VSFTP is an FTP server software used on Unix-like systems based on the GPL, and the creator's intention is to secure the code.
Characteristics
1, it is a safe, high-speed, stable FTP server;
2, it can do a virtual FTP host server based on multiple IP;
3, anonymous service settings are very convenient;
4, the root directory of anonymous FTP does not require any special directory structure, or System programs or other system files;
5, do not execute any external procedures, thereby reducing the security risks;
6, support virtual users, and each virtual user can have a separate property configuration;
7, can be set to start from the inetd, or independent FTP server two modes of operation;
8. Support multiple authentication methods
9, support bandwidth limit;
This article describes the virtual user authentication based on MySQL reality vsftp through the PAM.D module.
Installation Environment
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/E6/wKioL1YJ-WiBi0XbAAA8glU5O6I936.jpg "title=" 1.png " alt= "Wkiol1yj-wibi0xbaaa8glu5o6i936.jpg"/>
Install, configure VSFTP First
[email protected] ~]# yum install-y vsftpd[[email protected] ~]# rpm-ql vsftpd/etc/logrotate.d/vsftpd #vsftp日志轮询/etc/pa M.D/VSFTPD #pam. D vsftpd/etc/rc.d/init.d/vsftpd #启动服务脚本/etc/vsftpd/etc/vsftpd/ftpusers #用户控制文件/etc/vsftpd/user_ List #用户控制文件/etc/vsftpd/vsftpd.conf #配置文件/etc/vsftpd/vsftpd_conf_migrate.sh/usr/sbin/vsftpd/usr/share/doc/ vsftpd-2.2.2# #此处省略帮助文件 ##/usr/share/doc/vsftpd-2.2.2/tuning/usr/share/doc/vsftpd-2.2.2/vsftpd.xinetd/usr/share/ Man/man5/vsftpd.conf.5.gz/usr/share/man/man8/vsftpd.8.gz/var/ftp/var/ftp/pub #匿名用户共享文件目录
View default profile enablement options
[email protected] vsftpd]# cat vsftpd.conf |grep-v "^#" Anonymous_enable=yes #允许匿名用户local_enable =yes #允许本地用户write_ Enable=yes #允许本地用户可写local_umask =022 #本地创建文件的umaskdirmessage_enable =yes #创建目录时消息提示xferlog_enable =yes connect_from_ Port_20=yes xferlog_std_format=yeslisten=yes #监听端口pam_service_name =vsftpd #pam模块userlist_enable =yes #用户控制tcp_ Wrappers=yes
Some other important options
Anonymous_enable=yes Start anonymous User
Anon_upload_enable=yes allow anonymous users to upload files
Anon_mkdir_write_enable=yes allow anonymous users to create directories
Anon_other_write_enable=yes Allow anonymous users other permissions, such as delete, rename files
Chown_uploads=yes #是否改变属主
Chown_username=user #上传文件修改成属主
chroot_local_user={yes| No} #限制本地用户禁锢其在家目录中
chroot_list_enable={yes| No} #限制chroot_list列表中用户禁锢其在家目录中
Chroot_list=/etc/vsftp/chroot_list #用于指定用户列表文件, this file controls which users can switch to the parent directory of the user's home directory
Xferlog_file=/var/log/vsftp.log # Configuring the Log directory
Ftpd_banner=welcome to blah FTP service. #登录提示信息
Banned_file=/etc/vsftpd/banned_file
Ls_recurse_enable=yes #用户是否能够使用ls命令
Connection limits
Max_clients Maximum number of concurrent links
MAX_PER_IP maximum number of concurrent per IP
Throttling rate
Anon_max_rate
Local_max_rate
Uploading Files Umask
Anon_umask 022
Local_umask 022
Virtual user Settings
guest_enable= yes/no #启用虚拟用户. The default value is No.
Guest_username=ftp #这里用来映射虚拟用户. The default value is FTP
User_config_dir=/etc/vsftpd/vusers_config #为虚拟用户提供配置文件
The following options are enabled within the configuration file
Ls_recurse_enable=yes
Add a test user
Ls_recurse_enable=yes[[email protected] ~]# useradd-s/sbin/nologin test #添加测试用户 [[email protected] ~]# password Test[[em AIL protected] ~]# touch/home/test/abc.txt #下创建个测试文件 [[email protected] ~] #service vsftpd start[[email protected] ~]# lftp [Email protected]lftp [email protected]:/> ls-rw-r--r--1 0 0 0 Sep 01:44 abc.txt#test Account is available.
Install the Msyql-devel package, Pam_mysql package on-premises
[email protected] vsftpd]# Yum install-y mysql-devel pam_mysql
Authorize vsftp on 192.168.0.55mysql
mariadb [(None)]> create database vsftpd; mariadb [(None)]> grant all on vsftpd.* to [email protected] identified by ' www.magedu.com '; mariadb [(None)]> flush privileges; mariadb [(None)]> use vsftpd; mariadb [vsftpd]> create table users ( id int AUTO_INCREMENT Not null, name char ( binary not null,password char) binary Not null, primary key (ID) ); Mariadb [vsftpd]> insert into users (Name,password) values (' Tom ', password (' magedu ') ); Mariadb [vsftpd]> insert into users (Name,password) values (' Test ', password (' magedu ') )); mariadb [vsftpd]> show tables;+------------------+| tables_in_vsftpd |+----------- -------+| users |+------------------+1 row in set (0.03 sec)
Go back to the VSFTPD host to see if it can be linked to MySQL
[Email protected] vsftpd]# mysql-uvsftpd-h192.168.0.55-penter password:mysql> use vsftpd;mysql> select * from u sers;+----+---------+-------------------------------------------+| ID | name | Password |+----+---------+-------------------------------------------+| 1 | Tom | *6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 | | 2 | Test | *6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 |+----+---------+-------------------------------------------+4 rows in Set (0.01 sec)
is OK
Vi/etc/pam.d/vsftpd.mysql #添加如下两行
Auth required/lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=192.168.0.55 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2
Account required/lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=192.168.0.55 db=vsftpd table= Users Usercolumn=name Passwdcolumn=password crypt=2
Compile the configuration file again/etc/vsftpd/vsftpd.conf
Make sure the following option is OK
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
Chroot_local_user=yes
Pam_service_name=vsftpd.mysql
Vi/etc/vsftpd/vusers_config/tom
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
To the test home directory authorization, some virtual users will go to the test home directory to read and write, so give the test home directory read and write permissions.
[email protected] vsftpd]# chmod 777 /home/test/[[email protected] vsftpd]# cd /etc/[[email protected] etc]# lftp [email protected] # Tom is not a local user, it is a virtual user created in MySQL password: lftp [email protected]:/> ls-rw-r--r-- 1 0 0 0 sep 29 01:44 abc.txtlftp [ email protected]:~> put issue 47 bytes transferred lftp [email protected]:/> ls-rw-r--r-- 1 0 0 0 sep 29 01:44 ABC.TXT-RW------- 1 500 500 47 Sep 29 02:31 issue[[email protected] etc]# cd /home/test/[[email protected] test]# lltotal 4-rw-r--r-- 1 root root 0 sep 29 09:44 ABC.TXT-RW------- 1 test test 47 sep 29 10:31 issue # Tom User executes a put with test identity
VSFTP user authentication with MySQL