VSFTPD and virtual users

Hello

I would like to set up a FTP server using vsftpd

The documentation states examples of how to setup virtual users authenticated with pam

However, in Leap 42.2, there is no pam_userdb.so module installed which is used in the example.
Other websites also state/use the pam_userdb.so module.

Does anyone have a tutorial or explanation/link? how to set up vsftpd with virtual users in Leap 42.2

Or is it possible to install the pam_userdb.so module?
But to get it from where; how to install?
I tried the with Yast and looked on the opensuse site for pam packages - but it is not there.

I assume YaST > Software > Software Manager and then the Search.

Did you check the RMP “Provides” box when searching. Because it seems that you are looking for a file and thus needs the package that provides it. And that package may have another name.

Hello Henk

Yes - I have tried that. There is no such pam module. Also not in RPM Provides or File List

Actually the vsftpd example documentation coming with Leap does not contain useful information in respect to virtual users.

OK, that is a miss then. :frowning:
I asked because on my 31.1 system pam_userdb.so is part of the pam package.

So, either this is depricated or this is organised in a different way. Beyond my expertise.

Pls describe your objective more clearly (eg You wish to set up vsftpd with its own ftp users, not the same as system Users)
and
Which documentation you’re using. If you are using something online, provide the URL. If it’s part of the offline documentation installed on your machine, provide the path and file name.

TSU

https://bugzilla.opensuse.org/show_bug.cgi?id=929711

But yes, pam_userdb was broken by design and insecure.

Indeed, just run “strings” over the respective DB and you will get the usernames/passwords in the clear, not good.

So I did face the same problem and decided to find something better which is still easy to use and not overkill for a handful of users (so SQL data base backends are right out).

I would recommend using “pam_pwdfile” as backend

http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/

There is a package in OBS called “pam_pwdfile”

https://software.opensuse.org/package/pam_pwdfile?search_term=pam_pwdfile

which works well on my 42.1 here.

AK

P.S.

I would also use “mkpasswd” for creating hashed password entries as it will offer you SHA256/SHA512 instead of crappy DES/MD5 provided by “htpasswd” or “openssl passwd”.

Agree with @Akoellh above as a good “small business” setup for relatively few Users.

The currently available options are probably outlined in the vsftpd Arch Wiki
https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon#PAM_with_virtual_users

I also skimmed various published blogs how to set up using pam_mysql for those who have more Users and might need the performance of a relational database and IMO I see that as a likely viable option, too. Although blogs are generally for other distros, once you have the required packages installed on openSUSE, it looks like setting up vsftpd and mysql hasn’t changed in over 6 years (posts going back as far as 2010 are likely still useful). I’d imagine if someone didn’t want to set up mariadb/mysql, sqlite should be a viable substitute as always (I found only one post describing that).

TSU

Thank you all who did reply!

I do not want to have system users indeed, because the logins might frequently change or user(s) be added or removed again.

I wasn’t aware of the ArchLinux tutorial and I will give it a try and report back.

B.t.w.: I saw some sites citing the pam_mysql as well, but also this module is not available in Leap 42.2.

Ok

The ArchLinux guide was clear enough to make it work.

Thanks!