{"id":1062,"date":"2011-07-05T23:49:59","date_gmt":"2011-07-05T22:49:59","guid":{"rendered":"http:\/\/www.thomaskeller.biz\/blog\/?p=1062"},"modified":"2011-07-05T23:53:20","modified_gmt":"2011-07-05T22:53:20","slug":"vsftpd-setup-the-missing-information","status":"publish","type":"post","link":"https:\/\/www.thomaskeller.biz\/blog\/2011\/07\/05\/vsftpd-setup-the-missing-information\/","title":{"rendered":"vsftpd setup &#8211; the missing information"},"content":{"rendered":"<p>So I set up vsftpd on my Debian box the other day. I wanted a simple virtual users setup, so I created `\/etc\/vsftpd`, moved and symlinked my `vsftpd.conf` into this directory (to keep Debian happy) and also added a `\/etc\/vsftpd\/users.txt` file &#8211; the source for my `db(1)` database that pam should use, after I compiled it with<\/p>\n<p>    $ cd \/etc\/vsftpd &#038;&#038; db4.6_load -T -t hash -f users.txt users.db<\/p>\n<p>Now that the database existed I went to `\/etc\/pam.d\/vsftpd` and configured it there<\/p>\n<p>    session optional    pam_keyinit.so force revoke<br \/>\n    auth    required    \/lib\/security\/pam_userdb.so \\<br \/>\n                        db=\/etc\/vsftpd\/users.db<br \/>\n    account required    \/lib\/security\/pam_userdb.so \\<br \/>\n                        db=\/etc\/vsftpd\/users.db<\/p>\n<p>but when I tried to log in, vsftpd always reported `530: Login incorrect` (and of course I specified an existing user with a correct password). So what went wrong?<\/p>\n<p>After struggling with it for quite some time I noticed that my `\/var\/log\/auth.log` contained output from pam:<\/p>\n<p>    vsftpd: pam_userdb(vsftpd:auth): Verify user `foo&#8217; with a password<br \/>\n    vsftpd: pam_userdb(vsftpd:auth): user_lookup: could not open database `\/etc\/vsftpd\/users.db&#8217;: No such file or directory<\/p>\n<p>Huh?! Of course `\/etc\/vsftpd\/users.db` exists &#8211; though it is only read-\/writable by root (600), this shouldn&#8217;t matter much, because vsftpd runs as root anyways.<\/p>\n<p>Well, the nice thing about the internet is that there is usually at least one person who already had the same problem like you and eventually solved it &#8211; [and that was the case here as well](http:\/\/www.linuxquestions.org\/questions\/linux-networking-3\/vsftpd-pam-authentication-286864\/):<\/p>\n<p>It turned out that pam_userdb.so silently appends *`.db`* to the given path, so all I had to do to make it work was stripping off my `.db` in `\/etc\/pam.d\/vsftpd`:<\/p>\n<p>    session optional    pam_keyinit.so force revoke<br \/>\n    auth    required    \/lib\/security\/pam_userdb.so \\<br \/>\n                        db=\/etc\/vsftpd\/users<br \/>\n    account required    \/lib\/security\/pam_userdb.so \\<br \/>\n                        db=\/etc\/vsftpd\/users<\/p>\n<p>If you look into `pam_userdb(8)` you won&#8217;t find any hint about that &#8211; even worse, the example in the man page uses the explicit `.db` suffix as well (at least here on Lenny).<\/p>\n<p>Anyways, I have now an easy-to-manage ftp server and one reason less to trust anyhow into DropBox and friends \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So I set up vsftpd on my Debian box the other day. I wanted a simple virtual users setup, so I created `\/etc\/vsftpd`, moved and symlinked my `vsftpd.conf` into this directory (to keep Debian happy) and also added a `\/etc\/vsftpd\/users.txt` file &#8211; the source for my `db(1)` database that pam should use, after I compiled &hellip; <a href=\"https:\/\/www.thomaskeller.biz\/blog\/2011\/07\/05\/vsftpd-setup-the-missing-information\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">vsftpd setup &#8211; the missing information<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-1062","post","type-post","status-publish","format-standard","hentry","category-debian-ubuntu-administration"],"_links":{"self":[{"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/posts\/1062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/comments?post=1062"}],"version-history":[{"count":4,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/posts\/1062\/revisions"}],"predecessor-version":[{"id":1066,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/posts\/1062\/revisions\/1066"}],"wp:attachment":[{"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/media?parent=1062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/categories?post=1062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thomaskeller.biz\/blog\/wp-json\/wp\/v2\/tags?post=1062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}