http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html
http://www.howtoforge.com/pureftpd_mysql_virtual_hosting
We get this error because virtual user directory does not exist. Attempts at directory auto creation via configuration file fail:
331 Please specify the password.
Password:
500 OOPS: cannot change directory:/opt/ftp/testuser
Login failed.
ftp>
We want MySQL user dir's to be auto-created when a valid user tries to login you will need to change your pam configuration to:
#%PAM-1.0
# Auth in MySQL
auth requisite pam_mysql.so user=vsftpd-ro passwd=readonly host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0
auth required pam_script.so onerr=success dir=/etc/pam-script
# Account in MySQL
account required pam_mysql.so user=vsftpd-ro passwd=readonly host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=0
$ cat /etc/pam-script/pam_script_auth
#!/bin/sh
if [ ! -d "/opt/ftp/$PAM_USER" ]; then
/usr/bin/env mkdir /opt/ftp/$PAM_USER
/usr/bin/env chown ftp:ftp /opt/ftp/$PAM_USER
fi
Small changes to SPEC file for 64 bit location and packaging:
# see http://www.rpm.org/RPM-HOWTO/build.html for details
# and sub-package details for maximum-rpm too
#
Summary: a PAM module that can invoke scripts within the PAM stack
Name: pam-script
Version: 1.1.4
Release: 1.local
License: GPL
Vendor: LBNL/NERSC
Group: System Environment/Base
Source: http://sourceforge.net/projects/pam-script/pam-script-1.1.4.tar.gz
BuildRoot: /var/tmp/%{name}-buildroot
Provides: pam-script-1.1.4
Requires: pam
%description
pam-script allows you to execute scripts during authorization, passwd
changes, and on session opening or closing; which can affect the PAM stack.
----------
%package examples
Summary: some pam-script example scripts and docs
Group: System Environment/Base
%description examples
logscript - simply records the various PAM_* environment variables to
a log file. Useful for studying how the various PAM modules work together.
tally - a pam-script version of the pam-tally module with much of the
same options. It's a perl script and is useful for hacking your own
authentication scheme.
%prep
%setup
%build
%pre
%install
# pam-script
./configure --prefix=/usr \
--libdir=/lib64/security \
--sysconfdir=/etc/pam-script \
--mandir=/usr/share/man
make DESTDIR=$RPM_BUILD_ROOT install
make DESTDIR=$RPM_BUILD_ROOT install-man7
make DESTDIR=$RPM_BUILD_ROOT install-examples
%post
# pam-script
%preun
# pam-script
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
/lib64/security/pam_script.so
%doc README
/etc/pam-script/README
/usr/share/man/man7/pam-script.7.gz
%files examples
/etc/pam-script/*
I've been trying to implement something similar to this but am having problems. The vsftpd login fails regardless of what is happening with the script.
ReplyDeleteI've tried both pam_script and pam_exec. More details here:
http://askubuntu.com/questions/406486/vsftpd-hanging-when-using-pam-exec-or-pam-script
If you have any suggestions, I'd appreciate it!
Hi Nick, I'm also having a few probs getting the script to work. I'm a noob when it comes to linux, so more than likely my issue. Anyhow I know it's been a while since you created this blog, so I'm hoping and praying you might be able to help assist me.
ReplyDeleteI downloaded pam_mysql using yum in amazons ami 64 bit instance. Everything works except the script to create the user directories. I posted a detailed question on serverfault, I'm hoping you might be able to make some suggestions. Thanks in advance.
https://unix.stackexchange.com/questions/181852/setting-up-a-script-on-an-ami-box-to-create-directories-vsftpd-pam-mysql
George,
ReplyDeleteCommented on your StackExchange post.
Nick