Lab environment: Two hosts required
1. One MARIADB server
2. An FTP server
First, MARIADB server
1. Install MARIADB Package
Yum Install Mariadb-devel
2. Run the security script
Mysql_secure_installation
3. Create a Database
Mysql-uroot-p
>create database vsftpd;
>use vsftpd
>create table Ftpusers (name char (+), pass char (50)); (CREATE TABLE)
>insert ftpusers values (' FTP1 ', password (' CentOS ')), (' FTP2 ', password (' magedu ')); (Add table content)
>grant Select on Vsftpd.ftpusers to ' ftp ' @ ' 172.17.166.166 ' identified by ' CentOS '; (for [email protected] authorization)
Second, the FTP server
1. Install the package group and the required package
Yum Groupinstall "Development tools"
Yum Install Mysql-devel Pam-devel
2. Compile and install Pam_mysql-0.7rc1.tar.gz
Tar xvf pam_mysql-0.7rc1.tar.gz
CD PAM_MYSQL-0.7RC1
./configure--with-pam-mods-dir=/lib64/security--with-pam=/usr
Make && make install
3. Create user
Useradd-d/app/ftpdir-r-M ftpuser (Create a system user so that all user access is directed to Ftpuser)
4. Write the module configuration file
Vim/etc/pam.d/vsftpd.mysql
Auth Required pam_mysql.so user=ftp passwd=centos host=172.17.177.177 db=vsftpd table=ftpusers usercolumn=name Passwdcolumn=pass crypt=2
Account Required pam_mysql.so user=ftp passwd=centos host=172.17.177.177 db=vsftpd table=ftpusers usercolumn=name Passwdcolumn=pass crypt=2
These options are:
Auth means certification
account password is verified for normal use
required that certification is going through
The pam_mysql.so module is the default relative path, and the absolute path can be written relative to the/lib64/security/path, followed by the parameters passed to the module
user=vsftpd for users who log in to MySQL
passwd=magedu Password to log in to MySQL
Host=mysqlserver the host name or IP address of the MySQL server
db=vsftpd specifying the database name of the connection MSYQL
table=users specifying table names in the connected database
usercolumn=name field as user name
Passwdcolumn=password as User name field password
crypt=2 Password encryption method for MySQL password () function encryption
5. Change the FTP configuration file
Vim/etc/vsftpd/vsftpd.conf
Pam_service_name=vsftpd.mysql modification
And then add the following line
Guest_enable=yes (turn on the specified user option)
Guest_username=ftpuser (Specify user)
user_config_dir=/etc/vsftpd/conf.d/(Specify directory to make each virtual user's permissions different)
6. Create a Directory
mkdir/etc/vsftpd/conf.d/
cd/etc/vsftpd/conf.d/
Vim/etc/vsftpd/conf.d/ftp1
Anon_upload_enable=yes (allow FTP1 to upload files)
Vim/etc/vsftpd/conf.d/ftp2
LOCAL_ROOT=/APP/FTPDIR2 (the root file for the specified FTP2 is/APP/FTPDIR2)
7. Set permissions
Cd/app
chmod 555/app/ftpdir/(root directory cannot have write permission)
Mkdir/app/ftpdir/upload
Chown Ftpuser/app/ftpdir/upload
Mkdir/app/ftpdir2
chmod 555/app/ftpdir2
Third, the test is successful
Login Test with FTP1
650) this.width=650; "src=" https://s2.51cto.com/oss/201710/28/736dbfe54a41881947ecdaec0a918e29.jpg "title=" 1.jpg " alt= "736dbfe54a41881947ecdaec0a918e29.jpg"/> When you see this status, prove that the FTP1 test was successful
Login Test with FTP2
650) this.width=650; "src=" https://s1.51cto.com/oss/201710/28/acb22997ee58577bf1ded638925c3e80.jpg "title=" 2.jpg " alt= "Acb22997ee58577bf1ded638925c3e80.jpg"/>
When you see this state, it's no problem to prove FTP2. Well, congratulations, you've successfully built a MySQL-based ftp!!!!.
Create a MySQL-based FTP virtual user