Vsftpd + pam + mysql for ftp Construction

 

1. Install the required program 1. Install the development environment and mysql database in advance;

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1Z00a648-0.png "/>

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1Z0095U0-1.png "/>

Configure the yum server. repo File

 
 

  
  
[Root @ localhost yum. repos. d] # cd
  
  
[Root @ localhost ~] # Mkdir/mnt/cdrom
  
  
[Root @ localhost ~] # Mount/dev/cdrom/mnt/cdrom/
  
  
// Mount the image above to use yum
  
  
[Root @ localhost ~] # Cd/etc/yum. repos. d/
  
  
[Root @ localhost yum. repos. d] # vim server. repo
  
  
// Add content
  
  
[Base]
  
  
Name = Instructor Server Repository
  
  
Baseurl = file: // mnt/cdrom/Server // The image here is locally mounted
  
  
Gpgcheck = 0
  
  

  
  
[Root @ localhost ~] # Yum-y install mysql-server mysql-devel
  
  
[Root @ localhost ~] # Service mysqld start
  
  
[Root @ localhost ~] # Yum-y groupinstall "Development Tools" "Development Libraries"
 
 

2. Install pam_mysql-0.7RC1 here I prepared in advance compressed package closer to linux, you can download this compressed package online. Follow these steps:

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1Z0091537-2.png "/>

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://img1.51cto.com/attachment/201304/230716381.png "/>

Then turn it off. Return to linux. Ls. You can see that the file is already in the home directory.

 
 

  
  
[root@localhost ~]# tar zxvf pam_mysql-0.7RC1.tar.gz  
  
  
[root@localhost ~]# cd pam_mysql-0.7RC1  
  
  
[root@localhost pam_mysql-0.7RC1] # ./configure --with-mysql=/usr --with-openssl  
  
  
[root@localhost pam_mysql-0.7RC1] # make  
  
  
[root@localhost pam_mysql-0.7RC1] # make install  
 
 

3. Install vsftpd

 
 

  
  
[Root @ localhost pam_mysql-0.7RC1] # yum-y install vsftpd
  
  
// Note: Check whether the selinux service is enabled at this time, because its activation will affect the later services.
  
  
[Root @ localhost ~] # GetenforceEnforcing
  
  
[Root @ localhost ~] # Setenforce 0
  
  
[Root @ localhost ~] # GetenforcePermissive
  
  
// Of course. Here, we also need to replace selinux = enforcing with SELINUX = permissive in vim/etc/SELINUX/config.
 
 

2. Create a virtual user account 1. Prepare the database and related tables. First, make sure that the mysql service is started properly. Then, you can create a database to store virtual users as needed. Here, you can create a vsftpd database.

 
 

  
  
mysql> create database vsftpd;  
  
  
   
  
  
mysql> grant select on vsftpd.* to vsftpd@localhost identified by 'doubao';  
  
  
mysql> grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'doubao';  
  
  
mysql> flush privileges;  
  
  
   
  
  
mysql> use vsftpd;  
  
  
mysql> create table users (  
  
  
    -> id int AUTO_INCREMENT NOT NULL,  
  
  
    -> name char(20) binary NOT NULL,  
  
  
    -> password char(48) binary NOT NULL,  
  
  
    -> primary key(id)  
  
  
    -> );  
 
 

2. Add a test virtual user to add the user as needed. It should be noted that the password is stored in plaintext format here, because the password of pam_mysql () the function may be different from the MySQL password () function.

 
 

  
  
mysql> insert into users(name,password) values('tom','magedu');  
  
  
mysql> insert into users(name,password) values('jerry','magedu');  
  
  
mysql>\q  
 
 

3. Configure vsftpd 1. Create required documents for pam Authentication

 
 

  
  
[Root @ localhost ~] # Vi/etc/pam. d/vsftpd. mysql
  
  
Add the following two lines
  
  
Auth required/lib/security/pam_mysql.so user = vsftpd passwd = doubao host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 0
  
  
Account required/lib/security/pam_mysql.so user = vsftpd passwd = doubao host = localhost db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 0
 
 

2. modify the configuration file of vsftpd to adapt to the System user and corresponding directory for establishing virtual user ing through mysql authentication.

 
 

  
  
[Root @ localhost ~] # Useradd-s/sbin/nologin-d/var/ftproot vuser
  
  
[Root @ localhost ~] # Chmod go + rx/var/ftproot
  
  

  
  
// Make sure that the following options are enabled in/etc/vsftpd. conf.
  
  

  
  
Anonymous_enable = YES
  
  
Local_enable = YES
  
  
Write_enable = YES
  
  
Anon_upload_enable = NO
  
  
Anon_mkdir_write_enable = NO
  
  
Chroot_local_user = YES
  
  

  
  
// Add the following options
  
  
Guest_enable = YES
  
  
Guest_username = vuser
  
  

  
  
// Make sure that the value of the pam_service_name option is as follows:
  
  
Pam_service_name = vsftpd. mysql
 
 

4. Start the vsftpd service

 
 

  
  
[Root @ localhost ~] # Service vsftpd start
  
  
Starting vsftpd for vsftpd: [OK]
  
  
[Root @ localhost ~] # Chkconfig vsftpd on
  
  
// View port enabling status
  
  

  
  
[Root @ localhost ~] # Netstat-tnlp | grep: 21
  
  
Tcp 0 0 0.0.0.0: 21 0.0.0.0: * LISTEN 11336/vsftpd
 
 

Use a virtual user to log on and verify the configuration result. The following is a command test on the local machine. You can also use IE or FTP client tool to log on to other Windows boxes to verify the configuration result.

650) this. width = 650; "border =" 0 "alt =" "src =" http://img1.51cto.com/attachment/201304/230800893.png "/>

 
 

  
  
[root@localhost ~]# ftp localhost  
 
 

 

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131227/1Z0091U4-5.png "/>

5. Configure virtual users to have different access permissions. vsftpd provides a separate configuration file for each user in the configuration file directory to define their ftp service access permissions, the configuration file name of each virtual user is the same as that of the virtual user. The configuration file directory can be any unused directory. You only need to specify its path and name in vsftpd. conf. 1. Configure vsftpd as the configuration file directory for virtual users

 
 

  
  
[Root @ localhost ~] # Vim/etc/vsftpd. conf
  
  
// Add the following options
  
  
User_config_dir =/etc/vsftpd/vusers_dir
 
 

2. Create the desired directory and provide the configuration file for the virtual user

 
 

  
  
[root@localhost ~]# mkdir /etc/vsftpd/vusers_dir/  
  
  
[root@localhost ~]# cd /etc/vsftpd/vusers_dir/  
  
  
[root@localhost ~]# touch tom jerry  
 
 

3. Configure virtual user access permissions virtual users access vsftpd services through commands of anonymous users. For example, to allow the tom user to upload files, modify the/etc/vsftpd/vusers/tom file and add the following options. Anon_upload_enable = YES