Thursday, December 15, 2011

vsFTP MySQL Virtual with Auto-Create Home Directories

Expanding on the howto's shown here:

We get this error because virtual user directory does not exist.  Attempts at directory auto creation via configuration file fail:

331 Please specify the password.
500 OOPS: cannot change directory:/opt/ftp/testuser
Login failed.

We want MySQL user dir's to be auto-created when a valid user tries to login you will need to change your pam configuration to:


# Auth in MySQL
auth requisite user=vsftpd-ro passwd=readonly host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0
auth required onerr=success dir=/etc/pam-script

# Account in MySQL
account required user=vsftpd-ro passwd=readonly host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0

$ cat /etc/pam-script/pam_script_auth

if [ ! -d "/opt/ftp/$PAM_USER" ]; then
  /usr/bin/env mkdir /opt/ftp/$PAM_USER
  /usr/bin/env chown ftp:ftp /opt/ftp/$PAM_USER

Small changes to SPEC file for 64 bit location and packaging:

# see for details
# and sub-package details for maximum-rpm too
Summary: a PAM module that can invoke scripts within the PAM stack
Name: pam-script
Version: 1.1.4
Release: 1.local
License: GPL
Group: System Environment/Base
BuildRoot: /var/tmp/%{name}-buildroot
Provides: pam-script-1.1.4
Requires: pam
pam-script allows you to execute scripts during  authorization,  passwd
changes, and on session opening or closing; which can affect the PAM stack.

%package examples
Summary: some pam-script example scripts and docs
Group: System Environment/Base
%description examples
logscript - simply records the various PAM_* environment variables to
a log file.  Useful for studying how the various PAM modules work together.
tally - a pam-script version of the pam-tally module with much of the
same options.  It's a perl script and is useful for hacking your own
authentication scheme.





# pam-script
./configure    --prefix=/usr                    \
        --libdir=/lib64/security                \
        --sysconfdir=/etc/pam-script            \

make DESTDIR=$RPM_BUILD_ROOT install-man7
make DESTDIR=$RPM_BUILD_ROOT install-examples

# pam-script

# pam-script


%files examples


  1. I've been trying to implement something similar to this but am having problems. The vsftpd login fails regardless of what is happening with the script.

    I've tried both pam_script and pam_exec. More details here:

    If you have any suggestions, I'd appreciate it!

  2. Hi Nick, I'm also having a few probs getting the script to work. I'm a noob when it comes to linux, so more than likely my issue. Anyhow I know it's been a while since you created this blog, so I'm hoping and praying you might be able to help assist me.

    I downloaded pam_mysql using yum in amazons ami 64 bit instance. Everything works except the script to create the user directories. I posted a detailed question on serverfault, I'm hoping you might be able to make some suggestions. Thanks in advance.

  3. George,

    Commented on your StackExchange post.