vsftpd v-users and v-hosting

[durty_nacho]

Here is my goal - to make vsftpd allow several ftp domains (i.e. ftp.me.org; ftp.you.org, etc) to reside on one IP. I also need to allow virtual users. Basically I am good to go, only problem is when I login to the machine it automaticly places me in the home dir of the user that is specified in the vsftpd.conf file. From what vsftpd's site said, in order to user the v-hosting I need a seperate vsftpd.conf file for each domain, and I do. I also have a seperate file that lies within my xinetd.d directory, which xinetd references. The server starts fine and lets any of my v-users login, but places me in the home dir of my original user.

I have two users setup with two sites. Both sites reside on my internal IP for now, and it will be this way until the server is ready for deployment.


Here is my vsftpd.conf and /xinetd.d/vsftp files for user and domain#1


vsftpd.conf:

# Access rights
anonymous_enable=NO
local_enable=YES
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=NO
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
#one_process_model=YES
idle_session_timeout=300
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
chroot_local_user=YES
guest_enable=YES
guest_username=****

ftpd_banner=This is the **** site.

and for /xinetd.d/vsftp for user and domain#1

# default: on
# description:
# The vsftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
# vsftpd is designed to be secure.
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
# log_on_success += DURATION USERID
# log_on_failure += USERID
nice = 10
disable = no
}




Now for user and domain#2

vsftpd2.conf:

# Access rights
anonymous_enable=NO
local_enable=YES
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=NO
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
#one_process_model=YES
idle_session_timeout=300
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
chroot_local_user=YES
guest_enable=YES
guest_username=****

ftpd_banner=This is the ****site.

and for /xinetd.d/vsftpd2:

# default: on
# description:
# The vsftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
# vsftpd is designed to be secure.
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
# server_args =
# log_on_success += DURATION USERID
# log_on_failure += USERID
nice = 10
disable = no
bind =xxx.xxx.xxx.xxx
server_args = /etc/vsftpd2.conf
}

As I said, the server starts fine, and when I connect it automatically takes me to ftp domain#1, no matter what. Even though it does this, I can still login as user#2 into domain #1 which is weird. The server then places user#2 into user#1's home dir. What gives?

EDIT: When I added these users, I specified the adduser --home [DIR] switch, so they each have their own home directories, and should be jailed there based on the vsftpd.conf entries. I also have vsftpd.pam residing inside the pam.d dir, and referencing the logins.txt appropriatly. So logging in isn't a problem, the problem is the server knowing what to do with any user other than user#1.

I had the 'one_process_model' tag in my vsftpd.conf files specified at one time, but all it did was give me this error when I tried to access the server

500 OOPS: vsftpd: security: 'one_process_model' is anonymous only

So I removed it, not sure if this means anything or not.

[durty_nacho]

Ok, I got it working using virtual IP's. This is not a good solution, as my boss does not want to have to assign a diff IP for each ftp site. It kind of defeats the point of V-hosting, and it's a waste. Is there an alternative?

[winter]

Ok, I got it working using virtual IP's. This is not a good solution, as my boss does not want to have to assign a diff IP for each ftp site. It kind of defeats the point of V-hosting, and it's a waste. Is there an alternative?

what about a dns based virtual hosting