Ftp virtual account (pam)

Ftp adopts the plaintext data transmission mode. If you use a local account to log on to the ftp server, if the user name and password of this user are captured by someone else, others can use this account to log on to the ftp server, security issues.

You can use a virtual account to map the virtual account to a local account on the ftp server, so that even if the account is intercepted on the network, it is only an account that does not exist on the system and cannot log on to the system.

1. Create a mount point and attach a cd

[Root @ localhost ~] # Mkdir/mnt/cdrom

[Root @ localhost ~] # Mount/dev/cdrom/mnt/cdrom

2. Install vsftpd

[Root @ localhost ~] # Rpm-ivh/mnt/cdrom/Server/vsftpd-2.0.5-16.el5.i386.rpm

3. Generate text files for storing virtual accounts and passwords

[Root @ localhost ~] # Vim/etc/vsftpd/vuser.txt

Test1 # virtual account test1

123 # password for the virtual account test1

Test2 # virtual account test2

456 # password for the virtual account test2

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image001 "border =" 0 "alt =" clip_image001 "src =" http://www.bkjia.com/uploads/allimg/131228/033U049A-0.png "" 694 "height =" 266 "/>

4. Install the db_load tool to change the generated account and password file to a database file, which is located in the software package db4_util.

[Root @ localhost Server] # rpm-ivh/mnt/cdrom/Server/db4-utils-4.3.29-10.el5.i386.rpm

5. Use db_load -- help for help. Convert the uni account file to a database file

[Root @ localhost ~] # Db_load-T-t hash-f/etc/vsftpd/vuser.txt/etc/vsftpd/vuser. db

6. when a user logs on to the ftp server, the account is verified under/etc/passwd by default, in/etc/vsftpd. the conf statement pam_service_name = vsftpd indicates that pam is used for verification. The verification file is vsftpd.

This file is an interface file that tells pam which modules should be called during verification and the module parameters.

Open the interface file vsftpd

[Root @ localhost vsftpd] # vim/etc/pam. d/vsftpd

This file must use the module/lib/security/pam_userdb.so

View the manual of this module:

[Root @ localhost txts] # man/usr/share/doc/pam-0.99.6.2/txts/README. pam_userdb

We can see that the pam_userdb module is used to verify the user name and password stored in the database.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image003 "border =" 0 "alt =" clip_image003 "src =" http://www.bkjia.com/uploads/allimg/131228/033U0O14-1.jpg "" 629 "height =" 98 "/>

Db =/path/database # specifies the location of database files

7. Open the/etc/pam. d/vsftpd file again.

Auth required pam_userdb.so db =/etc/vsftpd/vuser

Account required pam_userdb.so db =/etc/vsftpd/vuser

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image005 "border =" 0 "alt =" clip_image005 "src =" http://www.bkjia.com/uploads/allimg/131228/033U04H1-2.jpg "" 712 "height =" 137 "/>

After the virtual account is verified, You need to map the virtual account with the local account

8. Create a local account user1

[Root @ localhost txts] # useradd user1

[Root @ localhost txts] # passwd user1

9. View vsftpd. conf Manual

Search for the guest keyword,Guest_enable: All non-anonymous users will be logged on as the guest user, and the guest user will be mappedGuest_usernameUser name.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image007 "border =" 0 "alt =" clip_image007 "src =" http://www.bkjia.com/uploads/allimg/131228/033U06251-3.jpg "" 727 "height =" 161 "/>

10. Add the following statement to vsftpd. conf:

Guest_enable = YES

Guest_username = user1

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image009 "border =" 0 "alt =" clip_image009 "src =" http://www.bkjia.com/uploads/allimg/131228/033U06438-4.jpg "" 714 "height =" 329 "/>

11. Restart the ftp service.

[Root @ localhost txts] # service vsftpd restart

Disable vsftpd: [OK]

Start vsftpd For vsftpd: [OK]

12. test:

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image011 "border =" 0 "alt =" clip_image011 "src =" http://www.bkjia.com/uploads/allimg/131228/033U030Z-5.jpg "" 633 "height =" 253 "/>

13. Add the r permission to the Home Directory of user1

[Root @ localhost home] # ll-d user1/

Drwx ------ 3 user1 user1 4096 09-16 16:58 user1/

[Root @ localhost home] # chmod o + r user1/

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image013 "border =" 0 "alt =" clip_image013 "src =" http://www.bkjia.com/uploads/allimg/131228/033U05505-6.jpg "" 636 "height =" 88 "/>

14. Access again

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image015 "border =" 0 "alt =" clip_image015 "src =" http://www.bkjia.com/uploads/allimg/131228/033U0A07-7.jpg "" 647 "height =" 307 "/>

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image017 "border =" 0 "alt =" clip_image017 "src =" http://www.bkjia.com/uploads/allimg/131228/033U05c4-8.jpg "" 648 "height =" 251 "/>

15. Set the user's maximum rate

Anon_max_rate = 100 the maximum rate of anonymous users is 100B/s.

