Christopher Mills
2010-Sep-02 21:39 UTC
[CentOS-docs] Update for HowTo: Chroot vsftpd with non-system users
Hi, This update is for the HowTo at http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users Regarding two of the scripts provided: vsftpd_virtual_config.sh and vsftpd_virtual_config_withTLS.sh: The configuration additions it makes to PAM do not work on 64-bit systems. In vsftpd_virtual_config.sh (Lines 55 & 56) and vsftpd_virtual_config_withTLS.sh (Lines 123 & 124) should be changed from: auth required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts account required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts to auth required pam_userdb.so db=/etc/vsftpd/accounts account required pam_userdb.so db=/etc/vsftpd/accounts This will allow it to work on both 32 and 64 bit systems. Additionally, the vsftpd_virtual_config.sh is incomplete. The following should be added to vsftpd_virtual_config.sh after line 74: printf ' Setting up SELinux Boolean (allow_ftpd_anon_write 1) ... ' /usr/sbin/setsebool -P allow_ftpd_anon_write 1 printf "Done.\n" Currently, the script does not make the SELinux modifications and it errors out with an unexpected EOF error. Thanks, ChrisAM
Jerry Amundson
2010-Sep-03 01:42 UTC
[CentOS-docs] Update for HowTo: Chroot vsftpd with non-system users
On Thu, Sep 2, 2010 at 4:39 PM, Christopher Mills <chris at chrisam.net> wrote:> Hi, > > This update is for the HowTo at > http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users > > Regarding two of the scripts provided: vsftpd_virtual_config.sh and > vsftpd_virtual_config_withTLS.sh: > > The configuration additions it makes to PAM do not work on 64-bit > systems. In vsftpd_virtual_config.sh (Lines 55 & 56) and > vsftpd_virtual_config_withTLS.sh (Lines 123 & 124) should be changed > from: > > auth ? ?required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts > account required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts > > to > > auth ? ?required pam_userdb.so db=/etc/vsftpd/accounts > account required pam_userdb.so db=/etc/vsftpd/accounts > > This will allow it to work on both 32 and 64 bit systems. > > Additionally, the vsftpd_virtual_config.sh is incomplete. The > following should be added to vsftpd_virtual_config.sh after line 74: > printf ' Setting up SELinux Boolean (allow_ftpd_anon_write 1) ... ' > /usr/sbin/setsebool -P allow_ftpd_anon_write 1 > printf "Done.\n"Alternatively, printf ' Setting up SELinux Boolean (allow_ftpd_anon_write 1) ... ' /usr/sbin/setsebool -P allow_ftpd_anon_write 1 && printf "Done.\n" || printf "Failed.\n" Small grammar corrections: s/Here you'll can/Here you can/ s/Just after install vsftpd package/Just after installing the vsftpd package/ jerry