FS#61746 : [vsftpd] Explicit pam service is needed

FS#61746 - [vsftpd] Explicit pam service is needed

Attached to Project: Community Packages
Opened by Christian Wolf (christianlupus) - Wednesday, 13 February 2019, 12:22 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 04 July 2019, 22:57 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	9 Olaf the Lost Viking (OlafLostViking) (2019-03-23) cgarz (cgarz) (2019-03-15) Christoph Fink (peippo) (2019-03-12) Peter F (peterfab9845) (2019-03-10) Aleksei (nesk_bugs) (2019-03-03) AMM (amish) (2019-02-25) Abdulla Al-Ali (madmack) (2019-02-17) Alec Trevelian (Trevelian) (2019-02-17) ValdikSS (ValdikSS) (2019-02-14)
Private	No

Details

Description:

Sine an update of pambase (https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pambase&id=3552aba772e8bebbe754a4d01f2729e291dd2070) the pam `other` service is more restrictive. It does no longer allow access.
For the current default configuration of vsftpd there is no custom PAM configuration available. As a result no regular user can log into the FTP server anymore.

I think a reasonable default config file for PAM should be included in the vsftpd package. I added a patch how I solved the problem.

Additional info:
* pambase 20190105.1-1
* vsftpd 3.0.3-4

Steps to reproduce:
Simply connect to a preconfigured vsftpd using an existing local user. Type correct password. (I use xinetd for reference.)

One should be logged in and the ftp server should be usable.

In fact, the connection is directly lost. On the server xinetd gave the following error:
> pam_warn(ftp:auth): function=[pam_sm_authenticate] flags=0 service=[ftp] terminal=[ftp] user=[**User**] ruser=[**User**] rhost=[**IP**]

vsftpd.patch (0.6 KiB)

This task depends upon

Closed by Levente Polyak (anthraxx)
Thursday, 04 July 2019, 22:57 GMT
Reason for closing: Fixed
Additional comments about closing: 3.0.3-6

Comment by ValdikSS (ValdikSS) - Thursday, 14 February 2019, 18:24 GMT

Please increase the priority. The software used to work but now it's broken if you use local user authentication.

Comment by SATO Tatsuya (tattsan) - Thursday, 14 February 2019, 19:28 GMT

See also

~~FS#61700~~ - [at] atd: Authentication failure

~~FS#61704~~ - [xlockmore] needs a pam file

They were marked as High Severity, and fixed.

Comment by Eli Schwartz (eschwartz) - Sunday, 24 February 2019, 04:04 GMT

There appears to be a policy available in the release tarball at RedHat/vsftpd.pam so we should consider using that.

Comment by Armand (Kewl) - Saturday, 25 May 2019, 15:31 GMT

I confirm the policy file in the RedHat tarball mentioned by eschwartz + adding `pam_service_name=vsftpd` in the config fixes the problem for me

Comment by Armand (Kewl) - Thursday, 04 July 2019, 06:59 GMT

Fixed for me in testing, thanks Anthraxx for the outstanding support

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#61787 - [pambase] vsftpd local user rejected~~

Arch Linux

FS#61746 - [vsftpd] Explicit pam service is needed

Details

Loading...