# emerge -u world broke VSFTPd (Urgent!)

## zeroclip

Hi. 

I did a emerge sync && emerge -u world today. and vsftpd stopped working. When i do a connect to the site i get this:

 *Quote:*   

> 
> 
> ---> FEAT
> 
> <--- 211-Features:
> ...

 

Wait! there is more! without SSL i get this:

 *Quote:*   

> 
> 
> ---> FEAT
> 
> <--- 211-Features:
> ...

 

Please tell me what i did! I've never seen the second error before. The First one is only a minor problem as most of my users do not use SSL. 

Thanks!

----------

## zeroclip

Hi again. 

The problem is somehow releated to pam and pam_userdb.so. If i use system-auth instead of userdb it works fine. But i don't want all those virtual users in my local passwd. Please advise.

----------

## Jylppy

Hello, I have the same problem. pam-0.78 update broke vsftpd virtual users' login. No solution found yet. 

-J

----------

## Norick

I have same problem... Has anybody found solution yet?

Thanks

----------

## bratwurst

Tried to

```

emerge unmerge db

emerge pam (installed db 4.2)

emerge db

```

Problem remains....

It's hard to debug, too since the logs don't really help

Tried to google...not much help

Anyone ???

----------

## Jazz

ok same problem here.. any ideas ?

thanx

----------

## fdamstra

 *Jazz wrote:*   

> ok same problem here.. any ideas ?
> 
> thanx

 

This hasn't been resolved?  Eek... Ran into this problem today.  All my virtual users are broken.

Does anybody know the cause?

Update:

I found this bug, and apparently people have been running into this for quite some time, though I'm still not sure what causes it.  I followed the "solution" in comment 16, then unmerged db, and reemerged the specific versions of db and pam that the author had, and it is working again. 

However, I'm not very happy running an outdated version of PAM.  Does anybody have a fix for the newer versions?

----------

## svf

heya...

im using the /etc/pam.d/vsftpd from the vsftpd-2.0.2 package and it works 

i dont use virtual users.. but ran actually into the same ssl prob

```
cat /etc/pam.d/vsftpd

#%PAM-1.0

# $Header: /var/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.pam,v 1.5 2005/06/07 23:04:57 uberlord Exp $

auth     required   pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

auth     required   pam_stack.so service=system-auth

auth     required   pam_shells.so

account  required   pam_stack.so service=system-auth

session  required   pam_stack.so service=system-auth
```

hth

----------

## bdismay

Not sure if this will help anyone, but I had troubles connecting to vsftpd after upgrading baselayout this morning.  I do not use virtual users, but had set up system accounts for each user.  Each user account had been specified the shell /bin/false.  After upgrading baselayout the /etc/shells file was overwritten with a new one that did not have /bin/false as a valid shell.  Adding /bin/false to /etc/shells fixed my problems.

----------

## Raffi

I've tried various things to fix this problem, but I can't seem to get virtual users working again.

Has anyone gotten virtual users working with vsftpd-2.0.3-r1 and pam-0.78-r2?

----------

## UberLord

 *Raffi wrote:*   

> Has anyone gotten virtual users working with vsftpd-2.0.3-r1 and pam-0.78-r2?

 

I'm the new maintainer for vsftpd and I opened the original bug. It's not a vsftpd problem, but  a pam problem.

I do use virtual users, but they are LDAP and not db. Basically.any virtual that is not pam_userdb based works  :Smile: 

----------

## Raffi

Good to know. So any change the userdb stuff will get fixed soon? Barring that, any chance there is a howto for other types of virtual users?

Thanks.

----------

## UberLord

 *Raffi wrote:*   

> Good to know. So any change the userdb stuff will get fixed soon?

 

Soon? Probably not.

If you're using nptl,disabling it may help.

 *Quote:*   

>  Barring that, any chance there is a howto for other types of virtual users?

 

What kinda of backend do you want

LDAP? Postgres? MySQL? something else?

Basically, take your pick. Most daemons - including vsftpd - have PAM support - and PAM works with LDAP, Postgres, etc etc - just not userdb files. Heh

----------

## Raffi

The ftp server has mysql in use and has postgres available. Either of those would work for me.

