I want to set up a VSFTP server in Ubuntu 22.04.4 with MySQL as a backend to store the users.
I've used this guide to set it up (it's for CentOS but except for the part on pam_mysql.so
it's the applicable to Ubuntu).
Here is my setup:
- /etc/vsftpd.conf
anonymous_enable=NO
pasv_addr_resolve=YES
pasv_address=ftp.company.com
pasv_min_port=40000
pasv_max_port=41000
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
#user_config_dir=/etc/vsftpd/vsftpd_user_conf
allow_writeable_chroot=YES
pasv_enable=YES
- /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_mysql.so user=vsftpd passwd=mypassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
account required pam_mysql.so user=vsftpd passwd=mypassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
- MySQL accounts table
mysql> select * from accounts;
+----+-----------------------------------+----------------------------------+
| id | username | pass |
+----+-----------------------------------+----------------------------------+
| 1 | [email protected] | [passwordhash] |
+----+-----------------------------------+----------------------------------+
1 row in set (0.00 sec)
On a local test server in virtualbox & all is working fine, however when I use the same configuration on the production server, I got this error upon connecting to the FTP server with winSCP:
OOPS: cannot read user list file:/etc/vsftpd.user_list
So apparently vsftp is not using the mysql connection to retrieve the users but is looking for a userlist file which is missing off course.
So far I've checked the following:
- Verified
libpam-mysql
& mysql-client is installed - Make sure I'm able to connect to mysql db using the vsftpd credentials
- Disabled iptables so this won't interfere with the connection to the database
But so far I haven't been able to solve this problem. The frustrating bit is that It's working on my virtualbox instance but I cannot see any difference between this instance & the production instance.
How can I troubleshoot the connection between vsftpd
& MySQL
please?
My production environment:
- Ubuntu 22.04.4
- MySQL 8.0.36
- vsftpd 3.0.5
- iptables v1.8.7
Upon further investigation I've noticed the following error in
/var/log/auth.log
I I've tought, vsftpd cannot connect to the mysql database. I think I've solved it by creating a new user:
vsftpd_user
& new databasevsftpd_db
and recreating the grants & tables for vsftpd. I did not have any further problems connecting vsftpd to mysql in this way so probably there was some confusion by using the same name for db/user.