Install Vsftpd+pam+mysql to implement the virtual user authentication function

Install Vsftpd+pam+mysql to implement the virtual user identity authentication function

Note: Here VSFTPD directly installed using the Yum-y install VSFTPD, MySQL is installed using the common binary format, the version used is mysql-5.5.28. The installation steps are no longer covered here, as described in detail earlier. Since VSFTPD needs to use the PAM module to retrieve the username and password from the MySQL database, there is also a need to install the Pam-mysql module in order to implement the authentication function of the username and password in Pam to MySQL.

First, the installation of the necessary procedures

1, install the development environment and MySQL database beforehand;

# yum-y Install Mysql-server Mysql-devel
# yum-y Groupinstall "Development Tools" "Development Libraries"

2. Installing PAM_MYSQL-0.7RC1

# tar ZXVF pam_mysql-0.7rc1.tar.gz
# CD PAM_MYSQL-0.7RC1
#./configure--with-mysql=/usr--with-openssl
# make
# make Install

3. Installing VSFTPD

# yum-y Install VSFTPD
#cp/usr/lib/security/pam_mysql.so/lib/security/

#这个共享库在后面的pam文件中要用到, be sure to ensure that its path is correct

Second, create a virtual user account

1. Prepare the database and related tables

First, make sure that the MySQL service is up and running. Then, create the database that stores the virtual users as needed, which is created as a VSFTPD database.

mysql> CREATE DATABASE vsftpd;

mysql> CREATE DATABASE vsftpd;

Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' FTP ';
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' FTP ';
mysql> flush Privileges;

#这里用户vsftpd用处在于将来到mysql数据库中检索时mysql这个进程的属主以vsftpd来进行

mysql> use VSFTPD;
Mysql> CREATE TABLE Users (
-ID int auto_increment not NULL,
, name char (a) binary not NULL,
Password char () binary not NULL,
-primary key (ID)
);

2. Adding a Test virtual user

To add the required users as needed, it should be explained that the password is stored in plaintext format, because the pam_mysql password () function and the MySQL password () function may be different.

mysql> INSERT into users (Name,password) VALUES (' Tom ', ' XSL ');
mysql> INSERT into users (Name,password) VALUES (' Boy ', ' xsl ');

Third, configuration vsftpd

1. Establish the required files for PAM Certification

#vi/etc/pam.d/vsftpd.mysql
Add the following two lines
Auth required/lib/security/pam_mysql.so user=vsftpd passwd=ftp host=localhost db=vsftpd table=users usercolumn=name Passwdcolumn=password crypt=0
Account required/lib/security/pam_mysql.so user=vsftpd passwd=ftp host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0

2. Modify the VSFTPD configuration file to adapt it to MySQL authentication

Establish a virtual user mapping of the system users and corresponding directories
#useradd-S/sbin/nologin-d/var/ftproot VUser
#chmod Go+rx/var/ftproot

Make sure that the following options are enabled in/etc/vsftpd.conf
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Chroot_local_user=yes

Then add the following options
Guest_enable=yes
Guest_username=vuser

And make sure that the value of the Pam_service_name option is as follows
Pam_service_name=vsftpd.mysql

#这个文件名称一定要与上面所建立的pam文件名称相同

Iv. Start VSFTPD Service

# service VSFTPD Start
# Chkconfig VSFTPD on

Using the virtual user login, positive configuration results, the following is the local command mode test, you can also use the other win box with IE or FTP client tool login
# FTP localhost

If you log in using a command, for example with my computer, if

[[Email protected] ~]# FTP 192.168.0.104
Connected to 192.168.0.104.
(VsFTPd 2.0.5)
530 Login with USER and PASS.
530 Login with USER and PASS.
Kerberos_v4 rejected as an authentication type
Name (192.168.0.104:root): Tom
331 Specify the password.
Password:
530 Login incorrect.
Login failed.
Ftp>

If this is your word, please check the log information and use the Tail/var/log/secure command

OCT 15:41:42 localhost vsftpd:pam_mysql-mysql error (Can ' t connect to local MySQL server through socket '/var/lib/my Sql/mysql.sock ' (2))
OCT 15:43:02 localhost vsftpd:pam_mysql-mysql error (Can ' t connect to local MySQL server through socket '/var/lib/my Sql/mysql.sock ' (2))

If such a typeface appears, the Pam-mysql module is unable to establish a connection through MySQL's socket domain mysql.

Workaround: Modify/ETC/MY.CNF

Modify the path of the socket within the [mysqld] container, for example

Socket =/var/lib/mysql/mysql.sock

I previously placed it under the/tmp/directory, so I couldn't establish a link. After the modification is complete, you can log in normally.

V. Configure virtual users to have different access rights

VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure VSFTPD to use the profile directory for virtual users

# Vim Vsftpd.conf
Add the following options
User_config_dir=/etc/vsftpd/vusers_dir

2. Create the required directory and provide the configuration file for the virtual user

# mkdir/etc/vsftpd/vusers_dir/
# cd/etc/vsftpd/vusers_dir/
# Touch Tom Boy

3. Configure access rights for virtual users

The virtual user's access to the VSFTPD service is done through the instructions of the anonymous user. For example, if you need to let Tom users have permission to upload files, you can modify the/etc/vsftpd/vusers/tom file, add the following options.
Anon_upload_enable=yes

Such a completed certification framework is complete.

This article is from the "Linux Learning path" blog, so be sure to keep this source http://xslwahaha.blog.51cto.com/4738972/1565679

Install Vsftpd+pam+mysql to implement the virtual user authentication function