN cat /etc/fstab ==
LABEL=/                 /                       ext3    defaults        1 1
LABEL=/opt              /opt                    ext3    defaults        1 2
LABEL=/home             /home                   ext3    defaults        1 2
LABEL=/boot             /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/sda2               swap                    swap    defaults        0 0
/dev/sdb1      /home/EK/Disk1      ext3   defaults    1 2
/dev/sdc1      /home/EK/Disk2      ext3   defaults    1 2
/dev/sdd1      /home/EK/Disk3      ext3   defaults    1 2
/home/EK/Disk3/SHARE/    /var/ftp/virtual_users/jfcstudent/SHARE/ none bind 0 0
/home/EK/Disk3/DISTRIB/BOOKS/  /var/ftp/virtual_users/jfcstudent/BOOKS/ none bind 0 0 
== END   cat /etc/fstab ==

== BEGIN df -h ==
Filesystem            Size  Used Avail Use% Mounted on
/dev/sda3             291G  7.5G  269G   3% /
/dev/sda5              97G   14G   79G  15% /opt
/dev/sda6             476G  180G  272G  40% /home
/dev/sda1             487M   42M  420M   9% /boot
tmpfs                  16G     0   16G   0% /dev/shm
/dev/sdb1             917G   19G  852G   3% /home/EK/Disk1
/dev/sdc1             917G  200M  871G   1% /home/EK/Disk2
/dev/sdd1             917G  250G  621G  29% /home/EK/Disk3
== END   df -h ==

== BEGIN blkid ==
/dev/sdd1: UUID="650c69f1-51b0-4226-9062-699cdde3e552" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdc1: UUID="e7b8c7c5-1af9-424f-9652-48af927e9c4d" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdb1: UUID="f91e77b6-c534-40a0-a072-5c637407b04b" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda6: LABEL="/home" UUID="fb970699-1c13-4086-a8db-bb6370ea185c" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda5: LABEL="/opt" UUID="dbe3d46b-8aa8-4338-8aa4-10a0896a3337" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda3: LABEL="/" UUID="cf9d07bc-eee9-4469-a96f-c00e11de5827" TYPE="ext3" SEC_TYPE="ext2"
/dev/sda1: LABEL="/boot" UUID="05771dc3-2ea2-4d1f-942e-4ce186043d79" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda2: TYPE="swap" UUID="7e720970-1cf3-4e9f-8594-1d101cf1aeee"
== END   blkid ==

== BEGIN cat /proc/mdstat ==
Personalities :
unused devices: <none>
== END   cat /proc/mdstat ==

== BEGIN rpm -qa kernel\* | sort ==
kernel-2.6.18-238.12.1.el5.centos.plus
kernel-2.6.18-238.19.1.el5.centos.plus
kernel-2.6.18-238.9.1.el5.centos.plus
kernel-2.6.18-274.3.1.el5.centos.plus
kernel-2.6.18-274.7.1.el5.centos.plus
kernel-devel-2.6.18-238.12.1.el5.centos.plus
kernel-devel-2.6.18-238.19.1.el5.centos.plus
kernel-devel-2.6.18-238.9.1.el5.centos.plus
kernel-devel-2.6.18-274.3.1.el5.centos.plus
kernel-devel-2.6.18-274.7.1.el5.centos.plus
kernel-headers-2.6.18-274.7.1.el5.centos.plus
== END   rpm -qa kernel\* | sort ==

