Vsftpd FTP server-verify both the virtual user (mysql) and the Local User

Required software:
1.vsftpd-2.0.6.tar.gz
2.pam_mysql-0.7RC1.tar.gz
3. Mysql5.0.27
1. Install vsftpd
[Root @ ganwenliang soft] # tar xzfv vsftpd-2.0.6.tar.gz
[Root @ ganwenliang vsftpd-2.0.6] # make
[Root @ ganwenliang vsftpd-2.0.6] # make install
[Root @ ganwenliang vsftpd-2.0.6] # cp vsftpd. conf/etc
Add User soft to the system as a guest user
[Root @ ganwenliang vsftpd-2.0.6] # adduser soft
Edit vsftpd. conf and add the following three lines at the bottom:
Guest_enable = YES
Guest_username = soft
Listen = YES
Start vsftpd:
[Root @ ganwenliang vsftpd-2.0.6] #/usr/local/sbin/vsftpd &
If you encounter an error such as "vsftpd: 500 OOPS: bad bool value in config file for: anonymous_enable", you can take a look at my article http://www.bkjia.com/ OS /201112/115710.html
Ii. Install MySQL
[Root @ ganwenliang soft] # tar-zvxf mysql-max-5.0.27.tar.gz
[Root @ ganwenliang soft] # cd mysql-max-5.0.27
[Root @ ganwenliang mysql-max-5.0.27] #./configure -- prefix =/usr/local/mysql
[Root @ ganwenliang mysql-max-5.0.27] # make
[Root @ ganwenliang mysql-max-5.0.27] # make install
[Root @ ganwenliang mysql-max-5.0.27] # cp support-files/my-medium.cnf/etc/my. cnf
Add mysql users and user groups
[Root @ ganwenliang soft] # groupadd mysql
[Root @ ganwenliang soft] # useradd-g mysql
Modify mysql Directory Permissions
[Root @ ganwenliang soft] # chown-R root/usr/local/mysql
[Root @ ganwenliang soft] # chgrp-R mysql/usr/local/mysql
[Root @ ganwenliang soft] # chown-R mysql/usr/local/mysql/var
Generate mysql System Database
[Root @ ganwenliang soft] #/usr/local/mysql/bin/mysql_install_db -- user = mysql
Start mysql Service
[Root @ ganwenliang soft] #/usr/local/mysql/bin/mysqld_safe -- user = mysql &
If Starting mysqld daemon with databases from/usr/local/mysql/var appears
The mysql service is started normally. Press Ctrl + C to jump out.
Modify the root password of mysql
[Root @ ganwenliang soft] #/usr/local/mysql/bin/mysqladmin-uroot-p password "123456"
Create databases and tables to store FTP user data:
Create database ftp;
Create table 'logs '(
'Msg 'varchar (255) default NULL,
'User' char (16) default NULL,
'Pid 'int (11) default NULL,
'Host' char (32) default NULL,
'Rhost' char (32) default NULL,
'Logtime' timestamp not null default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP
) ENGINE = MyISAM default charset = gb2312;
#
# Table structure for table users
#
Drop table if exists 'users ';
Create table 'users '(
'Name' char (16) character set gb2312 collate gb2312_bin default NULL,
'Passwd' char (48) default NULL
) ENGINE = MyISAM default charset = gb2312;
 
If you encounter an error message saying that you cannot find gb2312, You Can recompile mysql to support gbk. You can also remove "default charset = gb2312" from the preceding SQL statement.
3. Install Pam_mysql
[Root @ ganwenliang soft] # tar xzfv pam_mysql-0.7pre3
[Root @ ganwenliang soft] # cd pam_mysql-0.7pre3
Because I have installed Mysql myself, I need to set two soft links. Otherwise, pam_mysql compilation will fail.
# Ln-s/usr/local/mysql/lib/mysql/usr/lib/mysql
[Root @ ganwenliang pam_mysql-0.7pre3] # ln-s/usr/local/mysql/include/mysql/usr/include/mysql
Compile now:
[Root @ ganwenliang pam_mysql-0.7pre3] #./configure -- with-openssl
[Root @ ganwenliang pam_mysql-0.7pre3] # make
[Root @ ganwenliang pam_mysql-0.7pre3] # make install
[Root @ ganwenliang security] # ls
Classpath. security libgcj. security pam_mysql.la pam_mysql.so
[Root @ ganwenliang security] # pwd
/Usr/lib/security
[Root @ ganwenliang security] #
After that, we need pam_mysql.so in this directory.
4. Configure the pam File
The sufficient and required parameters must be used to verify the pam file for both the virtual user and the local user.
This is my vsftpd. mysql file. For details, refer:
The first two lines are used for virtual user authentication. When the authentication fails, the local user is automatically verified (the last five lines)
Auth sufficient/usr/lib/security/pam_mysql.so user = root passwd = mysql_password host = localhost db = ftp table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg
Logusercolumn = user logpidcolumn = pid log
Hostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1
Account sufficient/usr/lib/security/pam_mysql.so user = root passwd = mysql_password host = localhost db = ftp table = users usercolumn = name passwdcolumn = passwd crypt = 2 sqllog = 1 logtable = logs logmsgcolumn = msg
Logusercolumn = user logpidcolumn = pid
Loghostcolumn = host logrhostcolumn = rhost logtimecolumn = logtime verbose = 1
Auth required pam_listfile.so item = user sense = deny file =/etc/vsftpd. ftpusers onerr = succeed
Auth required pam_stack.so service = system-auth
Auth required pam_shells.so
Account required pam_stack.so service = system-auth
Session required pam_stack.so service = system-auth
 
Here, user = root passwd = mysql_password is your mysql user name and password. Please change it.
 
For details about my vsftpd. conf file, refer:
Guest_enable = YES
Guest_username = soft
Pam_service_name =/etc/pam. d/vsftpd. mysql
User_config_dir =/etc/vsftpd/vsftpd_user
Userlist_enable = YES
Listen = YES
Tcp_wrappers = YES
 
To set separate permissions for users, create a file named after the user in/etc/vsftpd/vsftpd_user, such as test,
Run vi/etc/vsftpd/vsftpd_user/test to copy the following code.
 
# Anon_world_readable_only = NO
Local_root =/home/dong
Anon_world_readable_only = NO
Write_enable = YES
Anon_upload_enable = YES
Anon_other_write_enable = YES
Anon_mkdir_write_enable = YES
Virtual_use_local_privs = YES
Chmod_enable = YES
File_open_mode = 0775
Later verification passed in RHEL AS5