First, we need to allow ftp to support dynamic passwords, that is, the user password can be dynamically modified through the program.
The vsftpd + MySQL combination is as follows:
The following articles mainly describe the specific practices of vsftpd + MySQL virtual users in Debian Linux. I saw information about vsftpd + MySQL virtual users in Debian Linux on the relevant website two days ago, I think it's good. I just want to share it with you.
Today, I had nothing to do with ftp. The reason is very simple: to put the good stuff that can be seen elsewhere on my machine, hey! It is not easy to select an FTP server in Linux. After a bit of thinking, I chose vsftpd, the reason is that it is known as the safest FTP server in Linux, and there are still many large websites that use it as a server (this makes it easy to use ).
In order to prevent others from peeking at my password and logging on to my machine, I hate the fact that there are so many users in the system (like displaying my own hands ), therefore, I decided to use virtual users because MySQL (the best combination with PHP) is installed in the machine ), so I want to put vsftpd + MySQL virtual user data in MySQL (the best combination with PHP). Well, let's get started here. Next, let's get started!
Step 1:
Install vsftpd
Apt-Get install vsftpd (Debian is awesome !)
The system automatically generates a configuration file and an FTP user for anonymous users. vsftpd uses Pam to verify virtual users because vsftpd + MySQL virtual user information is stored in the database, therefore, we also need a local user who can read the database content and set its local directory:
- #mkdir /var/ftp
- #useradd -d ftpguest /var/ftp
- #chown ftpguest.nogroup /var/ftp
Step 2: Install MySQL (the best combination with PHP)
Apt-Get install MySQL (the best combination with PHP)-server MySQL (the best combination with PHP)-clent
Create a database and add users
- # MySQL (the best combination with PHP)-P MySQL (the best combination with PHP)> Create FTPU;
- MySQL (best combination with PHP)> Use FTPU;
- MySQL (best combination with PHP)> Create Table user (name char (20) binary, passwd char (20) binary );
- MySQL (best combination with PHP)> insert into user (name, passwd) values ('test1', password ('20140901 '));
- MySQL (best combination with PHP)> insert into user (name, passwd) values ('test2', password ('20140901 '));
- MySQL (best combination with PHP)> quit
- Enable ftpguest to access FTPU and table User:
- # MySQL (the best combination with PHP)-u root MySQL (the best combination with PHP)
-P MySQL (the best combination with PHP)> grant select on FTPU. User to ftpguest @ localhost identified by '123 ';
MySQL (best combination with PHP)> quit
Step 3: Because vsftpd is verified by Pam
Therefore, we also need a MySQL (the best combination with PHP) package verified by Pam. In Debian, it is called libpam-MySQL (the best combination with PHP)
Apt-Get install libpam-MySQL (best combination with PHP)
Enable Pam verification For vsftpd:
- #vi /etc/pam.d/vsftpd
Comment out the previous content and add the following content:
Auth required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2
Account required pam_mysql (best combination with PHP). So user = ftpguest passwd = 123456 host = localhost DB = FTPU table = user usercolumn = Name passwdcolumn = passwd crypt = 2
The above content should be clear. The Crypt = 2 indicates something that has passed the password () secret of MySQL (the best combination with PHP!
Step 4: Modify the vsftpd. conf file
- #vi /etc/vsftpd.conf
Join:
- Uest_enable = Yes
- Guest_username = ftpguest
- # Indicates that ftpguest is a virtual user of vsftp.
- Virtual_use_local_privs = Yes
-
Vsftpd + MySQL virtual users have the same permissions as local users
- write_enable=yes
- anon_upload_enable=yes
- anon_other_write_enable=yes
Allows virtual users to upload, modify, and delete files.
- chroot_local_user=yes
Virtual users can only access their own directories.
- anonymous_enable=no
- local_enable=yes
Disable Anonymous user access and enable local user access
Step 5:
The fourth step has already been completed, but I thought about it later. No, if every upload is different, how can I manage the directory in a mess, can I create a directory for each vsftpd + MySQL virtual user? For example, place the files uploaded by music users in ~ /Music, put the File Uploaded By the doc user in ~ /What about Doc?
Yes! Of course. How can I do this?
First, add two vsftpd + MySQL virtual users (music and Doc) to the database:
- #mkdir /etc/vsftpd_user_conf
- #cd /etc/vsftpd_user_conf
- #touch music
- #echo "local_root=/home/username/music" > music
- #touch doc
- #echo "local_root=/home/username/doc" > doc
- #mkdir /home/username/music
- #chown ftpguest.nogroup /home/username/music
- #chmod 600 /home/username/music
- #chown ftpguest.nogroup /home/username/doc
- #chmod 600 /home/username/doc
Add user_config_dir =/etc/vsftpd_user_conf to vsftpd. conf?
==========================================
After completing the above steps, how can we enable vsftpd to support single-point login?
For example, if you enter a portal system with an FTP application, you do not need to enter the FTP user name and password when entering the FTP application.
My idea is as follows:
1. After identifying a user, associate the user with a virtual user in FTP and generate a random password,
2, create an intermediate page A, embed an IFRAME in the page, pointing to FTP: // userid: passsword@10.1 .... /
3. When page a is closed, a new random password is generated to overwrite the original password. This ensures that the password is dynamic and takes effect immediately. If page A does not exit normally, but does not call the close method, you can use ajax to make page a communicate with the server at regular intervals to keep the heartbeat, if the server still receives the information of page a after a certain period of time, you can set the password to be invalid.