----------

## traal

Hi,

I had the exact same problem, with vsftpd complaining about "priv_sock_get_result" due to the PAM problem.  After googling for a bit, and reading the PAM documentation, I figured out how the pam_pwdfile.so module can also be used for virtual users.  It uses a file in the same format as Apache's .htpasswd files, with lines of "username:password_crypt", so it's very simple to maintain, compared to cumbersome Berkeley DB files.   :Smile: 

Right now, pam_pwdfile is masked, so:

```
echo sys-auth/pam_pwdfile >> /etc/portage/package.keywords

emerge -tva pam_pwdfile
```

Previously, vsftpd used the file /etc/pam.d/vsftpd, but that changed, so nowadays it uses /etc/pam.d/ftp by default.  If you want the old behaviour (I did!), you need to update your vsftpd.conf:

```
echo pam_service_name=vsftpd >> /etc/vsftpd/vsftpd.conf
```

Next, you need to change your /etc/pam.d/vsftpd file.  Notice that the "account" facility is not available from pam_pwdfile.so, so just use the regular pam_permit.so to let any account in, provided that they know their password.  (The account facility is intended for temporarily disabling accounts, among other things.)  Change your /etc/pam.d/vsftpd to look like this:

```
auth    required pam_pwdfile.so pwdfile /etc/vsftpd/passwd_ftp

account required pam_permit.so
```

Now, all you need to do is simply to put lines of the form "username:password_crypt" into the /etc/vsftpd/passwd_ftp file!

I came up with a short Perl script to create md5 password hashes.  Put this into /etc/vsftpd/filter.pl:

```
#! /usr/bin/perl -w

use strict;

# filter "user:cleartext" lines into "user:md5_crypted"

# probably requires glibc

while (<>) {

    chomp;

    (my $user, my $pass) = split /:/, $_, 2;

    my $crypt = crypt $pass, '$1$' . gensalt(8);

    print "$user:$crypt\n";

}

sub gensalt {

    my $count = shift;

    my @salt = ('.', '/', 0 .. 9, 'A' .. 'Z', 'a' .. 'z');

    my $s;

    $s .= $salt[rand @salt] for (1 .. $count);

    return $s;

}

```

Remember to:

```
chmod +x /etc/vsftpd/filter.pl
```

Now, try something like:

```
cd /etc/vsftpd

touch cleartext

chmod go= cleartext

echo john:secret >> cleartext

./filter cleartext > passwd_ftp
```

...And that's it!  Suddenly john can log in with the password "secret".  If you want to simplify this even further, create a Makefile.  Remember that the indented lines in a Makefile must be tab characters, not eight spaces!

```
# /etc/vsftpd/Makefile

passwd_ftp: cleartext

        touch $@

        chmod 600 $@

        ./filter.pl $< >$@
```

This way, if you want to update your virtual users, simply:

```
cd /etc/vsftpd

vi cleartext

make
```

Hope this was helpful.   :Smile: 

----------

## Raffi

Very helpful, thanks. I will give it a try as soon as I get back from vacation.

----------

## codine

Worked for me thank you much!

----------

## b.walla

Thanks traal, you rock hard.

----------

## stevodestructo

 *traal wrote:*   

> Hi,
> 
> Hope this was helpful.  

 

Thanks bunches man... this did the trick  :Smile: 

----------

## Jylppy

 :Very Happy: 

----------

## poco

Thanks  :Smile: 

----------

## fdamstra

Well, this pam_userdb problem has been troubling me for months and months.  Converting to a different auth mechanism wasn't (isn't) a very good option for me as there's a management system built around the current system.

Anyhow, the solution is actually easy.  In your /etc/pam.d/vsftpd or /etc/pam.d/ftp (whichever you use), add "crypt=hash" to the end of the auth and account lines.  For instance, mine looks like this:

```

auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd.passwd crypt=hash

account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd.passwd crypt=hash

```

Hope that helps somebody out.

----------

## Saibei

This looks to be exactly what I wish to do!

However, I can't for the life of me get it to work... can someone post an example vsftpd.conf?

----------

