Home > Others

VSFTPD's virtual user-related

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Virtual User:

All virtual users are mappings for system users.

0. Create a System User:

#useradd vusers-s/sbin/nologin-d/var/ftproot

#password vusers


#chown Vusers:vusers/var/ftproot



Use the account file:

1. Create a virtual user list:

#vim/etc/vsftpd/vusers

USERNAME

PASSWORD


#db_load-T-T Hash-f/etc/vsftpd/vusers/etc/vsftpd/vusers.db is converted to a binary file using the Db_load command, which is provided by the Db4-utils package.


#chmod 600/etc/vsftpd/vusers.db Change permissions to ensure security.


2. Edit the PAM configuration file:

#vim/etc/pam.d/vsftpd.vusers

Auth required/lib64/security/pam_userdb.so db=/etc/vsftpd/vusers

Account Required/lib64/security/pam_userdb.so Db=/etc/vsftpd/vusers


3. Edit the configuration file:

#vim/etc/vsftpd/vsftpd.conf

Anonymous_enable=yes

Local_enable=yes

Write_enable=yes

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Chroot_local_user=yes


Guest_enable=yes Enabling Virtual accounts

Guest_username=vuser System account for virtual account

#virtual_user_local_privs =no Virtual account permissions are consistent with the System account permissions, Yse is consistent, NO represents the same as anonymous account permissions. The default is No.


Pam_service_name=vsftpd.vusers PAM Authentication Service


User_config_dir=/etc/vsftpd/vusers_dir Virtual User Rights folder


4. Create a virtual User Configuration folder:

#mkdir/etc/vsftpd/vsftpd_user_conf

#cd/etc/vsftpd/vsftpd_user_conf

#vim USERNAME1

#write_enable =yes Whether the user has write permissions. The default is Yes

Anon_world_readable_only=yes whether anonymous users can download, the default is YES.

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes



Using MySQL:

1. Installing Pam_mysql

#tar XF pam_mysql-xxx.tar.gz

#cd pam_mysql-xxx

#./configure--with-mysql=/usr-with-pam-mods-dir=/lib/security--with-openssl

#make && make Install


2. Edit the PAM certification file:

#vim/etc/pam.d/vsftpd.mysql

Auth required/lib/security/pam_mysql.so user=vsftpd passwd=test host=localhost db=vsftpd table=users usercolumn=name Passwdcolumn=password crypt=2

Account required/lib/security/pam_mysql.so user=vsftpd passwd=test host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=2


Crypt=num

0 Clear Text

1 using the encryption feature

2 uses MySQL, but MySQL's password () and Pam's password () function are different. Using the MySQL encrypted string Pam decryption may fail. If it fails, the plaintext crypt=0 is used.

3 using MD5

4 SHA1


3. Compile MySQL and add the database:

#mysql-uroot-p

mysql> CREATE DATABASE vsftpd;


Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' Test ';

Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' Test ';

mysql> flush Privileges;


mysql> use VSFTPD;

Mysql> CREATE TABLE Users (

-ID int auto_increment not NULL,

, name char (a) binary not NULL,

Password char () binary not NULL,

-primary key (ID)

);


mysql> INSERT into users (Name,password) VALUES (' USERNAME1 ', password (' password '));

mysql> INSERT into users (Name,password) VALUES (' USERNAME2 ', password (' password '));


4. Edit the configuration file:

#vim/etc/vsftpd/vsftpd.conf

Anonymous_enable=yes

Local_enable=yes

Write_enable=yes

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Chroot_local_user=yes


Guest_enable=yes Enabling Virtual accounts

Guest_username=vuser System account for virtual account

#virtual_user_local_privs =no Virtual account permissions are consistent with the System account permissions, Yse is consistent, NO represents the same as anonymous account permissions. The default is No.


Pam_service_name=vsftpd.mysql PAM Authentication Service


User_config_dir=/etc/vsftpd/vusers_dir Virtual User Rights folder


5. Create a virtual User Configuration folder:

#mkdir/etc/vsftpd/vsftpd_user_conf

#cd/etc/vsftpd/vsftpd_user_conf

#vim USERNAME2

#write_enable =yes Whether the user has write permissions. The default is Yes

Anon_world_readable_only=yes whether anonymous users can download, the default is YES.

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes


This article is from "Small Private blog" blog, please be sure to keep this source http://ggvylf.blog.51cto.com/784661/1658703

VSFTPD's virtual user-related

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More