I am running the FTP daemon VSFTPD. I'd like to control FTP access by adding users to a group such that only members of the defined group can access the FTP services. I am thinking I can do this by modifying /etc/pam.d/vsftpd, but am not sure how to get started. Or is this only for virtual users in VSFTPD?
I am aware of user_list and this does not seem to support groups. This doesn't provide the function I am looking for which is described above. If I am mistaken though this would be great.
Figures. I got it sorted out after posting here. I was reading the The Linux-PAM System Administrators' Guide and found pam_succeed_if. There's an example which illustrates emulating pam_wheel.
I inserted this in
/etc/pam.d/vsftpdunder the last "auth required" line and tested it. Now you must be a user of the defined group to login to FTP. I also am removing the quiet flag as I would like to see authentication failures / successes in the logs.Aaron, if you mean controlling vsftpd in terms of start/stop, etc. you can easily create a group for it and assign the service to start within the groups' privilege. But on the other hand if you need to control access to directories on the server by clients, it should be done in the conf. file.