Mysql+pam-based VSFTPD virtual user for FTP service learning notes

Source: Internet
Author: User
Tags crypt openssl ftp client

Mysql+pam-based VSFTPD virtual User Configuration

First, the experimental explanation

Operating system: Redhat5.8_x64bit

Experimental platform: VMware Workstation

Required Packages: P am_mysql-0.7rc1.tar.gz

Second, the installation of the necessary procedures


1. Install the development environment and MySQL database beforehand.

# yum-y Groupinstall "Development Tools" "Development Libraries" #yum-y install mysql-server mysql-devel

2, Installation Pam_mysql-0.7rc1

# tar zxvf pam_mysql-0.7rc1.tar.gz# cd pam_mysql-0.7rc1#./configure--with-mysql--with-openssl or #./configure--with-m YSQL=/USR--with-openssl.......checking md5.h Usability ... nochecking md5.h presence ... nochecking for md5.h ... nochecking if Md5.h is Solaris ' s ... nochecking for md5.h ... (cached) nochecking for md5data ... nochecking for crypt in-lcrypt ... yeschecking for crypt ... yesconfigure:creating Nfig.statusconfig.status:creating Makefileconfig.status:creating pam_mysql.specconfig.status:creating Config.hconfig.status:executing default-1 commands# make# make install


3, Installation vsftpd

# yum-y Install VSFTPD


Second, create a virtual user account


1. Prepare the database and related tables

First, make sure that MySQL service has started normally . Then, create the database that stores the virtual users as needed, which is created as a VSFTPD database.

#mysqlmysql > create database vsftpd;mysql> grant select on vsftpd.*  to [email protected] identified by  ' 123.com '; mysql> grant select  on vsftpd.* to [email protected] identified by  ' 123.com ';mysql>  flush privileges;mysql> use vsftpd;mysql> create table users  (     -> id int AUTO_INCREMENT NOT NULL,     -> name char ( binary NOT NULL,    -> password ) char ( binary not null,    -> primary key) (ID)      -> ) mysql>desc users;+----------+----------+------+-----+---------+-------------- --+| field    | type     | null | key  | default | extra          |+----------+----------+------+----- +---------+----------------+| id       | int (one)   |  no   | pri | null    | auto_increment |  | name     | char ( | NO   |  )    | NULL    |                 | | password | char ( | NO )   |     | NULL    |                 | +----------+----------+------+-----+- --------+----------------+

2. Adding a Test virtual user

To add the required users as needed, it should be explained that the password is stored in plaintext format, because the pam_mysql password () function and the MySQL password () function may be different.

mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat ');mysql> inserts into users (Name,password) VALUES (' Jerry ', ' Redhat ');

3. Test VSFTPD Whether the user is connected to MySQL

[Email protected] ~]# Mysql-uvsftpd-penter password:welcome to the MySQL monitor. Commands End With; or \g.your MySQL connection ID is 8Server version:5.0.77 Source distributiontype ' help, ' or ' \h ' for help. Type ' \c ' to clear the buffer.mysql>

Third, configuration vsftpd


1. Establish the required files for PAM Certification

#vi/etc/pam.d/vsftpd.mysql--and filename can be arbitrarily added as follows two lines auth required/usr/lib/security/pam_mysql.so user=vsftpd passwd=123. COM host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=0account required/usr/lib/ security/pam_mysql.so user=vsftpd passwd=123.com host=localhost db=vsftpd table=users usercolumn=name passwdcolumn= Password crypt=0

2. Modify the VSFTPD configuration file to adapt it to MySQL authentication


Establish a virtual user mapping of the system users and corresponding directories

#useradd-S/sbin/nologin-d/var/ftproot vuser# ls-ld/var/ftproot/drwx------4 vuser vuser 4096 Nov 15:47/var/ftpro ot/#chmod Go+rx/var/ftproot


Make sure that the following options are enabled in/etc/vsftpd/vsftpd.conf

Anonymous_enable=yeslocal_enable=yeswrite_enable=yesanon_upload_enable=noanon_mkdir_write_enable=nochroot_ Local_user=yes


Then add the following options

Guest_enable=yesguest_username=vuser


And make sure that the value of the Pam_service_name option is as follows

Pam_service_name=vsftpd.mysql


Iv. Start VSFTPD Service

# service VSFTPD start# chkconfig vsftpd on


Viewing port opening conditions

# NETSTAT-TNLP |grep:21tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23286/vsftpd


Using the virtual user login, positive configuration results, the following is the local command mode test, you can also use the other win box with IE or FTP client tool login

[[Email protected] ~]# FTP 192.168.3.3Connected to 192.168.3.3.220 (vsFTPd 2.0.5) 530 * Login with USER and pass.530 P Lease login with USER and PASS. Kerberos_v4 rejected as an authentication TypeName (192.168.3.3:root): tom331 Please specify the password. password:230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.ftp>


Tips:

# Tail/var/log/securelocalhost Vsftpd:pam Unable to dlopen (/lib/security/pam_mysql.so) localhost vsftpd:pam [ERROR:/li B/security/pam_mysql.so:cannot open Shared object file:no such file or directory]localhost vsftpd:pam adding faulty mod Ule:/lib/security/pam_mysql.so


If using virtual user logon fails, review the log to find the above error message:

Workaround: Prompt did not find the pam_mysql.so library file, first determine the location of the Pam_mysql-0.7rc1.tar.gz installation library file, by looking at the discovery pam_mysql.so stored in the/usr/lib/security/directory. You modify the Vim/etc/pam.d/vsftpd.mysql file. Re-login on ok!!


V. Configure virtual users to have different access rights

VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.


1. Configure VSFTPD to use the profile directory for virtual users

# vim/etc/vsftpd/vsftpd.conf Add the following options User_config_dir=/etc/vsftpd/vusers_dir


2. Create the required directory and provide the configuration file for the virtual user

# mkdir/etc/vsftpd/vusers_dir/# cd/etc/vsftpd/vusers_dir/# Touch Tom Jerry

3. Configure access rights for virtual users


The virtual user's access to the VSFTPD service is done through the instructions of the anonymous user. For example, if you need to let Tom users do not have permission to upload, download files, you can modify the/etc/vsftpd/vusers/tom file, add the following options.

Anon_upload_enable=no

For example, if you need to let Jerry users have permission to upload, download, create, delete files, you can modify the/etc/vsftpd/vusers/jerry file, add the following options.

Anon_upload_enable=yesanon_mkdir_write_enable=yesanon_other_write_enable=yes


This article is from "Xiao Zeng" blog, please be sure to keep this source http://zengxin.blog.51cto.com/6098070/1717930

Mysql+pam-based VSFTPD virtual user for FTP service learning notes

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.