VSFTP local user works, but PAM users Permission Denied












1















I am attempting to configure vsftp to use PAM to authenticate virtual users on my Arch server. It seems so straight forward, I must be missing something simple.



Configuration




  • local user virtualftp in group virtualftp

  • folders /srv/ftp and /srv/ftp/test1 owned by virtualftp:virtualftp

  • PAM user test1 password test1p in /etc/vsftpd_login.db



/etc/pam.d/vsftpd

auth required pam_userdb.so db=/etc/vsftpd_login crypt=hash

account required pam_userdb.so db=/etc/vsftpd_login crypt=hash

session required pam_loginuid.so


/etc/vsftp.conf

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

ftpd_banner=Welcome to MCID's FTP server.

chroot_local_user=YES

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

listen=YES

# nopriv_user=virtualftp



# SSL Configuration

# ssl_enable=YES

# allow_anon_ssl=NO

# force_local_data_ssl=NO

# force_local_logins_ssl=YES

# ssl_tlsv1=YES

# ssl_sslv2=YES

# ssl_sslv3=YES

# rsa_cert_file=/etc/ssl/certs/vsftpd.pem

# rsa_private_key_file=/etc/ssl/certs/vsftpd.pem



# Passive Port Range

pasv_min_port=49152

pasv_max_port=65534



# Added settings for PAM virtualftp logins

pam_service_name=vsftpd

guest_enable=YES

guest_username=virtualftp

virtual_use_local_privs=YES



# Private folders for virtual users

local_root=/srv/ftp/$USER

user_sub_token=$USER


Currently I can login with sftp://theherk@sftp.example.com, my local user just fine. However, if I attempt to login with test1, I get permission denied. What am I missing or confused about?






arch-linux pam vsftpd







share|improve this question



























    1















    I am attempting to configure vsftp to use PAM to authenticate virtual users on my Arch server. It seems so straight forward, I must be missing something simple.



    Configuration




    • local user virtualftp in group virtualftp

    • folders /srv/ftp and /srv/ftp/test1 owned by virtualftp:virtualftp

    • PAM user test1 password test1p in /etc/vsftpd_login.db



    /etc/pam.d/vsftpd

    auth required pam_userdb.so db=/etc/vsftpd_login crypt=hash
    
account required pam_userdb.so db=/etc/vsftpd_login crypt=hash
    
session required pam_loginuid.so


    /etc/vsftp.conf

    anonymous_enable=NO
    
local_enable=YES
    
write_enable=YES
    
local_umask=022
    
dirmessage_enable=YES
    
xferlog_enable=YES
    
connect_from_port_20=YES
    
ftpd_banner=Welcome to MCID's FTP server.
    
chroot_local_user=YES
    
chroot_list_enable=YES
    
chroot_list_file=/etc/vsftpd.chroot_list
    
listen=YES
    
# nopriv_user=virtualftp
    

    
# SSL Configuration
    
# ssl_enable=YES
    
# allow_anon_ssl=NO
    
# force_local_data_ssl=NO
    
# force_local_logins_ssl=YES
    
# ssl_tlsv1=YES
    
# ssl_sslv2=YES
    
# ssl_sslv3=YES
    
# rsa_cert_file=/etc/ssl/certs/vsftpd.pem
    
# rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
    

    
# Passive Port Range
    
pasv_min_port=49152
    
pasv_max_port=65534
    

    
# Added settings for PAM virtualftp logins
    
pam_service_name=vsftpd
    
guest_enable=YES
    
guest_username=virtualftp
    
virtual_use_local_privs=YES
    

    
# Private folders for virtual users
    
local_root=/srv/ftp/$USER
    
user_sub_token=$USER


    Currently I can login with sftp://theherk@sftp.example.com, my local user just fine. However, if I attempt to login with test1, I get permission denied. What am I missing or confused about?






    arch-linux pam vsftpd







    share|improve this question

























      1












      1








      1








      I am attempting to configure vsftp to use PAM to authenticate virtual users on my Arch server. It seems so straight forward, I must be missing something simple.



