FS#61746 - [vsftpd] Explicit pam service is needed

Attached to Project: Community Packages
Opened by Christian Wolf (christianlupus) - Wednesday, 13 February 2019, 12:22 GMT
Last edited by Levente Polyak (anthraxx) - Thursday, 04 July 2019, 22:57 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 9
Private No

Details

Description:

Sine an update of pambase (https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/pambase&id=3552aba772e8bebbe754a4d01f2729e291dd2070) the pam `other` service is more restrictive. It does no longer allow access.
For the current default configuration of vsftpd there is no custom PAM configuration available. As a result no regular user can log into the FTP server anymore.

I think a reasonable default config file for PAM should be included in the vsftpd package. I added a patch how I solved the problem.

Additional info:
* pambase 20190105.1-1
* vsftpd 3.0.3-4

Steps to reproduce:
Simply connect to a preconfigured vsftpd using an existing local user. Type correct password. (I use xinetd for reference.)

One should be logged in and the ftp server should be usable.

In fact, the connection is directly lost. On the server xinetd gave the following error:
> pam_warn(ftp:auth): function=[pam_sm_authenticate] flags=0 service=[ftp] terminal=[ftp] user=[**User**] ruser=[**User**] rhost=[**IP**]
This task depends upon

Closed by  Levente Polyak (anthraxx)
Thursday, 04 July 2019, 22:57 GMT
Reason for closing:  Fixed
Additional comments about closing:  3.0.3-6
Comment by ValdikSS (ValdikSS) - Thursday, 14 February 2019, 18:24 GMT
Please increase the priority. The software used to work but now it's broken if you use local user authentication.
Comment by SATO Tatsuya (tattsan) - Thursday, 14 February 2019, 19:28 GMT
See also

 FS#61700  - [at] atd: Authentication failure

 FS#61704  - [xlockmore] needs a pam file

They were marked as High Severity, and fixed.
Comment by Eli Schwartz (eschwartz) - Sunday, 24 February 2019, 04:04 GMT
There appears to be a policy available in the release tarball at RedHat/vsftpd.pam so we should consider using that.
Comment by Armand (Kewl) - Saturday, 25 May 2019, 15:31 GMT
I confirm the policy file in the RedHat tarball mentioned by eschwartz + adding `pam_service_name=vsftpd` in the config fixes the problem for me
Comment by Armand (Kewl) - Thursday, 04 July 2019, 06:59 GMT
Fixed for me in testing, thanks Anthraxx for the outstanding support

Loading...