Linux FTP and FTPS and FTP based on MySQL virtual user authentication server Building
1.FTP protocol: With command and data connection two kinds
command connection, control connection: 21/TCP
Data connection: Active mode, running on 20/TCP port and passive mode, running on random port
Data transfer Mode (AUTO mode): Binary (mp3,jpg, etc.) and text (HTML) two modes of transmission
FTP Server-side program: WU-FTPD:VSFTPD pureftpd Filezilla serv-u
FTP client program: CLI text mode command: FTP lftp
GUI graphical interface software: gftpd FlashFXP cuteftp Filezilla
VSFTPD: Named very Secure FTP Daemon proftpd
/ETC/VSFTPD: Configuration file directory
/ETC/INIT.D/VSFTPD: Service Script
/USR/SBIN/VSFTPD: Main program
/VAR/FTP:FTP Service and user's root directory or home directory, also anonymous user access directory
User authentication based on Pam:
/etc/pam.d/*: Certification Program Location
/LIB/SECURITY/*: Certification Program Module location
can support virtual users
ftp: System users, with the following three types of users
Anonymous User: Anonymous
System User: Local System User
Virtual users: Need to map to system users
FTP File Service permissions: Includes system file directory permissions and configuration file authorization, take intersection permissions
Secure Communication mode: Clear text and ciphertext two, as follows:
ftp: Clear Text
FTPS:FTP+SSL/TLS, ciphertext
Sftp:openssh, SubSystem, SFTP (SSH), ciphertext
2. Configure vsftpd.conf File
Installing the VSFTPD Server Software
Yum Install vsftpd
Edit Configuration vsftpd.conf File
Vim/etc/vsftpd/vsftpd.conf
The contents of the configuration file are as follows:
Anonymous_enable=yes #开启匿名用户访问
Local_enable=yes #开启本地用户访问
Write_enable=yes #开启本地用户上传权限
Anon_upload_enable=yes #开启匿名用户上传权限
#anon_mkdir_write_enable =yes #开启匿名用户创建目录权限
#anon_other_write_enable =yes #开启匿名用户其他权限, such as Create, delete files and other permissions
#dirmessage_enable =yes #如在共享目录创建. Messages hide files and add prompts to log in user prompts
#xferlog_enable =yes #开启日志功能
Connect_from_port_20=yes #命令连接20/tcp Port Open
#chown_uploads =yes #开启修改上传用户的属主功能
#chown_username =whoever #改变上传用户属主是谁
#xferlog_file =/var/log/xferlog #对应上面的日志开启功能, log file path location
Xferlog_std_format=yes #日志文件格式
#idle_session_timeout =600 #ftp命令连接时最大空闲连接时间
#data_connection_timeout =120 #ftp数据连接最大传输时间
#ftpd_banner =welcome to blah FTP service. #ftp用户连接服务器提示语
#chroot_list_enable =yes #开启锁定用户家目录 to prevent users from entering other directories in the system
#chroot_list_file =/etc/vsftpd/chroot_list #此文件下的ftp用户才会被锁定在家具录
#chroot_local_user =yes #开启本地系统用户全部开启chroot机制
Listen=yes #独立守护进程, vsftpd can be changed to transient daemon based on other settings
#max_clients = #同一时间最大并发用户连接数
#max_per_ip = #同一时刻每个IP地址最大连接数
PAM_SERVICE_NAME=VSFTPD #基于pam认证服务名字
Userlist_enable=yes #user_list文件中的用户禁止登入ftp服务器
Note: If the above configuration turns on upload download or delete file permissions, but the shared directory specified by the FTP login user is not written
permissions, so you can't upload or download files
3.ftp Clear Text Transport server Setup,
Experimental purpose: Create a upload directory under the/var/ftp/directory
New Local User Willow
Allow anonymous users and local system users willow to create delete files in the upload directory upload download
Yum Install vsftpd
Mkdir/var/ftp/upload
Useradd Willow
echo "Willow" | passwd--stdin Willow
Setfact-m u:willow:rwx/var/ftp/upload #这步骤很重要, Authorization Willow has write access to this directory
Vim/etc/vsftpd/vsftpd.conf
Ensure that the following configuration is in effect:
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
FTP localhost uses willow user Login test effect
4.ftps ciphertext transmission server Setup, i.e. FTP + TLS encryption authentication
Create a self-signed certificate
Cd/etc/pki/ca
mkdir certs Newcerts CRL
Touch Index.txt
echo > Serial
Vim/etc/pki/tls/openssl.cnf
dir = .. /.. /ca
Modify the preceding statement to one of the following statements
dir = /etc/pki/ca
(umask 077,openssl genrsa-out PRIVATE/CAKEY.PEM 1024)
OpenSSL req-new-x509-key private/cakey.pem-out cacert.pem-days 365
