vsftpd: local users are pam usersConsole user locked out - pam problems?Cannot get PHP PAM authentication to work530 Login incorrect - vsftpd w/SSL (Not using PAM?)Understanding PAM authentication procedure on FreeBSD with security/sssdVsftpd access over wanvsftpd freezes after failed pam_script authenticationlogin with active directory users on debian jessy not workingvsftpd for both local users and anonymous loginsVsftpd user authenticationvsftpd error 530 Login incorrect error occurs with valid credentials
Theorems that impeded progress
Can you really stack all of this on an Opportunity Attack?
meaning of に in 本当に?
What is a clear way to write a bar that has an extra beat?
How much RAM could one put in a typical 80386 setup?
Replacing matching entries in one column of a file by another column from a different file
Approximately how much travel time was saved by the opening of the Suez Canal in 1869?
Do infinite dimensional systems make sense?
Do I have a twin with permutated remainders?
Arrow those variables!
Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?
Why do I get two different answers for this counting problem?
Why is 150k or 200k jobs considered good when there's 300k+ births a month?
Why can't we play rap on piano?
"You are your self first supporter", a more proper way to say it
What's the output of a record needle playing an out-of-speed record
Why does Kotter return in Welcome Back Kotter?
Can I ask the recruiters in my resume to put the reason why I am rejected?
Perform and show arithmetic with LuaLaTeX
What does it mean to describe someone as a butt steak?
How old can references or sources in a thesis be?
What are these boxed doors outside store fronts in New York?
High voltage LED indicator 40-1000 VDC without additional power supply
What's that red-plus icon near a text?
vsftpd: local users are pam users
Console user locked out - pam problems?Cannot get PHP PAM authentication to work530 Login incorrect - vsftpd w/SSL (Not using PAM?)Understanding PAM authentication procedure on FreeBSD with security/sssdVsftpd access over wanvsftpd freezes after failed pam_script authenticationlogin with active directory users on debian jessy not workingvsftpd for both local users and anonymous loginsVsftpd user authenticationvsftpd error 530 Login incorrect error occurs with valid credentials
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm a bit confused about the difference regarding vsftpd configuration between local users and virtual users. From the point of view of vsftpd, it doesn't know if a user is a local user or a virtual user, isn't? vsftpd just connect to the PAM module set in pam_service_name, and if the credentials are correct according to PAM, the login is accepted.
So, why does vsftpd documentation makes a difference between them?
For instance, I have got a personalized PAM module that takes login credentials from a database that doesn't use system local (/etc/passwd) users, and consequently, I cannot log using any system account, even when local_enable is set to YES in my documentation.
This confusion is what makes me not fully understand the purpose of virtual_user_local_privs. Under which circunstances does vsftpd treats a logged user as local or virtual? Does PAM notifies it to vsftpd in some way or what? O is there something that I've completely misunderstood?
Are this configuration options, maybe, still present because of legacy reasons?
All of this confusion comes from vsftp not providing actual documentation, but just a reference.
permissions pam vsftpd
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
add a comment |
I'm a bit confused about the difference regarding vsftpd configuration between local users and virtual users. From the point of view of vsftpd, it doesn't know if a user is a local user or a virtual user, isn't? vsftpd just connect to the PAM module set in pam_service_name, and if the credentials are correct according to PAM, the login is accepted.
So, why does vsftpd documentation makes a difference between them?
For instance, I have got a personalized PAM module that takes login credentials from a database that doesn't use system local (/etc/passwd) users, and consequently, I cannot log using any system account, even when local_enable is set to YES in my documentation.
This confusion is what makes me not fully understand the purpose of virtual_user_local_privs. Under which circunstances does vsftpd treats a logged user as local or virtual? Does PAM notifies it to vsftpd in some way or what? O is there something that I've completely misunderstood?
Are this configuration options, maybe, still present because of legacy reasons?
All of this confusion comes from vsftp not providing actual documentation, but just a reference.
permissions pam vsftpd
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
add a comment |
I'm a bit confused about the difference regarding vsftpd configuration between local users and virtual users. From the point of view of vsftpd, it doesn't know if a user is a local user or a virtual user, isn't? vsftpd just connect to the PAM module set in pam_service_name, and if the credentials are correct according to PAM, the login is accepted.
So, why does vsftpd documentation makes a difference between them?
For instance, I have got a personalized PAM module that takes login credentials from a database that doesn't use system local (/etc/passwd) users, and consequently, I cannot log using any system account, even when local_enable is set to YES in my documentation.
This confusion is what makes me not fully understand the purpose of virtual_user_local_privs. Under which circunstances does vsftpd treats a logged user as local or virtual? Does PAM notifies it to vsftpd in some way or what? O is there something that I've completely misunderstood?
Are this configuration options, maybe, still present because of legacy reasons?
All of this confusion comes from vsftp not providing actual documentation, but just a reference.
permissions pam vsftpd
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
I'm a bit confused about the difference regarding vsftpd configuration between local users and virtual users. From the point of view of vsftpd, it doesn't know if a user is a local user or a virtual user, isn't? vsftpd just connect to the PAM module set in pam_service_name, and if the credentials are correct according to PAM, the login is accepted.
So, why does vsftpd documentation makes a difference between them?
For instance, I have got a personalized PAM module that takes login credentials from a database that doesn't use system local (/etc/passwd) users, and consequently, I cannot log using any system account, even when local_enable is set to YES in my documentation.
This confusion is what makes me not fully understand the purpose of virtual_user_local_privs. Under which circunstances does vsftpd treats a logged user as local or virtual? Does PAM notifies it to vsftpd in some way or what? O is there something that I've completely misunderstood?
Are this configuration options, maybe, still present because of legacy reasons?
