Experiment-----VSFTPD Virtual user based on MySQL authentication

First, install the required package and package group:

(1) Install the package on the database server:

CENTOS7: Installing on the database server

Yum-y Install Mariadb-server installation package

Systemctl Start mariadb Startup service

Systemctl enable mariadb set boot up

Mysql_secure_installation run security scripts, set root administrator and password

CENTOS6: Installing on the database server

Yum-y Install mysql-server installation package

Service Mysqld Start Services

Chkconfig mysqld on set boot up

Mysql_secure_installation run security scripts, set root administrator and password

(2) Install the VSFTPD and Pam_mysql packages on the FTP server:

Centos6:pam_mysql is provided by the EPEL6 source and can be installed directly

Yum Install vsftpd Pam_mysql

CENTOS7: no corresponding RPM package, manual compilation and installation required

①yum-y Groupinstall "Development Tools" Installation development Package Group

Yum-y Install Mariadb-devel Pam-devel VSFTPD Installing the necessary packages

② Download pam_mysql-0.7rc1.tar.gz

Unzip the tar xvf pam_mysql-0.7rc1.tar.gz

③ Compiling and installing Pam_mysql

CD pam_mysql-0.7rc1/

./configure--WITH-PAM=/USR--with-pam-mods-dir=/lib64/security

Make && make install

Ii. creating a System user on the FTP server

①useradd-d/app/ftpdir-r-M ftpuser Creating system users

②mkdir/app/ftpdir;chmod 555/app/ftpdir Remove the FTP root Write permission to log in

III. Create a virtual user account on the database server

1. Establish a Storage virtual user database (VSFTPD) and connected database users (Ftpuser)

①mysql-uroot-p123456 Landing Database

②mysql> CREATE DATABASE vsftpd; Create a database vsftpd

③ authorized user has query permission to database vsftpd:

The FTP service is not on the same host as MySQL:

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] ' 192.166.199.% ' identified by ' 123456 ';

FTP Service and MySQL on the same host:

Mysql> GRANT SELECT on vsftpd.* to [e-mail protected] identified by ' 123456 ';

2. Prepare related tables (ftpusers)

mysql> use VSFTPD;

Vsftpd> CREATE TABLE ftpusers (name char (), pass CHAR (50));

650) this.width=650; "src=" https://s5.51cto.com/oss/201710/26/62c00c4dace87d983ab960cd4abf0c24.jpg "style=" float: none; "title=" image 1.jpg "alt=" 62c00c4dace87d983ab960cd4abf0c24.jpg "/>

3. Add a virtual user

Add the required user as needed, and store the password for security should be encrypted using the password function

Mysql> INSERT into ftpusers values (' FTP1 ', password (' 123456 ')); Add FTP1 User

Mysql> INSERT into ftpusers values (' FTP2 ', password (' 123456 ')); Add FTP2 User

Mysql> SELECT * from Ftpusers; Viewing the table FTPusers, you can see that two users have added

650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/26/a7336c742c8e06df11bbcccf1c325341.jpg "title=" Picture 2.jpg "style=" Float:none; "alt=" a7336c742c8e06df11bbcccf1c325341.jpg "/>

Iv. Configuring the VSFTPD service on the FTP server

1. Establish the required files on the FTP server for PAM authentication

Vim/etc/pam.d/vsftpd.mysql

Add the following two lines

Auth Required pam_mysql.so user=ftpuser passwd=123456 host=192.168.199.134 db=vsftpd table=ftpusers usercolumn=name Passwdcolumn=pass crypt=2

Account Required pam_mysql.so user=ftpuser passwd=123456 host=192.168.199.134 db=vsftpd table=ftpusers usercolumn=name Passwdcolumn=pass crypt=2

Field Description:

Auth means certification

account password is verified for normal use

Required that certification is going through

The pam_mysql.so module is the default relative path, and the absolute path can be written relative to the/lib64/security/path, followed by the parameters passed to the module

User=ftpuser users who log in to MySQL

passwd=123456 password to log in to MySQL

Host=mysqlserver the host name or IP address of the MySQL server

DB=VSFTPD specifying the database name of the connection MSYQL

Table=ftpusers specifying table names in the connected database

Usercolumn=name field as user name

Passwdcolumn=password as User name field password

Crypt is encryption, 0 means no encryption, 1 for Crypt (3) encryption, 2 for using the MySQL password () function encryption, 3 for MD5 encryption, and 4 for SHA1 encryption. Note: Refer to the Readme document and choose the correct encryption method

2, modify the VSFTPD configuration file to adapt to the MySQL certification

vim/etc/vsftpd/vsftpd.conf  

Make sure that the following options are enabled:

Anonymous_enable=yes

Add the following:

Guest_enable=yes

Guest_username=ftpuser

User_config_dir=/etc/vsftpd/conf.d/as a separate profile path for each user, the following creates

Modify the following item, the original system user cannot log in:

Pam_service_name=vsftpd.mysql

V. Launch of VSFTPD Service

Centos6:service vsftpd Start

Centos7:systemctl Start VSFTPD

Viewing port opening conditions

Ss-ntlp|grep 21

650) this.width=650; "src=" Https://s1.51cto.com/oss/201710/26/ac8b9a2c17202584b1e1b8a2dd3727d7.jpg "title=" Picture 3.jpg "style=" Float:none; "alt=" ac8b9a2c17202584b1e1b8a2dd3727d7.jpg "/>

Vi. Configuring virtual users on an FTP server has different access rights

Description: VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access, with the profile name of each virtual user and the user name of the virtual user. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.

Create the required directory and provide the configuration file for the virtual user

1. Create directory: mkdir/etc/vsftpd/conf.d/the directory where the virtual user profile resides

2. Provide configuration files for FTP1

①VIM/ETC/VSFTPD/CONF.D/FTP1 editing the FTP1 configuration file

Anon_upload_enable=yes Allow uploads

②mkdir/app/ftpdir/upload Create subdirectories so that FTP1 can upload files in that directory

③setfacl-m u:ftpuser:rwx/app/ftpdir/upload gives FTP1 rwx permissions on the directory

FTP1 User Implementation effect: FTP1 User Login will be able to enter the upload inside upload files

3. provide configuration files for FTP2

①VIM/ETC/VSFTPD/CONF.D/FTP2

LOCAL_ROOT=/APP/FTPDIR2 Login directory changed to the specified directory (/app/ftpdir2)

② mkdir/app/ftpdir2;chmod 555/APP/FTPDIR2 Login root directory cannot have W permission

③Touch/app/ftpdir2/hello

FTP2 User Implementation effect: FTP2 user login can use LS to see the hello file

4. Restart VSFTPD Service

Systemctl Restart VSFTPD

Seven, the test is as follows:

650) this.width=650; "src=" Https://s2.51cto.com/oss/201710/26/700add717aea445db84d1bd74529b1bc.jpg "title=" Picture 4.jpg "style=" Float:none; "alt=" 700add717aea445db84d1bd74529b1bc.jpg "/>

650) this.width=650; "src=" Https://s4.51cto.com/oss/201710/26/f239c4426bdce560a50bf343c5a33653.jpg "title=" Picture 5.jpg "style=" Float:none; "alt=" f239c4426bdce560a50bf343c5a33653.jpg "/>

Thank you for browsing, if there are different views, welcome message.

650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0080.gif "alt=" J_0080.gif "/>

Experiment-----VSFTPD Virtual user based on MySQL authentication