Switch to custom PAM file for FTP

[chef.git] / cookbooks / ftp / recipes / default.rb

diff --git a/cookbooks/ftp/recipes/default.rb b/cookbooks/ftp/recipes/default.rb
index 58fc9c80b7d0f7114b3614489b417f5bbb281e26..53fc9423c9075ee235b0f67f84e5083a8bc86627 100644 (file)
--- a/cookbooks/ftp/recipes/default.rb
+++ b/cookbooks/ftp/recipes/default.rb
@@ -17,7 +17,10 @@
 # limitations under the License.
 #
 
-package "vsftpd"
+package %w[
+  vsftpd
+  libpam-pwdfile
+]
 
 template "/etc/vsftpd.conf" do
   source "vsftpd.conf.erb"
@@ -26,14 +29,22 @@ template "/etc/vsftpd.conf" do
   mode 0o644
 end
 
+template "/etc/pam.d/vsftpd" do
+  source "pam-vsftpd.erb"
+  owner "root"
+  group "root"
+  mode 0o644
+end
+
 service "vsftpd" do
-  action [:enable] # Do not start the service as config may be broken from failed chef run
+  action [:enable, :start]
   supports :status => true, :restart => true, :reload => true
   subscribes :restart, "template[/etc/vsftpd.conf]"
+  subscribes :restart, "template[/etc/pam.d/vsftpd]"
 end
 
 firewall_rule "accept-ftp-tcp" do
-  action :helper
+  action :accept
   source "net"
   dest "fw"
   proto "tcp"