Mkdir/etc/vsftpd/ssl
Cd/etc/vsftpd/ssl
(umask 077,openssl genrsa-out vsftpd.key 1024)
OpenSSL Req-new-key vsftpd.key-out VSFTPD.CSR
OpenSSL ca-in vsftpd.key-out vsftpd.crt
Note that this is the end, I only give the creation certificate and then request the certificate step, and did not give the detailed process, depending on your own experimental environment
To learn more about certificate building steps, check out my previous blog, where we have the following information:
Private key file location:/etc/vsftpd/ssl/vsftpd.key
Certificate file Location:/ETC/VSFTPD/SSL/VSFTPD.CRT
Vim/etc/vsftpd/vsftpd.conf
Add the following capacity:
Ssl_enable=yes
Ssl_tlsv1=yes
Ssl_sslv3=yes
Allow_anon_ssl=no
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
RSA_CERT_FILE=/ETC/VSFTPD/SSL/VSFTPD.CRT #证书位置
Rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key #私钥位置
Restart VSFTPD Service
Service VSFTPD Restart
Use the FLASHFXP client software test to encrypt the transfer
5. Construction of FTP server based on MySQL virtual user authentication
5.1. Compile and install Pam_mysql-0.7rc1
Tar zxvf pam_mysql-0.7rc1.tar.gz
CD PAM_MYSQL-0.7RC1
./configure--WITH-MYSQL=/USR--with-openssl
Make
Make install
Cp/usr/lib/security/pam_mysql.*/lib/security/
5.2. Installing VSFTPD
Yum-y Install VSFTPD
5.3. Installing Mysql-server and Mysql-devel
Yum install-y mysql-server Mysql-devel
Service mysqld Start
5.4. Create a Virtual user account
5.4.1 Preparation database and related tables
#mysql locally connected MySQL database
mysql> CREATE DATABASE vsftpd;
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
mysql> flush Privileges;
mysql> use VSFTPD;
Mysql> CREATE TABLE Users (
-ID int auto_increment not NULL,
, name char (a) binary not NULL,
Password char () binary not NULL,
-primary key (ID)
);
5.4.2. Adding a test to a virtual user
mysql> INSERT into users (Name,password) VALUES (' Willow ', ' willow ');
mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Tom ');
Note that the password is stored in clear text format because the pam_mysql and MySQL password () functions may be different.
The encryption interpretation can be viewed through the Redme file in the Pam_mysql directory, i.e. less redme
6. Establish the required files for PAM Certification
#vim/etc/pam.d/vsftpd.mysql
Add the following two lines
Auth required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0
Account required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=0
7. Modify the VSFTPD configuration file to adapt it to MySQL authentication
Establish a virtual user mapping of the system users and corresponding directories
#useradd-S/sbin/nologin-d/var/ftpvuser VUser
#chmod Go+rx/var/ftprootvuser
Make sure that the following options are enabled in/etc/vsftpd.conf
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Chroot_local_user=yes
The following options must be added
Guest_enable=yes
Guest_username=vuser #虚拟用户映射本地用户vuser
Pam_service_name=vsftpd.mysql #对照前面新增的/etc/pam.d/vsftpd.mysql Name
Start the VSFTPD service and test the effect
# service VSFTPD Start
# Chkconfig VSFTPD on
# FTP localhost
8. Configure virtual users to have different access rights
8.1. Configure VSFTPD to use the profile directory for virtual users
# Vim Vsftpd.conf
Turn off all permissions for anonymous users
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Anon_other_write_enable=no
You must add the following options
User_config_dir=/etc/vsftpd/vusers_dir
mkdir/etc/vsftpd/vusers_dir/
cd/etc/vsftpd/vusers_dir/
Touch Willow Tom
8.2. Configure access rights for virtual users
8.2.1. Make virtual user Tom Unable to upload, only download permission
Vim/etc/vsftpd/vusers/tom
Anon_upload_enable=no
8.2.2. Let the virtual user willow have permission to upload, download, create, delete, etc.
Vim/etc/vsftpd/vusers/willow
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
This article is from the "Xavier Willow" blog, please be sure to keep this source http://willow.blog.51cto.com/6574604/1786264
Linux FTP and FTPS and FTP based on MySQL virtual user authentication server Building
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