== BEGIN lspci ==
00:00.0 Host bridge: Intel Corporation 5520 I/O Hub to ESI Port (rev 22)
00:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 22)
00:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 (rev 22)
00:05.0 PCI bridge: Intel Corporation 5520/X58 I/O Hub PCI Express Root Port 5 (rev 22)
00:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 (rev 22)
00:09.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 9 (rev 22)
00:13.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub I/OxAPIC Interrupt Controller (rev 22)
00:14.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers (rev 22)
00:14.1 PIC: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers (rev 22)
00:14.2 PIC: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers (rev 22)
00:14.3 PIC: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers (rev 22)
00:1a.0 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #4
00:1a.1 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #5
00:1a.2 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #6
00:1a.7 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #2
00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio Controller
00:1c.0 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 1
00:1c.4 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 5
00:1c.5 PCI bridge: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 6
00:1d.0 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #1
00:1d.1 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #2
00:1d.2 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #3
00:1d.7 USB Controller: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #1
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 90)
00:1f.0 ISA bridge: Intel Corporation 82801JIR (ICH10R) LPC Interface Controller
00:1f.2 IDE interface: Intel Corporation 82801JI (ICH10 Family) 4 port SATA IDE Controller #1
00:1f.3 SMBus: Intel Corporation 82801JI (ICH10 Family) SMBus Controller
00:1f.5 IDE interface: Intel Corporation 82801JI (ICH10 Family) 2 port SATA IDE Controller #2
01:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 10)
01:01.0 Multimedia audio controller: Ensoniq 5880B [AudioPCI] (rev 02)
02:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
03:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
04:00.0 SCSI storage controller: LSI Logic / Symbios Logic SAS1068E PCI-Express Fusion-MPT SAS (rev 08)
08:00.0 VGA compatible controller: nVidia Corporation G92 [GeForce 9800 GT] (rev a2)
80:00.0 PCI bridge: Intel Corporation 5500 Non-Legacy I/O Hub PCI Express Root Port 0 (rev 22)
80:01.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 (rev 22)
80:03.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 (rev 22)
80:07.0 PCI bridge: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 (rev 22)
80:10.0 PIC: Intel Corporation 5520/5500/X58 Physical and Link Layer Registers Port 0 (rev 22)
80:10.1 PIC: Intel Corporation 5520/5500/X58 Routing and Protocol Layer Registers Port 0 (rev 22)
80:11.0 PIC: Intel Corporation 5520/5500 Physical and Link Layer Registers Port 1 (rev 22)
80:11.1 PIC: Intel Corporation 5520/5500 Routing & Protocol Layer Register Port 1 (rev 22)
80:13.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub I/OxAPIC Interrupt Controller (rev 22)
80:14.0 PIC: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers (rev 22)
80:14.1 PIC: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers (rev 22)
80:14.2 PIC: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers (rev 22)
80:14.3 PIC: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers (rev 22)
== END   lspci ==

== BEGIN lspci -n ==
00:00.0 0600: 8086:3406 (rev 22)
00:01.0 0604: 8086:3408 (rev 22)
00:03.0 0604: 8086:340a (rev 22)
00:05.0 0604: 8086:340c (rev 22)
00:07.0 0604: 8086:340e (rev 22)
00:09.0 0604: 8086:3410 (rev 22)
00:13.0 0800: 8086:342d (rev 22)
00:14.0 0800: 8086:342e (rev 22)
00:14.1 0800: 8086:3422 (rev 22)
00:14.2 0800: 8086:3423 (rev 22)
00:14.3 0800: 8086:3438 (rev 22)
00:1a.0 0c03: 8086:3a37
00:1a.1 0c03: 8086:3a38
00:1a.2 0c03: 8086:3a39
00:1a.7 0c03: 8086:3a3c
00:1b.0 0403: 8086:3a3e
00:1c.0 0604: 8086:3a40
00:1c.4 0604: 8086:3a48
00:1c.5 0604: 8086:3a4a
00:1d.0 0c03: 8086:3a34
00:1d.1 0c03: 8086:3a35
00:1d.2 0c03: 8086:3a36
00:1d.7 0c03: 8086:3a3a
00:1e.0 0604: 8086:244e (rev 90)
00:1f.0 0601: 8086:3a16
00:1f.2 0101: 8086:3a20
00:1f.3 0c05: 8086:3a30
00:1f.5 0101: 8086:3a26
01:00.0 0300: 1a03:2000 (rev 10)
01:01.0 0401: 1274:5880 (rev 02)
02:00.0 0200: 8086:10d3
03:00.0 0200: 8086:10d3
04:00.0 0100: 1000:0058 (rev 08)
08:00.0 0300: 10de:0614 (rev a2)
80:00.0 0604: 8086:3420 (rev 22)
80:01.0 0604: 8086:3408 (rev 22)
80:03.0 0604: 8086:340a (rev 22)
80:07.0 0604: 8086:340e (rev 22)
80:10.0 0800: 8086:3425 (rev 22)
80:10.1 0800: 8086:3426 (rev 22)
80:11.0 0800: 8086:3427 (rev 22)
80:11.1 0800: 8086:3428 (rev 22)
80:13.0 0800: 8086:342d (rev 22)
80:14.0 0800: 8086:342e (rev 22)
80:14.1 0800: 8086:3422 (rev 22)
80:14.2 0800: 8086:3423 (rev 22)
80:14.3 0800: 8086:3438 (rev 22)
== END   lspci -n ==