All of this confusion comes from vsftp not providing actual documentation, but just a reference.
permissions pam vsftpd
permissions pam vsftpd
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
edited Mar 25 at 18:34
Peregring-lk
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
asked Mar 25 at 17:56
Peregring-lkPeregring-lk
294314
294314
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
It is all about the permissions.
All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.
The main difference between virtual and local users is that
local users own their home dirs
Virtual users by default have same as anonymous user permissions.
answered Mar 25 at 18:41
badbukabadbuka
11
add a comment |
The difference I was looking for is extracted from one of the vsftpd configuration examples in this forked github repo:
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above.
So local users are just any user that can be logged-in according to the configured PAM service, and virtual users are local (PAM) users that acts (after being logged-in) as a same actual local (/etc/passwd) user. I guess that you can change your guest_username on a per-user basis to identify "virtual ftp user groups".
When you personalize your PAM service to create non-system users (a custom list of usernames and passwords that doesn't exists in /etc/passwd), vsftpd cannot work properly since these users don't really exists in the system, so permissions cannot be checked when uploading or reading directories or files.
So you need a system user acting on behalf of them. That's where guest_enable comes into play: every logged user will act as guest_username, that must exists as /etc/passwd user.
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959895%2fvsftpd-local-users-are-pam-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
It is all about the permissions.
All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.
The main difference between virtual and local users is that
local users own their home dirs
Virtual users by default have same as anonymous user permissions.
answered Mar 25 at 18:41
badbukabadbuka
11
add a comment |
It is all about the permissions.
All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.
The main difference between virtual and local users is that
local users own their home dirs
Virtual users by default have same as anonymous user permissions.
answered Mar 25 at 18:41
badbukabadbuka
11
add a comment |
It is all about the permissions.
All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.
The main difference between virtual and local users is that
local users own their home dirs
Virtual users by default have same as anonymous user permissions.
answered Mar 25 at 18:41
badbukabadbuka
11
It is all about the permissions.
All files and directories in Linux have a standard set of access permissions. These access permissions control who can access what files, and provides a fundamental level of security to the files and directories in a system.
The main difference between virtual and local users is that
local users own their home dirs
Virtual users by default have same as anonymous user permissions.
answered Mar 25 at 18:41
badbukabadbuka
11
answered Mar 25 at 18:41
badbukabadbuka
11
answered Mar 25 at 18:41
badbukabadbuka
11
answered Mar 25 at 18:41
badbukabadbuka
11
11
add a comment |
add a comment |
The difference I was looking for is extracted from one of the vsftpd configuration examples in this forked github repo:
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above.
So local users are just any user that can be logged-in according to the configured PAM service, and virtual users are local (PAM) users that acts (after being logged-in) as a same actual local (/etc/passwd) user. I guess that you can change your guest_username on a per-user basis to identify "virtual ftp user groups".
When you personalize your PAM service to create non-system users (a custom list of usernames and passwords that doesn't exists in /etc/passwd), vsftpd cannot work properly since these users don't really exists in the system, so permissions cannot be checked when uploading or reading directories or files.
So you need a system user acting on behalf of them. That's where guest_enable comes into play: every logged user will act as guest_username, that must exists as /etc/passwd user.
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
add a comment |
The difference I was looking for is extracted from one of the vsftpd configuration examples in this forked github repo:
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above.
So local users are just any user that can be logged-in according to the configured PAM service, and virtual users are local (PAM) users that acts (after being logged-in) as a same actual local (/etc/passwd) user. I guess that you can change your guest_username on a per-user basis to identify "virtual ftp user groups".
When you personalize your PAM service to create non-system users (a custom list of usernames and passwords that doesn't exists in /etc/passwd), vsftpd cannot work properly since these users don't really exists in the system, so permissions cannot be checked when uploading or reading directories or files.
So you need a system user acting on behalf of them. That's where guest_enable comes into play: every logged user will act as guest_username, that must exists as /etc/passwd user.
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
add a comment |
The difference I was looking for is extracted from one of the vsftpd configuration examples in this forked github repo:
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above.
So local users are just any user that can be logged-in according to the configured PAM service, and virtual users are local (PAM) users that acts (after being logged-in) as a same actual local (/etc/passwd) user. I guess that you can change your guest_username on a per-user basis to identify "virtual ftp user groups".
When you personalize your PAM service to create non-system users (a custom list of usernames and passwords that doesn't exists in /etc/passwd), vsftpd cannot work properly since these users don't really exists in the system, so permissions cannot be checked when uploading or reading directories or files.
So you need a system user acting on behalf of them. That's where guest_enable comes into play: every logged user will act as guest_username, that must exists as /etc/passwd user.
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
The difference I was looking for is extracted from one of the vsftpd configuration examples in this forked github repo:
guest_enable=YES
guest_username=virtual
The guest_enable is very important - it activates virtual users! And
guest_username says that all virtual users are mapped to the real user
"virtual" that we set up above.
So local users are just any user that can be logged-in according to the configured PAM service, and virtual users are local (PAM) users that acts (after being logged-in) as a same actual local (/etc/passwd) user. I guess that you can change your guest_username on a per-user basis to identify "virtual ftp user groups".
When you personalize your PAM service to create non-system users (a custom list of usernames and passwords that doesn't exists in /etc/passwd), vsftpd cannot work properly since these users don't really exists in the system, so permissions cannot be checked when uploading or reading directories or files.
So you need a system user acting on behalf of them. That's where guest_enable comes into play: every logged user will act as guest_username, that must exists as /etc/passwd user.
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
answered Apr 3 at 1:02
Peregring-lkPeregring-lk
294314
294314
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f959895%2fvsftpd-local-users-are-pam-users%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
