Vsftpd + pam + mysql server implementation _ MySQL

Vsftpd + pam + mysql server implementation 1. vsftpd server installation:

Yum install vsftpd

View the files generated after installation

[Root @ station113 ~] # Rpm-ql vsftpd

/Etc/logrotate. d/vsftpd <========= log file

/Etc/pam. d/vsftpd "=================== authentication file

/Etc/rc. d/init. d/vsftpd <============= service script

/Etc/vsftpd '======================== program configuration file

/Etc/vsftpd/ftpusers

/Etc/vsftpd/user_list

/Etc/vsftpd. conf <=============== master configuration file

/Etc/vsftpd/vsftpd_conf_migrate.sh

/Var/ftp "=================================== server file storage directory

/Var/ftp/pub ========================= storage of shared files on the server location

Start the service

[Root @ station113 ~] # Service vsftpd start

Starting vsftpd for vsftpd: [OK]

View startup status

[Root @ station113 ~] # Ps aux | grep vsftpd

Root 5200 0.0 0.0 52524 788? Ss/usr/sbin/vsftpd/etc/vsftpd. conf

Root 5207 0.0 0.0 103252 836 pts/0 S + grep vsftpd

[Root @ station113 ~] # Ss-tnl "====== check whether Port 21 is enabled

State Recv-Q Send-Q Local Address: Port Peer Address: Port

LISTEN 0 128: 111 :::*

LISTEN 0 128 *: 111 *:*

LISTEN 0 32 *: 21 *:*

LISTEN 0 128: 22 :::*

LISTEN 0 128 *: 22 *:*

LISTEN 0

II. server configuration

[Root @ localhost ~] # Vim/etc/vsftpd. conf

Anonymous_enable = YES <== enable anonymous users

Local_enable = YES '======== allow local users to access

Write_enable = YES '======== whether to allow file Upload

Anon_upload_enable = YES '==== anonymous start Upload

Anon_mkdir_write_enable = YES (= anonymous user)

Anon_other_write_enable = YES '= anonymous users have write permission

Define welcome information

Banner_file =/path/to/some_banner_file

Ftp_banner = some string

Dirmessage_enable = yes

Create a. messages file in an ftp accessible directory

# You may fully customise the login banner string:

# Ftpd_banner = Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# Useful for combatting certain DoS attacks.

# Deny_email_enable = YES

# (Default follows)

# Banned_email_file =/etc/vsftpd/banned_emails

Vsftp controls the login user mechanism:

Users in/etc/vsftpd/ftpusers cannot use the ftp service, which is defined in/etc/pam. d/vsftpd;

The user_list configuration file can be used in either of the following ways:

Blacklist:

Userlist_enable = YES

Userlist_deny = YES

Whitelist

Userlist_enable = YES

Userlist_deny = NO

Users in the following directories cannot log on.

[Root @ station113 ~] # Cd/etc/vsftpd/

[Root @ station113 vsftpd] # ls

Chroot_list ftpusers user_list vsftpd. conf vsftpd_conf_migrate.sh

[Root @ station113 vsftpd] # cat ftpusers

# Users that are not allowed to login via ftp

Root

Bin

Daemon

Adm

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

Operator

Games

Nobody

[Root @ station113 vsftpd] # echo opentow> ftpusers

[Root @ station113 vsftpd] # cat frpusers

Install pam

Root @ www ~] # Tar xf pam_mysql-0.7RC1.tar.gz

[Root @ www ~] # Cd pam_mysql-0.7RC1

[Root @ www pam_mysql-0.7RC1] # ../configure -- with-mysql =/usr/local/mysql -- with-openssl

[Root @ www pam_mysql-0.7RC1] # make & make install

[Root @ www pam_mysql-0.7RC1] # ls-l/lib/security/

Total 124

-Rwxr-xr-x 1 root 885 Mar 26 pam_mysql.la

-Rwxr-xr-x 1 root 119100 Mar 26 pam_mysql.so

[Root @ www pam_mysql-0.7RC1] # ln-sv/lib/security/pam_mysql.so/lib64/security/

'/Lib64/security/pam_mysql.so'-> '/lib/security/pam_mysql.so'

Install the mysql server

[Root @ www ~] # Yum install mysql-sercer mysql-sever mysql-devel pam-mysql

[Root @ www ~] Service mysqld start

Log on to mysql

[Root @ www ~] # Mysql

Mysql> create database vsftpd; <======================================================== = create a vsftpd database

Query OK, 1 row affected (0.00 sec)

Mysql> grant all on vsftpd. * TO 'vsftpd '@' 172. 16. %, % 'identified BY 'vsftpd '; <= authorize the user. my host is in the 172.16 network segment.

