Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manually add a new FTP user to an existing container #53

Open
bguerout opened this issue May 13, 2020 · 5 comments
Open

Manually add a new FTP user to an existing container #53

bguerout opened this issue May 13, 2020 · 5 comments

Comments

@bguerout
Copy link

bguerout commented May 13, 2020
edited
Loading

Hello,

The documentation provides an example to manually add a new FTP user to an existing container

docker exec -i -t vsftpd bash
mkdir /home/vsftpd/myuser
echo -e "myuser\nmypass" >> /etc/vsftpd/virtual_users.txt
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db
exit
docker restart vsftpd

Nevertheless each time the container is restarted, virtual_users.txt is erased in run-vsftpd.sh so the new added user is deleted.

echo -e "${FTP_USER}\n${FTP_PASS}" > /etc/vsftpd/virtual_users.txt
/usr/bin/db_load -T -t hash -f /etc/vsftpd/virtual_users.txt /etc/vsftpd/virtual_users.db

May be I'm doing someting wrong.
@GodOfLamb
Copy link

This is my exact issue - would you happen to have found a resolution for this as i've spent hours on it and still not getting anywhere

@917huB
Copy link

917huB commented Nov 24, 2020

+1 for any clues please.

@phantom-artist
Copy link

phantom-artist commented Aug 19, 2021
edited
Loading

If anyone is still looking for a solution to this, I have a possibility but it involves changing quite a few of scripts and 'breaking' some of the original solution.

You can move the location of virtual_users.db to a different directory and mount it on the host using VOLUME so that the user db persists across container restarts. I also eliminated the creation of default FTP_USER and start with an empty user db, creating users manually as-needed.

I make no comment on the security of doing this. You could try adding crypt=crypt to the vsftpd_virtual?https://nasauber.de/blog/2020/howto-virtual-users-for-vsftpd/
And ensure the .db file is only readable by root user?

A number of modifications are required to the source configuration and script files to enable this, but at a high-level the steps are:

  1. vsftpd_virtual Shift the location of the virtual_users.db from /etc/vsftpd to /etc/vsftpd/db
  2. run-vsftpd.sh eliminate the creation of FTP_USER and FTP_PASS when the container starts. Also, eliminate the lines that load the virtual_users.txt - the goal is to have run-vsftpd.sh not create any users when it runs. You will add users manually after startup. Ensure all references to the db are updated to reflect the new path, and references to FTP_USER/FTP_PASS are removed.
  3. Dockerfile amend to create the /etc/vsftpd/db folder and VOLUME /etc/vsftpd/db, also copy in the addftpuser.sh script. Ensure all references to the db are updated to reflect the new path.
  4. Create a bespoke addftpuser.sh that is copied into the image that takes care of adding a user/password to virtual_users.db and creates the /home/vsftpd/user folder for the user using the techniques already described in the use-cases and existing scripts. Basically my script generates a password for the supplied user, writes it to a temp file using the username\n_password_ format, then loads that file into the db, then deletes the temp file. It then creates the /home/vsftpd/username folder if it doesn't exist.
  5. When you run the image, mount the /etc/vsftpd/db folder to a folder on the host, so the .db persists outside of the container lifecycle e.g. -v /path/on/host:/etc/vsftpd/db

With a running container you then do:
docker exec -ti container /bin/bash
addftpuser.sh username

Then you can start the container, create users as you need, and assuming you also mounted the /home/vsftpd volume too, if you stop/start the container, the user config persists. Also I didn't find the need to restart the container when a new user is added, authentication seems to work fine as soon as the user is added.

There is still an issue of duplicating config in vsftpd.conf each time you restart the same container, due to run-vsftpd.sh appending config using >> when it runs. I didn't fix this yet.

@DanAmel
Copy link

DanAmel commented Oct 11, 2021

If anyone is still looking for a solution to this, I have a possibility but it involves changing quite a few of scripts and 'breaking' some of the original solution.

You can move the location of virtual_users.db to a different directory and mount it on the host using VOLUME so that the user db persists across container restarts. I also eliminated the creation of default FTP_USER and start with an empty user db, creating users manually as-needed.

I make no comment on the security of doing this. You could try adding crypt=crypt to the vsftpd_virtual?https://nasauber.de/blog/2020/howto-virtual-users-for-vsftpd/ And ensure the .db file is only readable by root user?

A number of modifications are required to the source configuration and script files to enable this, but at a high-level the steps are:

  1. vsftpd_virtual Shift the location of the virtual_users.db from /etc/vsftpd to /etc/vsftpd/db
  2. run-vsftpd.sh eliminate the creation of FTP_USER and FTP_PASS when the container starts. Also, eliminate the lines that load the virtual_users.txt - the goal is to have run-vsftpd.sh not create any users when it runs. You will add users manually after startup. Ensure all references to the db are updated to reflect the new path, and references to FTP_USER/FTP_PASS are removed.
  3. Dockerfile amend to create the /etc/vsftpd/db folder and VOLUME /etc/vsftpd/db, also copy in the addftpuser.sh script. Ensure all references to the db are updated to reflect the new path.
  4. Create a bespoke addftpuser.sh that is copied into the image that takes care of adding a user/password to virtual_users.db and creates the /home/vsftpd/user folder for the user using the techniques already described in the use-cases and existing scripts. Basically my script generates a password for the supplied user, writes it to a temp file using the username\n_password_ format, then loads that file into the db, then deletes the temp file. It then creates the /home/vsftpd/username folder if it doesn't exist.
  5. When you run the image, mount the /etc/vsftpd/db folder to a folder on the host, so the .db persists outside of the container lifecycle e.g. -v /path/on/host:/etc/vsftpd/db

With a running container you then do: docker exec -ti container /bin/bash addftpuser.sh username

Then you can start the container, create users as you need, and assuming you also mounted the /home/vsftpd volume too, if you stop/start the container, the user config persists. Also I didn't find the need to restart the container when a new user is added, authentication seems to work fine as soon as the user is added.

There is still an issue of duplicating config in vsftpd.conf each time you restart the same container, due to run-vsftpd.sh appending config using >> when it runs. I didn't fix this yet.

Hello, can you share with me a sample of your addftpuser.sh file? Thanks

@phantom-artist
Copy link

phantom-artist commented Oct 12, 2021
edited
Loading

I've posted the complete solution here https://github.com/phantom-artist/vsftpd if you want details of the scripts etc.
Again, kudos to fauria for creating this great project, on which my solution is based!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bguerout @DanAmel @917huB @GodOfLamb @phantom-artist