Local_max_rate = 10000 the maximum rate of local users is 10 M/s

Max_clients = 2 the maximum number of clients is 2

Max_per_ip = 1 Number of connections that can be enabled for each ip Address

16. Disk Quota:

The total file size uploaded to the test1 and test2 accounts cannot exceed 15 MB

Create a new partition

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image019 "border =" 0 "alt =" clip_image019 "src =" http://www.bkjia.com/uploads/allimg/131228/033U032X-9.jpg "" 723 "height =" 229 "/>

Use partprobeCommand to make linuxThe kernel re-reads the partition table:

[Root @ localhost ~] # Partprobe/dev/sda

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image021 "border =" 0 "alt =" clip_image021 "src =" http://www.bkjia.com/uploads/allimg/131228/033U06457-10.jpg "" 740 "height =" 280 "/>

Format the partition.

[Root @ localhost ~] # Mkfs-t ext3/dev/sda5

Create a mount point and permanently mount the partition to the mount point.

[Root @ localhost ~] # Mkdir/mnt/partion

[Root @ localhost ~] # Vim/etc/fstab

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image023 "border =" 0 "alt =" clip_image023 "src =" http://www.bkjia.com/uploads/allimg/131228/033U03938-11.jpg "" 755 "height =" 201 "/>

Mount-

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image025 "border =" 0 "alt =" clip_image025 "src =" http://www.bkjia.com/uploads/allimg/131228/033U055A-12.jpg "" 670 "height =" 351 "/>

After quotacheck-augvc is executed, files are generated in the/mnt/5 Folder: aquota. user, quota files for all users.

Edit the quota file of user1

[Root @ localhost ~] # Edquota-u user1

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image027 "border =" 0 "alt =" clip_image027 "src =" http://www.bkjia.com/uploads/allimg/131228/033U05Z5-13.jpg "" 681 "height =" 114 "/>

Quotaon/dev/sda5 make the quota take effect

[Root @ localhost ~] # Quotaon/dev/sda5

Add the command quotaon/dev/sda5 to the boot script file/etc/rc. d/rc. local to enable the quota to automatically take effect upon startup.

Because the Home Directory of user1 is under "/", it is not in the/dev/sda5 partition, that is,/mnt/partion. Copy the home Directory of user1 to/mnt/partion/home, modify the home Directory of user1 in/etc/passwd to/mnt/partion/home/user1. because the virtual accounts test1 and test2 are logged on to the system and become guest accounts, all vsftpd needs to be modified. conf file to grant the upload permission to anonymous users. Modify the permissions of/mnt/partion/home/user1 to allow the other user to upload data.

[Root @ localhost home] # mkdir/mnt/partion/home

[Root @ localhost home] # mv */mnt/partion/home/

[Root @ localhost partion] # chmod-R o + rw home

[Root @ localhost partion] # vim/etc/passwd

User1: x: 501: 502:/mnt/partion/home/user1:/bin/bash

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image029 "border =" 0 "alt =" clip_image029 "src =" http://www.bkjia.com/uploads/allimg/131228/033U02118-14.jpg "" 670 "height =" 173 "/>

[Root @ localhost partion] # vim/etc/vsftpd. conf

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image031 "border =" 0 "alt =" clip_image031 "src =" http://www.bkjia.com/uploads/allimg/131228/033U01H8-15.jpg "" 663 "height =" 202 "/>

Upload files

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image033 "border =" 0 "alt =" clip_image033 "src =" http://www.bkjia.com/uploads/allimg/131228/033U04T0-16.jpg "" 634 "height =" 295 "/>

The file size is only 15 MB.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image035 "border =" 0 "alt =" clip_image035 "src =" http://www.bkjia.com/uploads/allimg/131228/033U052N-17.jpg "" 642 "height =" 150 "/>

Upload again. Upload Failed.

650) this. width = 650; "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" clip_image037 "border =" 0 "alt =" clip_image037 "src =" http://www.bkjia.com/uploads/allimg/131228/033U0N55-18.jpg "" 649 "height =" 157 "/>

Quota effective