Based on MySQL database authentication
Description: This experiment is implemented on two CentOS hosts, one as FTP server and one for database server.
Both the database server and the FTP server system are CENTOS7
Note: If it is a CentOS6 system, execute the yum install vsftpd pam_mysql
command to install the connection component
MARIADB Server:
Yum InstallMariadb-server-ysystemctl start mariadbmysqlmariadb [(none)]>CREATE DATABASE vsftpddb; #准备数据库MariaDB [(none)]>Use vsftpddbmariadb [VSFTPDDB]> CREATE TABLE Users (IDINT auto_increment not NULL PRIMARY key,name CHAR ( -) BINARY not Null,password CHAR ( -) BINARY not NULL); #创建users表MariaDB [VSFTPDDB]>DESC users;+----------+----------+------+-----+---------+----------------+| Field | Type | Null | Key | Default | Extra |+----------+----------+------+-----+---------+----------------+|ID|int( One) | NO | PRI | NULL | auto_increment | | name |Char( -) | NO | | NULL | || password |Char( -) | NO | | NULL | |+----------+----------+------+-----+---------+----------------+MariaDB [VSFTPDDB]> GRANT all on vsftpddb.* to [email protected]'192.168.0.7'Identified by'Vsftpdpass'; #创建并授权用户
VSFTPD Server:
Yum InstallMARIADB-Ymysql-uvsftpduser-pvsftpdpass-h192.168.0.8#测试连接数据库MariaDB [(none)]>DESC vsftpddb.users;+----------+----------+------+-----+---------+----------------+| Field | Type | Null | Key | Default | Extra |+----------+----------+------+-----+---------+----------------+|ID|int( One) | NO | PRI | NULL | auto_increment | | name |Char( -) | NO | | NULL | || password |Char( -) | NO | | NULL | |+----------+----------+------+-----+---------+----------------+MariaDB [(none)]>Use vsftpddbmariadb [VSFTPDDB]> INSERT into Users (Name,password) VALUES ('User1', PASSWORD ('User1pass')); #创建vsftpd的虚拟用户MariaDB [VSFTPDDB]> INSERT into Users (Name,password) VALUES ('User2', PASSWORD ('User2pass')); MariaDB [VSFTPDDB]> SELECT *from users;+----+-------+-------------------------------------------+|ID| name | Password |+----+-------+-------------------------------------------+|1| User1 | *f20b90d5a0ced3757c51ae04cd4700ab9879e467 | |2| User2 | *a9c95b38c9a88ecae9128fd396059335e97caa6e |+----+-------+-------------------------------------------+
YumGroupinstall"Development Tools"-yYum-YInstallMariadb-devel pam-devel vsftpdwgethttp//prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7rc1.tar.gz Tar XF pam_mysql-0.7rc1.tar.gzCD pam_mysql-0.7rc1/Pam_mysql-0.7rc1]#./configure--with-pam-mods-dir=/lib64/Securitypam_mysql-0.7rc1]# Make&& Make Installls/lib64/security/|greppam_mysql.sopam_mysql.so #pam模块已安装
vim/etc/pam.d/Vsftpd.mysqlauth required pam_mysql.so userpasswd=vsftpdpass host= 192.168 . 0.8 db=vsftpddb table=users usercolumn=name passwdcolumn=password crypt=2accountrequired PAM_ mysql.so userpasswd=vsftpdpass host=192.168. 0.8 db=vsftpddb table=users usercolumn=name passwdcolumn=password crypt=2
Crypt is encrypted, 0 means no encryption, 1 for Crypt (3) encryption, 2 for using MySQL password () function encryption, 3 for MD5 encryption, 4 for SHA1 encryption
Auth for authentication
The account password is validated using
required for authentication to pass
pam_mysql.so module is the default relative path, is relative/lib64/security/path, can also write absolute path, followed by parameters passed to this module
USER=VSFTPD for users logged on to MySQL
passwd=magedu log on to the password for MySQL
Host=mysqlserver the hostname or IP address of the MySQL server
db=vsftpd Specify the database name for the connection msyql
Table=users Specify the table name in the connection database
Usercolumn=name as the user name field
Passwdcolumn=password as the password for the user name segment
crypt=2 password encryption method for MySQL password () function encryption
Useradd-r-s/sbin/nologin-d/data/mftp/ vusermkdir -pv/data/mftp/pub/chmod -w / data/mftp/-Mu:vuser:rwx/data/mftp/pub//etc/vsftpd/vsftpd.confanonymous_enable= Yesguest_enable=yesguest_username=vuserpam_service_name=vsftpd.mysql # Modified to use Pam_mysql module authentication systemctl Restart VSFTPD
VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf
vim/etc/vsftpd/vsftpd.confuser_config_dir=/etc/vsftpd/vusers.dmkdir /etc/vsftpd/ vusers.d/Touch /etc/vsftpd/vusers.d//etc/vsftpd/vusers.d/user1anon_upload_enable= yesanon_mkdir_write_enable=yesanon_other_write_enable=yeslocal_root=/ftproot # Login directory changed to the specified directory
FTP Service (4) based on MySQL database authentication