X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/c4beec9b0d992e5aebe03cf6d5b7de3b66ecb0b1..f65e6e5bdfdab789a385847963b9c1ffa799a6e3:/cookbooks/ftp/recipes/default.rb diff --git a/cookbooks/ftp/recipes/default.rb b/cookbooks/ftp/recipes/default.rb index 21153f4c4..28d69a751 100644 --- a/cookbooks/ftp/recipes/default.rb +++ b/cookbooks/ftp/recipes/default.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: FTP +# Cookbook:: FTP # Recipe:: default # -# Copyright 2018, OpenStreetMap Foundation +# Copyright:: 2018, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,19 +17,30 @@ # limitations under the License. # -package "vsftpd" +package %w[ + vsftpd + libpam-pwdfile +] template "/etc/vsftpd.conf" do source "vsftpd.conf.erb" owner "root" group "root" - mode 0o644 + mode "644" +end + +template "/etc/pam.d/vsftpd" do + source "pam-vsftpd.erb" + owner "root" + group "root" + mode "644" end service "vsftpd" do - action [:enable] # Do not start the service as config may be broken from failed chef run + action [:enable, :start] supports :status => true, :restart => true, :reload => true subscribes :restart, "template[/etc/vsftpd.conf]" + subscribes :restart, "template[/etc/pam.d/vsftpd]" end firewall_rule "accept-ftp-tcp" do @@ -39,4 +50,5 @@ firewall_rule "accept-ftp-tcp" do proto "tcp" dest_ports "ftp" source_ports "-" + helper "ftp" end