[CentOS-docs] Update for HowTo: Chroot vsftpd with non-system users

Christopher Mills

chris at chrisam.net
Thu Sep 2 21:39:47 UTC 2010


Hi,

This update is for the HowTo at
http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users

Regarding two of the scripts provided: vsftpd_virtual_config.sh and
vsftpd_virtual_config_withTLS.sh:

The configuration additions it makes to PAM do not work on 64-bit
systems. In vsftpd_virtual_config.sh (Lines 55 & 56) and
vsftpd_virtual_config_withTLS.sh (Lines 123 & 124) should be changed
from:

auth    required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts
account required /lib/security/pam_userdb.so db=/etc/vsftpd/accounts

to

auth    required pam_userdb.so db=/etc/vsftpd/accounts
account required pam_userdb.so db=/etc/vsftpd/accounts

This will allow it to work on both 32 and 64 bit systems.

Additionally, the vsftpd_virtual_config.sh is incomplete. The
following should be added to vsftpd_virtual_config.sh after line 74:
printf ' Setting up SELinux Boolean (allow_ftpd_anon_write 1) ... '
/usr/sbin/setsebool -P allow_ftpd_anon_write 1
printf "Done.\n"

Currently, the script does not make the SELinux modifications and it
errors out with an unexpected EOF error.

Thanks,
ChrisAM



More information about the CentOS-docs mailing list