I'm trying to set up a few vsftpd instances on a machine that I have no root access to. The authentication should be done through PAM with pam_listfile, like this:
pam_listfile.so item=group sense=allow file=/path/filename onerr=fail
I can ask the administrator to set up a PAM service for me and include that line but he is not willing to create 6 PAM services for my 6 vsftpd instances and I really need different /path/filename set for each vsftpd server.
Is there a way to solve this problem? Can I somehow not use absolute path as the parameter?
(I know the correct solution would be to use one vsftpd instance and set up virtual users properly. However unfortunately I have to work what I have and the users already exist in an Active Directory and are authenticated to the system using another PAM service.)
Your better answer may be to migrate away from vsftpd to proftpd, which can support the need for virtual users without PAM integration. In your /etc/proftpd.conf you'd include lines like:
The group.ftp file is just a standard group setup for 'ftp' and 'nobody', and your passwd file would assign the user:group the same for all entries. You'd just specifiy usernames, passwords and login directories (use /sbin/nologin for the shell). It takes all of 5 minutes to set up if your admin will get the groundwork in place for you, and allow you to own/edit the password file.
Well, unfortunately the answer is that it can't be done with vsftpd.
Rather than using a file, would it help at all to specify the group in the PAM file? In this way you may not need a number of flat files. (Depending on your intentions.)
How Can I Restrict FTP to a Particular Local Group?