So I set up vsftpd on my Debian box the other day. I wanted a simple virtual users setup, so I created `/etc/vsftpd`, moved and symlinked my `vsftpd.conf` into this directory (to keep Debian happy) and also added a `/etc/vsftpd/users.txt` file – the source for my `db(1)` database that pam should use, after I compiled it with
$ cd /etc/vsftpd && db4.6_load -T -t hash -f users.txt users.db
Now that the database existed I went to `/etc/pam.d/vsftpd` and configured it there
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_userdb.so \
db=/etc/vsftpd/users.db
account required /lib/security/pam_userdb.so \
db=/etc/vsftpd/users.db
but when I tried to log in, vsftpd always reported `530: Login incorrect` (and of course I specified an existing user with a correct password). So what went wrong?
After struggling with it for quite some time I noticed that my `/var/log/auth.log` contained output from pam:
vsftpd: pam_userdb(vsftpd:auth): Verify user `foo’ with a password
vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/users.db’: No such file or directory
Huh?! Of course `/etc/vsftpd/users.db` exists – though it is only read-/writable by root (600), this shouldn’t matter much, because vsftpd runs as root anyways.
Well, the nice thing about the internet is that there is usually at least one person who already had the same problem like you and eventually solved it – [and that was the case here as well](http://www.linuxquestions.org/questions/linux-networking-3/vsftpd-pam-authentication-286864/):
It turned out that pam_userdb.so silently appends *`.db`* to the given path, so all I had to do to make it work was stripping off my `.db` in `/etc/pam.d/vsftpd`:
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_userdb.so \
db=/etc/vsftpd/users
account required /lib/security/pam_userdb.so \
db=/etc/vsftpd/users
If you look into `pam_userdb(8)` you won’t find any hint about that – even worse, the example in the man page uses the explicit `.db` suffix as well (at least here on Lenny).
Anyways, I have now an easy-to-manage ftp server and one reason less to trust anyhow into DropBox and friends 🙂
Dude, you save my day (actually, my night).
Thx a 1.000.000