Mysql+pam-based VSFTPD virtual User Configuration
First, the experimental explanation
Operating system: Redhat5.8_x64bit
Experimental platform: VMware Workstation
Required Packages: P am_mysql-0.7rc1.tar.gz
Second, the installation of the necessary procedures
1. Install the development environment and MySQL database beforehand.
# yum-y Groupinstall "Development Tools" "Development Libraries" #yum-y install mysql-server mysql-devel
2, Installation Pam_mysql-0.7rc1
# tar zxvf pam_mysql-0.7rc1.tar.gz# cd pam_mysql-0.7rc1#./configure--with-mysql--with-openssl or #./configure--with-m YSQL=/USR--with-openssl.......checking md5.h Usability ... nochecking md5.h presence ... nochecking for md5.h ... nochecking if Md5.h is Solaris ' s ... nochecking for md5.h ... (cached) nochecking for md5data ... nochecking for crypt in-lcrypt ... yeschecking for crypt ... yesconfigure:creating Nfig.statusconfig.status:creating Makefileconfig.status:creating pam_mysql.specconfig.status:creating Config.hconfig.status:executing default-1 commands# make# make install
3, Installation vsftpd
# yum-y Install VSFTPD
Second, create a virtual user account
1. Prepare the database and related tables
First, make sure that MySQL service has started normally . Then, create the database that stores the virtual users as needed, which is created as a VSFTPD database.
#mysqlmysql > create database vsftpd;mysql> grant select on vsftpd.* to [email protected] identified by ' 123.com '; mysql> grant select on vsftpd.* to [email protected] identified by ' 123.com ';mysql> flush privileges;mysql> use vsftpd;mysql> create table users ( -> id int AUTO_INCREMENT NOT NULL, -> name char ( binary NOT NULL, -> password ) char ( binary not null, -> primary key) (ID) -> ) mysql>desc users;+----------+----------+------+-----+---------+-------------- --+| field | type | null | key | default | extra |+----------+----------+------+----- +---------+----------------+| id | int (one) | no | pri | null | auto_increment | | name | char ( | NO | ) | NULL | | | password | char ( | NO ) | | NULL | | +----------+----------+------+-----+- --------+----------------+
2. Adding a Test virtual user
To add the required users as needed, it should be explained that the password is stored in plaintext format, because the pam_mysql password () function and the MySQL password () function may be different.
mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat ');mysql> inserts into users (Name,password) VALUES (' Jerry ', ' Redhat ');
3. Test VSFTPD Whether the user is connected to MySQL
[Email protected] ~]# Mysql-uvsftpd-penter password:welcome to the MySQL monitor. Commands End With; or \g.your MySQL connection ID is 8Server version:5.0.77 Source distributiontype ' help, ' or ' \h ' for help. Type ' \c ' to clear the buffer.mysql>
Third, configuration vsftpd
1. Establish the required files for PAM Certification
#vi/etc/pam.d/vsftpd.mysql--and filename can be arbitrarily added as follows two lines auth required/usr/lib/security/pam_mysql.so user=vsftpd passwd=123. COM host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=0account required/usr/lib/ security/pam_mysql.so user=vsftpd passwd=123.com host=localhost db=vsftpd table=users usercolumn=name passwdcolumn= Password crypt=0
2. Modify the VSFTPD configuration file to adapt it to MySQL authentication
Establish a virtual user mapping of the system users and corresponding directories
#useradd-S/sbin/nologin-d/var/ftproot vuser# ls-ld/var/ftproot/drwx------4 vuser vuser 4096 Nov 15:47/var/ftpro ot/#chmod Go+rx/var/ftproot
Make sure that the following options are enabled in/etc/vsftpd/vsftpd.conf
Anonymous_enable=yeslocal_enable=yeswrite_enable=yesanon_upload_enable=noanon_mkdir_write_enable=nochroot_ Local_user=yes
Then add the following options
Guest_enable=yesguest_username=vuser
And make sure that the value of the Pam_service_name option is as follows
Pam_service_name=vsftpd.mysql
Iv. Start VSFTPD Service
# service VSFTPD start# chkconfig vsftpd on
Viewing port opening conditions
# NETSTAT-TNLP |grep:21tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23286/vsftpd
Using the virtual user login, positive configuration results, the following is the local command mode test, you can also use the other win box with IE or FTP client tool login
[[Email protected] ~]# FTP 192.168.3.3Connected to 192.168.3.3.220 (vsFTPd 2.0.5) 530 * Login with USER and pass.530 P Lease login with USER and PASS. Kerberos_v4 rejected as an authentication TypeName (192.168.3.3:root): tom331 Please specify the password. password:230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.ftp>
Tips:
# Tail/var/log/securelocalhost Vsftpd:pam Unable to dlopen (/lib/security/pam_mysql.so) localhost vsftpd:pam [ERROR:/li B/security/pam_mysql.so:cannot open Shared object file:no such file or directory]localhost vsftpd:pam adding faulty mod Ule:/lib/security/pam_mysql.so
If using virtual user logon fails, review the log to find the above error message:
Workaround: Prompt did not find the pam_mysql.so library file, first determine the location of the Pam_mysql-0.7rc1.tar.gz installation library file, by looking at the discovery pam_mysql.so stored in the/usr/lib/security/directory. You modify the Vim/etc/pam.d/vsftpd.mysql file. Re-login on ok!!
V. Configure virtual users to have different access rights
VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.
1. Configure VSFTPD to use the profile directory for virtual users
# vim/etc/vsftpd/vsftpd.conf Add the following options User_config_dir=/etc/vsftpd/vusers_dir
2. Create the required directory and provide the configuration file for the virtual user
# mkdir/etc/vsftpd/vusers_dir/# cd/etc/vsftpd/vusers_dir/# Touch Tom Jerry
3. Configure access rights for virtual users
The virtual user's access to the VSFTPD service is done through the instructions of the anonymous user. For example, if you need to let Tom users do not have permission to upload, download files, you can modify the/etc/vsftpd/vusers/tom file, add the following options.
Anon_upload_enable=no
For example, if you need to let Jerry users have permission to upload, download, create, delete files, you can modify the/etc/vsftpd/vusers/jerry file, add the following options.
Anon_upload_enable=yesanon_mkdir_write_enable=yesanon_other_write_enable=yes
This article is from "Xiao Zeng" blog, please be sure to keep this source http://zengxin.blog.51cto.com/6098070/1717930
Mysql+pam-based VSFTPD virtual user for FTP service learning notes