== BEGIN lsusb ==
Bus 004 Device 001: ID 0000:0000 
Bus 002 Device 004: ID 046b:ff01 American Megatrends, Inc.
Bus 002 Device 005: ID 046b:ff10 American Megatrends, Inc.
Bus 002 Device 001: ID 0000:0000 
Bus 005 Device 002: ID 0a81:0101 Chesen Electronics Corp. Keyboard
Bus 005 Device 001: ID 0000:0000 
Bus 006 Device 002: ID 046d:c062 Logitech, Inc. LS1 Laser Mouse, corded
Bus 006 Device 001: ID 0000:0000 
Bus 007 Device 002: ID 046d:c30e Logitech, Inc. UltraX Keyboard (Y-BL49)
Bus 007 Device 001: ID 0000:0000 
Bus 003 Device 001: ID 0000:0000 
Bus 001 Device 001: ID 0000:0000 
Bus 008 Device 001: ID 0000:0000 
== END   lsusb ==

== BEGIN ifconfig -a ==
eth0      Link encap:Ethernet  HWaddr xxx 
          inet addr:xxx.xxx.xxx.xxx  Bcast:xxx.xxx.xxx.xxx  Mask:255.255.0.0
          inet6 addr: fe80::2e0:81ff:fed1:eb5d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:856963 errors:0 dropped:0 overruns:0 frame:0
          TX packets:204511 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:196417906 (187.3 MiB)  TX bytes:152219322 (145.1 MiB)
          Interrupt:177 Memory:fbae0000-fbb00000

eth1      Link encap:Ethernet  HWaddr xxx 
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:169 Memory:fb9e0000-fba00000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8762 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8762 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5884766 (5.6 MiB)  TX bytes:5884766 (5.6 MiB)

sit0      Link encap:IPv6-in-IPv4 
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet1    Link encap:Ethernet  HWaddr xxx 
          inet addr:172.16.141.1  Bcast:172.16.141.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:261 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

vmnet8    Link encap:Ethernet  HWaddr xxx 
          inet addr:192.168.224.1  Bcast:192.168.224.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:261 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

== END   ifconfig -a ==

== BEGIN route -n ==
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.224.0   0.0.0.0         255.255.255.0   U     0      0        0 vmnet8
172.16.141.0    0.0.0.0         255.255.255.0   U     0      0        0 vmnet1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
xxx.xxx.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         xxx.xxx.xxx.xxx   0.0.0.0         UG    0      0        0 eth0
== END   route -n ==

== BEGIN cat /etc/resolv.conf ==
# Generated by NetworkManager


# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo.com bar.foo.com
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
== END   cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks:   nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     
netmasks:   files
networks:   files
netgroup:   nisplus
== END   grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
NetworkManager    0:off   1:off   2:off   3:off   4:off   5:off   6:off
network           0:off   1:off   2:on   3:on   4:on   5:on   6:off
wpa_supplicant    0:off   1:off   2:off   3:off   4:off   5:off   6:off
== END   chkconfig --list | grep -Ei 'network|wpa' ==
ket_nn
 
Posts: 20
Joined: 2011/07/21 09:19:12
Location: FRANCE

vsftpd => virtual user vs local user access

Postby TrevorH » 2011/11/18 11:28:57

I suspect that your problem stems from

Code: Select all
pam_service_name=ftp


as this means that /etc/pam.d/vsftpd is no longer used. All users will now need to be in the /etc/vsftpd/accounts.db file
User avatar
TrevorH
Forum Moderator
 
Posts: 9071
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd => virtual user vs local user access

Postby ket_nn » 2011/11/18 17:42:21

yep.
When I change pam_service_name variable to vsftpd - noone can login, neither local user nor virtual users...
File accounts.db cannot be edited ?



TrevorH wrote:
I suspect that your problem stems from

Code: Select all
pam_service_name=ftp


as this means that /etc/pam.d/vsftpd is no longer used. All users will now need to be in the /etc/vsftpd/accounts.db file
ket_nn
 
Posts: 20
Joined: 2011/07/21 09:19:12
Location: FRANCE

Re: vsftpd => virtual user vs local user access

Postby TrevorH » 2011/11/18 19:30:37

You created the /etc/vsftpd/accounts.db file by following the instructions in that wiki entry. You added entries to it by running db_load to do so. I've not investigated further since I had the opposite requirement - to not allow local users to logon and to restrict it to only virtual users. When I followed that wiki article I had the opposite problem - local users could still logon even though I didn't want them to.
User avatar
TrevorH
Forum Moderator
 
Posts: 9071
Joined: 2009/09/24 10:40:56
Location: Brighton, UK


Return to CentOS 5 - Networking Support

Who is online

Users browsing this forum: No registered users and 2 guests