      Configuration




      • local user virtualftp in group virtualftp

      • folders /srv/ftp and /srv/ftp/test1 owned by virtualftp:virtualftp

      • PAM user test1 password test1p in /etc/vsftpd_login.db



      /etc/pam.d/vsftpd

      auth required pam_userdb.so db=/etc/vsftpd_login crypt=hash
      
account required pam_userdb.so db=/etc/vsftpd_login crypt=hash
      
session required pam_loginuid.so


      /etc/vsftp.conf

      anonymous_enable=NO
      
local_enable=YES
      
write_enable=YES
      
local_umask=022
      
dirmessage_enable=YES
      
xferlog_enable=YES
      
connect_from_port_20=YES
      
ftpd_banner=Welcome to MCID's FTP server.
      
chroot_local_user=YES
      
chroot_list_enable=YES
      
chroot_list_file=/etc/vsftpd.chroot_list
      
listen=YES
      
# nopriv_user=virtualftp
      

      
# SSL Configuration
      
# ssl_enable=YES
      
# allow_anon_ssl=NO
      
# force_local_data_ssl=NO
      
# force_local_logins_ssl=YES
      
# ssl_tlsv1=YES
      
# ssl_sslv2=YES
      
# ssl_sslv3=YES
      
# rsa_cert_file=/etc/ssl/certs/vsftpd.pem
      
# rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
      

      
# Passive Port Range
      
pasv_min_port=49152
      
pasv_max_port=65534
      

      
# Added settings for PAM virtualftp logins
      
pam_service_name=vsftpd
      
guest_enable=YES
      
guest_username=virtualftp
      
virtual_use_local_privs=YES
      

      
# Private folders for virtual users
      
local_root=/srv/ftp/$USER
      
user_sub_token=$USER


      Currently I can login with sftp://theherk@sftp.example.com, my local user just fine. However, if I attempt to login with test1, I get permission denied. What am I missing or confused about?






      arch-linux pam vsftpd







      share|improve this question














      I am attempting to configure vsftp to use PAM to authenticate virtual users on my Arch server. It seems so straight forward, I must be missing something simple.



      Configuration




      • local user virtualftp in group virtualftp

      • folders /srv/ftp and /srv/ftp/test1 owned by virtualftp:virtualftp

      • PAM user test1 password test1p in /etc/vsftpd_login.db



      /etc/pam.d/vsftpd

      auth required pam_userdb.so db=/etc/vsftpd_login crypt=hash
      
account required pam_userdb.so db=/etc/vsftpd_login crypt=hash
      
session required pam_loginuid.so


      /etc/vsftp.conf

      anonymous_enable=NO
      
local_enable=YES
      
write_enable=YES
      
local_umask=022
      
dirmessage_enable=YES
      
xferlog_enable=YES
      
connect_from_port_20=YES
      
ftpd_banner=Welcome to MCID's FTP server.
      
chroot_local_user=YES
      
chroot_list_enable=YES
      
chroot_list_file=/etc/vsftpd.chroot_list
      
listen=YES
      
# nopriv_user=virtualftp
      

      
# SSL Configuration
      
# ssl_enable=YES
      
# allow_anon_ssl=NO
      
# force_local_data_ssl=NO
      
# force_local_logins_ssl=YES
      
# ssl_tlsv1=YES
      
# ssl_sslv2=YES
      
# ssl_sslv3=YES
      
# rsa_cert_file=/etc/ssl/certs/vsftpd.pem
      
# rsa_private_key_file=/etc/ssl/certs/vsftpd.pem
      

      
# Passive Port Range
      
pasv_min_port=49152
      
pasv_max_port=65534
      

      
# Added settings for PAM virtualftp logins
      
pam_service_name=vsftpd
      
guest_enable=YES
      
guest_username=virtualftp
      
virtual_use_local_privs=YES
      

      
# Private folders for virtual users
      
local_root=/srv/ftp/$USER
      
user_sub_token=$USER


      Currently I can login with sftp://theherk@sftp.example.com, my local user just fine. However, if I attempt to login with test1, I get permission denied. What am I missing or confused about?






      arch-linux pam vsftpd




      arch-linux pam vsftpd






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 12 '13 at 6:30









      TheHerkTheHerk

      1063




      1063






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Try this for virtual users to enable write access:



          virtual_use_local_privs=YES





          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f104814%2fvsftp-local-user-works-but-pam-users-permission-denied%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Try this for virtual users to enable write access:



            virtual_use_local_privs=YES





            share|improve this answer




























              0














              Try this for virtual users to enable write access:



              virtual_use_local_privs=YES





              share|improve this answer


























                0












                0








                0







                Try this for virtual users to enable write access:



                virtual_use_local_privs=YES





                share|improve this answer













                Try this for virtual users to enable write access:



                virtual_use_local_privs=YES






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 25 '14 at 12:12









                sibidibasibidiba

                1




                1






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f104814%2fvsftp-local-user-works-but-pam-users-permission-denied%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    How to make a Squid Proxy server?

