Use Vsftpd+pam_mysql for virtual user authentication on CENTOS7

First, the installation of the necessary procedures

1. Install the development environment and the required procedures

# yum Groupinstall-y "Development Tools" "Server platformdevelopment"

# yum install-y pam-devel mariadb-devel mariadb-server vsftpd lftp FTP

Start the service:

# Systemctl Start Mariadb.service

2. Compile and install Pam_mysql-0.7rc1

# Tar XF pam_mysql-0.7rc1.tar.gz

# CD PAM_MYSQL-0.7RC1

#./configure--with-pam=/usr--with-mysql=/usr--with-pam-mods-dir=/usr/lib64/security

# make

# make Install

Second, create a virtual user account

1. Prepare the database and related tables

MariaDB [(None)]> CreateDatabase vsftpd;

MariaDB [(None)]> createtable vsftpd.users (id intnot NULL auto_increment PRIMARY KEY, name CHAR (+) not NULL UNIQUE KEY , PasswordChar (48));

MariaDB [(None)]> use VSFTPD

MariaDB [vsftpd]> desc users;

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/89/33/wKioL1gMKVTDF6FIAAAjiIK7rZE332.png "title=" 1.png " alt= "Wkiol1gmkvtdf6fiaaajiik7rze332.png"/>

2. Adding a Test virtual user

MariaDB [vsftpd]> INSERT into Vsftpd.users (Name,password) VALUES (' Tom ', password (' 123456 ')), (' Jerry ', Password (' 654321 '));

MariaDB [vsftpd]> SELECT * from users;

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/89/35/wKiom1gMKWmwQjy8AABTrNJRTWg051.png "title=" 2.png " alt= "Wkiom1gmkwmwqjy8aabtrnjrtwg051.png"/>

3. Authorizing VSFTPD User rights

MariaDB [vsftpd]> Grantall on vsftpd.* to ' vsftpd ' @ ' localhost ' identified by ' CentOS ';

MariaDB [vsftpd]> Grantall on vsftpd.* to ' vsftpd ' @ ' 127.0.0.1 ' identified by ' CentOS ';

MariaDB [vsftpd]> flushprivileges;

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/89/33/wKioL1gMKYrDKv0AAAAnyxD-MNg413.png "style=" float: none; "title=" 3.png "alt=" Wkiol1gmkyrdkv0aaaanyxd-mng413.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/89/33/wKioL1gMKYrRyE3zAAANDRsCi-Q589.png "style=" float: none; "title=" 4.png "alt=" Wkiol1gmkyrrye3zaaandrsci-q589.png "/>

To restart the database service:

# systemctl Restart Mariadb.service

Third, configuration vsftpd

1. Establish the required files for PAM Certification

# Vim/etc/pam.d/vsftpd.mysql

Add the following two lines

Auth required/usr/lib64/security/pam_mysql.so user=vsftpd passwd=centos host=127.0.0.1 db=vsftpd table=users Usercolumn=name passwdcolumn=passwordcrypt=2

Account required/usr/lib64/security/pam_mysql.souser=vsftpd Passwd=centos host=127.0.0.1 db=vsftpd table=users Usercolumn=namepasswdcolumn=password crypt=2

2. Create a Virtual user mapping system users and corresponding directories

# Mkdir/ftproot

# useradd-s/sbin/nologin-d FTPRoot VUser

Create a Test Catalog

# mkdir/ftproot/{pub,upload}

# setfacl-m U:vuser:rwx/ftproot/upload

3. Modify the VSFTPD configuration file to adapt it to MySQL authentication

# vim/etc/vsftpd/vsftpd.conf

The values for modifying the Pam_service_name option are as follows

Pam_service_name=vsftpd.mysql

Add the following two lines:

Guest_enable=yes

Guest_username=vuser

Iv. configuring virtual users with different access rights

VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure the virtual user to have separate permission settings

# vim/etc/vsftpd/vsftpd.conf

Add the following options

User_config_dir=/etc/vsftpd/vusers_conf

2. Create the desired directory and provide the configuration file for the virtual user

# mkdir/etc/vsftpd/vusers_conf

# cd/etc/vsftpd/vusers_conf

Configure virtual users to have different access rights:

# VIM Tom writes the following:

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

# vim Jerry

Anon_upload_enable=no

Anon_mkdir_write_enable=no

Anon_other_write_enable=no

3. Start the VSFTPD service:

# Systemctl Start vsftpd

V. Testing

Using Virtual user Tom, as shown, uploading and deleting files is no problem.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/89/33/wKioL1gMKiDyawWXAABlTy45l_k667.png "title=" Test 1.png "alt=" Wkiol1gmkidyawwxaablty45l_k667.png "/>

With virtual user Jerry, the test steps above, uploading, deleting files is rejected.

This article is from a "little progress every Day" blog, make sure to keep this source http://563349612.blog.51cto.com/11096134/1864698

Use Vsftpd+pam_mysql for virtual user authentication on CENTOS7