Not on the same host: Vsftpd+pam+mysql

Configuring the Environment: MARIADB on Centos7 + vsftpd on CENTOS6

First, the installation of the necessary procedures

1. Installation of VSFTPD and Pam_mysql (in centos6-->192.168.108.160)

# yum-y Install vsftpd Pam_mysql

Note: Pam_mysql is provided by the Epel source.

Or you can download Pam_mysql compilation installation directly-->http://download.chinaunix.net/download.php?resourceid=7820&id=15901

#tar XF pam_mysql-0.7rc1.tar.gz

#cd Pam_mysql-0.7rc1

#./configure--with-mysql=/usr/local/mysql--with-openssl

#make && make Install

Second, create the virtual user account (-->192.168.108.129 on the CENTOS7 host)

1. Prepare the database and related tables

First, make sure that the MySQL service is up and running. Then, create the database that stores the virtual users as needed, which is created as a VSFTPD database.

mysql> CREATE DATABASE vsftpd;

Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' 123456 ';
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' 123456 ';
mysql> flush Privileges;

You can test on the VSFTPD server (192.168.108.160) at this time

#mysql-uvsftpd-h192.168.108.129-p Enter the password to login

mysql> use VSFTPD;
Mysql> CREATE TABLE Users (
ID int auto_increment not NULL,
Name char () binary not NULL,
Password char () binary not NULL,
Primary KEY (ID)
);

2. Adding a Test virtual user

To add the required users as needed, it is necessary to note that their passwords should be stored with the password function encrypted for security purposes.

mysql> INSERT into users (Name,password) VALUES (' Xiaoming ', password (' 123456 '));
mysql> INSERT into users (Name,password) VALUES (' Xiaohong ', password (' 123456 '));

[vsftpd]> INSERT into users (Name,password) VALUES (' Xiaoming ', password (' 123456 ')), (' Xiaohong ', password (' 123456 ') );

This will prepare the virtual user account for the test.

Here the last password-password (' magedu ') is encrypted using the inner key function of the MARIADB

For example: >select ' ABCD ' will show ABCD

When using password, it is displayed as an encrypted character: converted to a password format for storage

> select password (' ABCD '); 48 Guests

Third, configuration vsftpd (in centos6-->192.168.108.160)

1. Establish the required files for PAM Certification

#vi/etc/pam.d/vsftpd.mysql file name can be defined arbitrarily
Add the following two lines
Auth required/lib/security/pam_mysql.so user=vsftpd passwd=123456 host=192.168.108.129 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=0

(/lib/security/pam_mysql.so Some computers are in the/LIB64 directory)

Check that the account and password are consistent
Account required/lib/security/pam_mysql.so user=vsftpd passwd=123456 host=192.168.108.129 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=0

Check whether the user account is within the validity period
Note: Due to the way MySQL is installed, pam_mysql.so Unix-based sock may have problems connecting to the MySQL server, and it is recommended that you authorize a remotely connected MySQL user to access the VSFTPD database.

2. Modify the VSFTPD configuration file to adapt it to MySQL authentication

All virtual users will be uniformly mapped to a designated system account, accessing the share location for this account home directory.

Establish a virtual user mapping of the system users and corresponding directories
# useradd-s/sbin/nologin-d/var/ftproot vuser This user is not allowed to login,-D to specify home directory for all virtual users to access the file location definition
# chmod Go+rx/var/ftproot allows other users to read and enter but cannot write

Make sure that the following options are enabled in/etc/vsftpd.conf
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Chroot_local_user=yes

Then add the following options
Guest_enable=yes
Guest_username=vuser//All guest accounts are mapped to VUser

And make sure that the value of the Pam_service_name option is as follows
Pam_service_name=vsftpd.mysql

#vim/etc/vsftpd/vsftpd.conf

Iv. Start VSFTPD Service

# service VSFTPD Start
# Chkconfig VSFTPD on

Viewing port opening conditions

# NETSTAT-TNLP |grep:21
TCP 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23286/vsftpd

Using the virtual user login, positive configuration results, the following is the local command mode test, you can also use the other win box with IE or FTP client tool login
# FTP localhost

V. Configure virtual users to have different access rights

VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure VSFTPD to use the profile directory for virtual users

# vim/etc/vsftpd/vsftpd.conf
Add the following options
User_config_dir=/etc/vsftpd/vusers_config

User_config_dir=/etc/vsftpd/vusers

2. Create the required directory and provide the configuration file for the virtual user

# mkdir/etc/vsftpd/vusers_config/
# cd/etc/vsftpd/vusers_config/
# Touch Tom Jerry

#vim Tom//tom configuration file

Anon_upload_enable={yes}
Anon_mkdir_write_enable={no}
Anon_other_write_enable={no}

3. Configure access rights for virtual users

The virtual user's access to the VSFTPD service is done through the instructions of the anonymous user. For example, if you need to let Tom users have permission to upload files, you can modify the/etc/vsftpd/vusers_config/tom file, add the following options.
Anon_upload_enable={yes|no}
Anon_mkdir_write_enable={yes|no}
Anon_other_write_enable={yes|no}

Not on the same host: Vsftpd+pam+mysql