VSFTP user authentication with MySQL

VSFTP is an FTP server software used on Unix-like systems based on the GPL, and the creator's intention is to secure the code.

Characteristics

1, it is a safe, high-speed, stable FTP server;

2, it can do a virtual FTP host server based on multiple IP;

3, anonymous service settings are very convenient;

4, the root directory of anonymous FTP does not require any special directory structure, or System programs or other system files;

5, do not execute any external procedures, thereby reducing the security risks;

6, support virtual users, and each virtual user can have a separate property configuration;

7, can be set to start from the inetd, or independent FTP server two modes of operation;

8. Support multiple authentication methods

9, support bandwidth limit;

This article describes the virtual user authentication based on MySQL reality vsftp through the PAM.D module.

Installation Environment

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/73/E6/wKioL1YJ-WiBi0XbAAA8glU5O6I936.jpg "title=" 1.png " alt= "Wkiol1yj-wibi0xbaaa8glu5o6i936.jpg"/>

Install, configure VSFTP First

[email protected] ~]# yum install-y vsftpd[[email protected] ~]# rpm-ql vsftpd/etc/logrotate.d/vsftpd #vsftp日志轮询/etc/pa M.D/VSFTPD #pam. D vsftpd/etc/rc.d/init.d/vsftpd #启动服务脚本/etc/vsftpd/etc/vsftpd/ftpusers #用户控制文件/etc/vsftpd/user_ List #用户控制文件/etc/vsftpd/vsftpd.conf #配置文件/etc/vsftpd/vsftpd_conf_migrate.sh/usr/sbin/vsftpd/usr/share/doc/ vsftpd-2.2.2# #此处省略帮助文件 ##/usr/share/doc/vsftpd-2.2.2/tuning/usr/share/doc/vsftpd-2.2.2/vsftpd.xinetd/usr/share/ Man/man5/vsftpd.conf.5.gz/usr/share/man/man8/vsftpd.8.gz/var/ftp/var/ftp/pub #匿名用户共享文件目录

View default profile enablement options

[email protected] vsftpd]# cat vsftpd.conf |grep-v "^#" Anonymous_enable=yes #允许匿名用户local_enable =yes #允许本地用户write_ Enable=yes #允许本地用户可写local_umask =022 #本地创建文件的umaskdirmessage_enable =yes #创建目录时消息提示xferlog_enable =yes connect_from_ Port_20=yes xferlog_std_format=yeslisten=yes #监听端口pam_service_name =vsftpd #pam模块userlist_enable =yes #用户控制tcp_ Wrappers=yes

Some other important options

Anonymous_enable=yes Start anonymous User

Anon_upload_enable=yes allow anonymous users to upload files

Anon_mkdir_write_enable=yes allow anonymous users to create directories

Anon_other_write_enable=yes Allow anonymous users other permissions, such as delete, rename files

Chown_uploads=yes #是否改变属主

Chown_username=user #上传文件修改成属主

chroot_local_user={yes| No} #限制本地用户禁锢其在家目录中

chroot_list_enable={yes| No} #限制chroot_list列表中用户禁锢其在家目录中

Chroot_list=/etc/vsftp/chroot_list #用于指定用户列表文件, this file controls which users can switch to the parent directory of the user's home directory

Xferlog_file=/var/log/vsftp.log # Configuring the Log directory

Ftpd_banner=welcome to blah FTP service. #登录提示信息

Banned_file=/etc/vsftpd/banned_file

Ls_recurse_enable=yes #用户是否能够使用ls命令

Connection limits

Max_clients Maximum number of concurrent links

MAX_PER_IP maximum number of concurrent per IP

Throttling rate

Anon_max_rate

Local_max_rate

Uploading Files Umask

Anon_umask 022

Local_umask 022

Virtual user Settings

guest_enable= yes/no #启用虚拟用户. The default value is No.

Guest_username=ftp #这里用来映射虚拟用户. The default value is FTP

User_config_dir=/etc/vsftpd/vusers_config #为虚拟用户提供配置文件

The following options are enabled within the configuration file

Ls_recurse_enable=yes

Add a test user

Ls_recurse_enable=yes[[email protected] ~]# useradd-s/sbin/nologin test #添加测试用户 [[email protected] ~]# password Test[[em  AIL protected] ~]# touch/home/test/abc.txt #下创建个测试文件 [[email protected] ~] #service vsftpd start[[email protected] ~]# lftp [Email protected]lftp [email protected]:/> ls-rw-r--r--1 0 0 0 Sep 01:44 abc.txt#test Account is available.

Install the Msyql-devel package, Pam_mysql package on-premises

[email protected] vsftpd]# Yum install-y mysql-devel pam_mysql

Authorize vsftp on 192.168.0.55mysql

mariadb [(None)]> create database vsftpd; mariadb [(None)]> grant all on vsftpd.* to [email protected]  identified by  ' www.magedu.com '; mariadb [(None)]> flush privileges; mariadb [(None)]> use vsftpd; mariadb [vsftpd]> create table users  ( id int AUTO_INCREMENT  Not null, name char ( binary not null,password char)  binary  Not null, primary key (ID)  ); Mariadb [vsftpd]> insert into users (Name,password)  values (' Tom ', password (' magedu ') ); Mariadb [vsftpd]> insert into users (Name,password)  values (' Test ', password (' magedu ') )); mariadb [vsftpd]> show tables;+------------------+| tables_in_vsftpd |+----------- -------+| users            |+------------------+1 row in set  (0.03 sec) 

Go back to the VSFTPD host to see if it can be linked to MySQL

[Email protected] vsftpd]# mysql-uvsftpd-h192.168.0.55-penter password:mysql> use vsftpd;mysql> select * from u sers;+----+---------+-------------------------------------------+| ID | name |  Password |+----+---------+-------------------------------------------+| 1 | Tom |  *6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 | | 2 | Test | *6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 |+----+---------+-------------------------------------------+4 rows in Set (0.01 sec)

is OK

Vi/etc/pam.d/vsftpd.mysql #添加如下两行

Auth required/lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=192.168.0.55 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

Account required/lib64/security/pam_mysql.so user=vsftpd passwd=www.magedu.com host=192.168.0.55 db=vsftpd table= Users Usercolumn=name Passwdcolumn=password crypt=2

Compile the configuration file again/etc/vsftpd/vsftpd.conf

Make sure the following option is OK

Anonymous_enable=no

Local_enable=yes

Write_enable=yes

Chroot_local_user=yes

Pam_service_name=vsftpd.mysql

Vi/etc/vsftpd/vusers_config/tom

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

To the test home directory authorization, some virtual users will go to the test home directory to read and write, so give the test home directory read and write permissions.

[email protected] vsftpd]# chmod 777 /home/test/[[email protected] vsftpd]#  cd /etc/[[email protected] etc]# lftp [email protected]  # Tom is not a local user, it is a virtual user created in MySQL password: lftp [email protected]:/> ls-rw-r--r--     1 0        0                0 sep 29 01:44 abc.txtlftp [ email protected]:~> put issue   47 bytes transferred                       lftp [email protected]:/> ls-rw-r--r--    1 0         0                0 sep 29 01:44 ABC.TXT-RW-------    1 500      500             47 Sep 29 02:31  issue[[email protected] etc]# cd /home/test/[[email protected] test]#  lltotal 4-rw-r--r-- 1 root root  0 sep 29 09:44  ABC.TXT-RW------- 1 test test 47 sep 29 10:31 issue # Tom User executes a put with test identity

VSFTP user authentication with MySQL