vsftpd - PAM - MySQL and pam_mkhomedir to create directories

Solution 1:

The short answer is you are mixing system and service credentials, and shouldn't (can't ?) use pam_mkhomedir with virtual users in vsftpd.

pam_mkhomedir is for creation of user local directories and assumes the user is defined in the system. Virtual users in vsftpd are not system users (by design) and as such have no privileges outside of the vsftpd service (the system has no knowledge of those users). Using PAM for authentication is only handing off the validation of user credentials (user name + password ==> OK). This can be confusing when using virtual users, as vsftpd can also be configured to use system users with PAM.

When you are creating the home directory for a virtual user, you must make the vsftpd service account/group the owner of the folder, and place the "virtual home directory" within the vsftpd service path, with appropriate perms for the vsftpd service. I'm not sure what problem you are trying to solve, but as you are chroot-ing the user session, I'm assuming you are trying to create some isolation between users. Since you must create the virtual user in your user database for them to log in, why not generate the home directory at the same time? I have done this using a script for user add/change/delete to keep the virtual user database and vsftpd user virtual home folders consistent. YMMV.

Just remember, with virtual users, you are only working within vsftpd, and not the system.