                    Image
                    1 I want to set up squid proxy server for monitoring user activity in a network and Internet Web URL filtering for user. I also want to configure the user login, user log, user access group, and block unwanted web sites in my network. Please help me and guide me the full process to do this. server proxy squid share | improve this question edited Jul 31 '12 at 14:45 Jorge Castro 37.1k 107 422 617 asked Jul 31 '12 at 5:16 Goivind Tiwari Goivind Tiwari ...
                    Read more

                    第一次世界大戦

                    Image
                    この項目「 第一次世界大戦 」は翻訳されたばかりのものです。不自然あるいは曖昧な表現などが含まれる可能性があり、このままでは読みづらいかもしれません。(原文:ドイツ語版&oldid=173272248、英語版&oldid=821659949) 修正、加筆に協力し、現在の表現をより原文に近づけて下さる方を求めています。ノートページや履歴も参照してください。 ( 2018年5月 ) 第一次世界大戦 (だいいちじせかいたいせん、英語: World War I 、略称: WWI )は、1914年7月28日から1918年11月11日にかけて、連合国対中央同盟国の戦闘により繰り広げられた世界大戦である。 第一次世界大戦 上段:西部戦線の戦場 中段左:ドイツ軍のアルバトロス D.III複葉機 中段右:イギリス軍のMk.IV戦車 下段左:ソンムの戦いでのヴィッカース重機関銃と英兵 下段右:ガリポリの戦いで沈む英国戦艦イレジスティブル 戦争 :第一次世界大戦 年月日 :1914年7月28日 - 1918年11月11日 場所 :ヨーロッパ、中東、アフリカ、中国、太平洋 結果 :連合国(協商国)の勝利 交戦勢力 連合国 フランス共和国 イギリス帝国 ロシア帝国 セルビア王国 モンテネグロ王国 ベルギー 大日本帝国 イタリア王国 ルーマニア王国 ポルトガル共和国 アメリカ合衆国 ギリシャ王国 中華民国(北京政府) 他多数 中央同盟国 ドイツ帝国 オーストリア=ハンガリー帝国 オスマン帝国 ブルガリア王国 ほか共同参戦国あり 指導者・指揮官 ジョルジュ・クレマンソー レイモン・ポアンカレ フェルディナン・フォッシュ ジョージ5世 ハーバート・ヘンリー・アスキス ホレイショ・ハーバート・キッチナー デビッド・ロイド・ジョージ ニコライ2世 ペータル1世 ニコラ1世 アルベール1世 大正天皇 大隈重信 寺内正毅 原敬 ヴィットーリオ・エマヌエーレ3世 ヴィットーリオ・オルランド フェルディナンド1世 ウッドロウ・ウィルソン アレクサンドロス1世 段祺瑞 他多数 (英語版) ヴィルヘルム2世 パウル・フォン・ヒン...
                    Read more

                    Touch on Surface Book

                    Image
                    0 How can I make touch work on my Surface Book? About my Surface Book: Model: Intel Core i7-6600 U @ 2.60 GHz with 8 GB Ram and Nvidia GPU OS: Ubuntu 17.04 Latest, kernel 4.10.0-13-generic System outputs on Ubuntu: ~$ xinput list ⎡ Virtual core pointer id=2 [master pointer (3)] ⎜ ↳ Virtual core XTEST pointer id=4 [slave pointer (2)] ⎜ ↳ USB OPTICAL MOUSE id=8 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Consumer Control id=10 [slave pointer (2)] ⎜ ↳ Microsoft Surface Keyboard Touchpad id=11 [slave pointer (2)] ⎣ Virtual core keyboard id=3 [master keyboard (2)] ↳ Virtual core XTEST keyboard id=5 [slave keyboard (3)] ...
                    Read more