Vsftpd Implements user authentication based on MySQL

Vsftpd Implements user authentication based on MySQL

Ftp introduction:

Ftp: File Transfer Protocol, File Transfer Protocol; FTP is the application layer Protocol, which uses the C/S architecture and works on 20/tcp, 21/tcp.

FTP uses interactive access mode. Two parallel TCP connections, one control connection, and one data connection are used to send control information, such as the user and password, between the client and the server, change remote directories and commands, upload and download files, and use data connections to actually send data. Ftp has two working modes: Active and Passive ).

Data:

• Command connection: file management commands, always online connections
• Data Connection: data transmission, on-demand connection creation and Shutdown

Data Transmission Format:

• Text transmission
• Binary Transfer

Common ftp tools:

• Server: wu-ftpd, proftpd, pureftodd, vsftpd (Very Secure), ServU;
• Client: ftp, lftp (lftpget), wget, curl, filezilla, gftp (Linux GUI), flashfxp, cuteftp;

Code:

1xx: Information

2xx: the status of the successful class?

3xx: the status code prompting you to provide additional information

4xx: client Error

5xx: Server Error

Two modes:

Active Mode:

1. the random port N/tcp of the client sends a connection request to port 21/tcp of the ftp server, and establishes a control connection through three handshakes of tcp;

2. The client informs the ftp server that port N + 1/tcp is used for data transmission;

3. the ftp server 20/tcp port sends a request to the N + 1/tcp port to establish a data connection;

Passive Mode:

Four Advanced configurations of vsftpd Server:

VsFTPd configuration Tutorial:

Simple and practical Ubuntu FTP setup

Set up FTP server and Apache server on Ubuntu

Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform

Install vsftpd source code in Linux

Install and configure the FTP server vsftpd in openSUSE 13.2/13.1

1. the random port N/tcp of the client sends a connection request to port 21/tcp of the ftp server, and establishes a control connection through three handshakes of tcp;

2. the ftp server notifies the client of random X/tcp for data transmission;

3. The client sends a request to the ftp server X/tcp port through the N + 1/tcp port to establish a data connection;

Vsftpd service installation Configuration:

# Yum install vsftpd

# Rpm-ql vsftpd: Install the vsftpd file:

#/Etc/pam. d/vsftpd: User Authentication configuration file;

#/Etc/rc. d/init. d/vsftpd: Service script;

#/Etc/vsftpd: configuration file directory;

# Vsftpd. conf: Main configuration file;

#/Usr/sbin/vsftpd: main application;

There are three types of ftp service users:

1. System User: a user in the server system. The default resource location is the home directory of the user;
2. Anonymous Users: users who can log on without accounts and passwords will be mapped to a system user ftp. The default access resource is the home directory of the ftp user:/vat/ftp;
3. Virtual users: These users are created on the ftp server and mapped to a system user;

Configuration file details:

# Vim/etc/vsftpd. conf

Anonymous User Configuration:

> Anonymous_enable = YES | NO: whether to allow logon;

> Anon_mkdir_write_enable = YES | NO: whether to allow upload;

> Anon_ohter_write_enable = YES | NO: whether to allow File Deletion

Note: After the preceding options are enabled, the client can log on with an anonymous user and cannot upload files to the/var/ftp directory. You must add the directory permission to the ftp user in the system; for security considerations, you can create a directory dedicated for upload in/var/ftp and add permissions;

# Cd/var/ftp/

# Mkdir upload

# Setfacl-R-m u: ftp: rwx upload/

System User Configuration:

> Local_enable = YES | NO: whether to allow logon;
> Write_enable = YES | NO: whether to allow upload;
> Local_umask = 022: default file upload permission, not related to the system umask;
> Chroot_local_user = YES | NO: whether to block all ftp local users in their home directories;
> Chroot_list_enable = YES | NO: whether to block the specified ftp local user in the file in its home directory;
> Chroot_list_file =/etc/vsftpd/chroot_list: banned user file path;
> Dirmessage_enable = YES | BO: the information displayed when the user logs on to the server;

Note: because it is a system user logon, such users can access other directories and use the ban option to block system users in their home directories.

Log options:

> Xferlog_enable = YES | NO: whether to enable it;

> Xferlog_std_format = YES | NO: standard format;

> Xferlog_file =/var/log/xferlog: log location;

Change the owner of the uploaded file:

> Chown_uploads = YES | NO: whether to change the owner of the uploaded file;

> Chown_username = whoever: the owner of the uploaded file;

Control user logon:

> Userlist_enable = YES | NO: whether to enable list files that control user logon;

> Userlist_deny = YES | NO: YES blacklist, NO whitelist; default list file:/etc/vsftpd/user_list;

Connection restrictions:

> Max_clients =: Maximum number of concurrent connections;

> Max_per_ip =: number of concurrent requests that can be initiated by each IP address at the same time;

Transmission rate:

> Anon_max_rate =: The maximum transmission rate of anonymous users. The unit is byte/second ";

> Local_max_rate =: maximum transmission rate of local users

Vsftpd uses pam for user authentication.

> Pam_service_name = vsftpd

Virtual User:

All virtual users are uniformly mapped to a specified system account, and the shared access location is the home directory of the system account. Each virtual user can be assigned different access permissions; the permission control parameters of anonymous users are specified;

User Authentication:

Virtual User: used to access resources of a specific service only;

Nsswitch: networkserver switch, name resolution framework;

Configuration File:/etc/nsswitch. conf

Module:/lib64/libnss *,/usr/lib64/libnss *

Pam: pluggableauthentication module, user authentication framework;

Module:/lib64/security/

Configuration File:/etc/pam. conf,/etc/pam. d /*

Storage of virtual user accounts:

File: edit file

Odd behavior Username

Even behavior Password

This file must be encoded in hash format;

Tables in relational databases: Real-Time query of databases for user authentication;

Mysql database: pam depends on pam_mysql

# Yum install pam_mysql

Note: pam_mysql is from the epel source;

For more details, please continue to read the highlights on the next page:

1 2 Next Page