vsftpd virtual user support

2024-11-24 08:52:15 +02:00 · 2016-02-03 02:07:27 +08:00 · 2016-02-03 02:07:27 +08:00 · eefea6df8a
commit eefea6df8a
parent 76c49047f5
3 changed files with 33 additions and 8 deletions
--- a/vsftpd/Dockerfile
+++ b/vsftpd/Dockerfile
@ -6,7 +6,21 @@ FROM alpine
 MAINTAINER kev <noreply@datageek.info>

 RUN set -xe \
-    && apk add -U vsftpd \
+    && apk add -U build-base \
+                  curl \
+                  linux-pam-dev \
+                  tar \
+                  vsftpd \
+    && mkdir pam_pwdfile \
+        && cd pam_pwdfile \
+        && curl -sSL https://github.com/tiwe-de/libpam-pwdfile/archive/v1.0.tar.gz | tar xz --strip 1 \
+        && make install \
+        && cd .. \
+        && rm -rf pam_pwdfile \
+    && apk del build-base \
+               curl \
+               linux-pam-dev \
+               tar \
    && passwd -l root \
    && adduser -D virtual \
    && rm -rf /var/cache/apk/*
--- a/vsftpd/README.md
+++ b/vsftpd/README.md
@ -14,12 +14,12 @@ It is secure and extremely fast. It is stable. Don't take my word for it, though
 ├── pam.d/
 │   └── vsftpd          => For Virutal User
 └── vsftpd/
-    ├── ftpusers        => For Virtual User
+    ├── passwd          => For Virtual User
    ├── vsftpd.conf
    └── vsftpd.pem      => For SSL
 ```

-## vsftpd.conf
+## vsftpd/vsftpd.conf

 ```bash
 # DEFAULT SETTINGS
@ -33,7 +33,7 @@ listen=YES
 local_enable=YES
 no_anon_password=YES
 pasv_addr_resolve=YES
-pasv_address=datageek.info
+pasv_address=my-ftp-server # <== PLEASE CHANGE THIS
 pasv_enable=YES
 pasv_max_port=30010
 pasv_min_port=30000
@ -60,6 +60,13 @@ xferlog_enable=YES

 > Please set `pasv_address` to your ftp server.

+## pam.d/vsftpd
+
+```
+auth required pam_pwdfile.so pwdfile=/etc/vsftpd/passwd
+account required pam_permit.so
+```
+
 ## docker-compose.yml

 ```yaml
@ -87,8 +94,9 @@ vsftpd:
 ```bash
 $ cd ~/fig/vsftpd/
 $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vsftpd/vsftpd.pem -out vsftpd/vsftpd.pem
-$ docker-compose up -d
+$ echo "username:$(openssl passwd -1 password)" >> vsftpd/passwd
 $ touch ./ftp/README.md
+$ docker-compose up -d
 $ docker exec -it vsftpd_vsftpd_1 sh
 >>>
 >>> adduser kev
@ -99,13 +107,14 @@ Password for kev changed by root
 >>>
 >>> adduser -D virtual
 >>> mkdir /home/virtual/tom
+>>> echo tom >> /etc/ftpusers
 >>> echo "tom's home" > /home/virtual/tom/README.md
 >>> chown -R virutal:virtual /home/virtual
 >>>
 >>> exit
 ```

-> I added a local user called `kev`, a virtual user called `tom` here.
+> I added a local user called `kev`, a virtual user called `tom` here.  
 > You can edit [/etc/vsftpd/vsftpd.conf][2] to enable more [functions][3].

 ## Client
@ -143,7 +152,7 @@ Only local user or virtual user can upload file.
 ```bash
 $ lftp
 lftp :~> set ssl:verify-certificate no
-lftp :~> open root@my-ftp-server
+lftp :~> open tom@my-ftp-server
 Password: ******
 lftp root@my-ftp-server:~> put README.md
 lftp root@my-ftp-server:~> ls
@ -154,3 +163,5 @@ lftp root@my-ftp-server:~> bye
 [1]: https://security.appspot.com/vsftpd.html
 [2]: http://vsftpd.beasts.org/vsftpd_conf.html
 [3]: https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon
+[4]: https://github.com/tiwe-de/libpam-pwdfile
+[5]: http://linux.die.net/man/8/pam_listfile
--- a/vsftpd/pam.d/vsftpd
+++ b/vsftpd/pam.d/vsftpd
@ -1,2 +1,2 @@
-auth required pam_listfile.so onerr=fail item=user sense=allow file=/etc/vsftpd/ftpusers
+auth required pam_pwdfile.so pwdfile=/etc/vsftpd/passwd
 account required pam_permit.so