Query OK, 0 rows affected (0.01 sec)

Mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

Mysql>/q

Bye

Verify if you can log on

[Root @ www ~] # Mysql-uvsftpd-h172.16.24.8-pvsftpd

Welcome to the MySQL monitor. Commands end with; or/g.

Your MySQL connection id is 13

Server version: 5.5.33-log MySQL Community Server (GPL)

Copyright (c) 2000,201 3, Oracle and/or its affiliates. All rights reserved.

Mysql> show databases; <=== verify whether the created database exists

+ -------------------- +

| Database |

+ -------------------- +

| Information_schema |

| Test |

| Vsftpd |

+ -------------------- +

3 rows in set (0.03 sec)

Mysql> create table users (id int unsigned AUTO_INCREMENT not null primary key, name VARCHAR (50) not null, password CHAR (48) not null );

Query OK, 0 rows affected (0.01 sec) <=== create a table

Mysql> DESC users;

+ ---------- + ------------------ + ------ + ----- + --------- + ---------------- +

| Field | Type | Null | Key | Default | Extra |

+ ---------- + ------------------ + ------ + ----- + --------- + ---------------- +

| Id | int (10) unsigned | NO | PRI | NULL | auto_increment |

| Name | varchar (50) | NO | NULL |

| Password | char (48) | NO | NULL |

+ ---------- + ------------------ + ------ + ----- + --------- + ---------------- +

3 rows in set (0.04 sec)

Mysql> insert into users (name, password) VALUES ('Tom ', 'toms'), ('Jerry', 'jerrys '); ==== create two users tom and jerry;

Query OK, 2 rows affected (0.00 sec)

Records: 2 Duplicates: 0 Warnings: 0

Mysql>/q

Bye <------------------- exit the database

Configure vsftpd

[Root @ www ~] # Vim/etc/pam. d/vsftpd. mysql <========= create a vsftpd file and add the following two lines

Auth required/lib/security/pam_mysql.so user = vsftpd passwd = vsftpd host = 172.16.24.8 db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 0

Account required/lib/security/pam_mysql.so user = vsftpd passwd = vsftpd host = 172.16.24.8 db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 0

Write your own address.

~

Note: Due to the different installation methods of mysql, pam_mysql.so may cause problems when connecting to the mysql server based on unix sock. in this case, we recommend that you authorize a user who can remotely connect to mysql and access the vsftpd database.

. Modify the configuration file of vsftpd to adapt to mysql authentication.

System users and directories mapped to virtual users

[Root @ www ~] # Useradd-s/sbin/nologin-d/var/ftproot vuser <===== create a vuser

[Root @ www ~] # Chmod go + rx/var/ftproot/<= permission

Make sure the following options are enabled in/etc/vsftpd. conf.

Anonymous_enable = YES <====== start an anonymous user

Local_enable = YES <=============== start a local user

Write_enable = YES <==================

Anon_upload_enable = NO <======= enable anonymous Upload

Anon_mkdir_write_enable = NO <=

Chroot_local_user = YES <========

[Root @ www ~] # Cd/etc/vsftpd

[Root @ www vsftpd] # vim vsftpd. conf

Then add the following options

Guest_enable = YES <========= enable a Virtual User

Guest_username = vuser <===== user to which the virtual user maps

Make sure that the value of the pam_service_name option is as follows:

Pam_service_name = vsftpd. mysql

[Root @ www ~] # Service vsftpd reload

Shutting down vsftpd: [OK]

Starting vsftpd for vsftpd: [OK]

[Root @ www ~] #