Vsftpd + mysql virtual user practices in DebianLinux VSFTPdebian
Today, I had nothing to do with ftp. The reason is very simple: to put the good stuff that can be seen elsewhere on my machine, hey! It is not easy to select an ftp server in linux. after a bit of thinking, I chose vsftpd, the reason is that it is known as the safest ftp server in linux, and there are still many large websites that use it as a server (this makes it easy to use :)).
In order to prevent others from peeking at my password and logging on to my machine, I hate the fact that there are so many users in the system (like displaying my own hands ), so I decided to use a Virtual User. because Mysql is installed on the machine, I wanted to put the virtual user data in mysql. well, let's get started here. Next, let's get started!
Step 1:
Install vsftpd
Apt-get install vsftpd (Debian is awesome !)
The system automatically generates a configuration file and an ftp user for anonymous users. vsftpd uses pam to verify virtual users because their information is stored in the database, therefore, we also need a local user who can read the database content and set its local directory:
# Mkdir/var/ftp
# Useradd-d ftpguest/var/ftp
# Chown ftpguest. nogroup/var/ftp
Step 2: install mysql
Apt-get install mysql-server mysql-clent
Create a database and add users
# Mysql-p mysql> create ftpu;
Mysql> use ftpu;
Mysql> create table user (name char (20) binary, passwd char (20) binary );
Mysql> insert into user (name, passwd) values ('test1', password ('123 '));
Mysql> insert into user (name, passwd) values ('test2', password ('123 '));
Mysql> quit
Enable ftpguest to access ftpu and table user:
# Mysql-u root mysql-p mysql> grant select on ftpu. user to ftpguest @ localhost identified by '123 ';
Mysql> quit
Step 3: because vsftpd is verified by PAM, we also need a mysql package verified by PAM, which is called libpam-mysql in Debian.
Apt-get install libpam-mysql
Enable pam verification for vsftpd:
# Vi/etc/pam. d/vsftpd
Comment out the previous content and add the following content:
Auth required pam_mysql.so user = ftpguest passwd = 123456 host = localhost db = ftpu table = user usercolumn = name passwdcolumn = passwd crypt = 2
Account required pam_mysql.so user = ftpguest passwd = 123456 host = localhost db = ftpu table = user usercolumn = name passwdcolumn = passwd crypt = 2
The above content should be clear. The crypt = 2 indicates something that has passed through the mysql password () secret!
Step 4: modify the vsftpd. conf file
# Vi/etc/vsftpd. conf
Join:
Uest_enable = yes
Guest_username = ftpguest
# Indicates that ftpguest is a virtual user of vsftp.
Virtual_use_local_privs = yes
# The Virtual user has the same permissions as the local user
Write_enable = yes
Anon_upload_enable = yes
Anon_other_write_enable = yes
# Allow virtual users to upload, modify, and delete files
Chroot_local_user = yes
# Virtual users can only access their own directories
Anonymous_enable = no
Local_enable = yes
# Disable anonymous user access and enable local user access
Step 5:
The fourth step has already been completed, but I thought about it later. no, if every upload is different, how can I manage the Directory in a mess, can I create a directory for each virtual user? for example, place the files uploaded by music users in ~ /Music, put the file uploaded by the doc user in ~ /What about doc?
Yes! Of course. how can I do this?
First, add two virtual users, music and doc, to the database:
# Mkdir/etc/vsftpd_user_conf
# Cd/etc/vsftpd_user_conf
# Touch music
# Echo "local_root =/home/username/music"> music
# Touch doc
# Echo "local_root =/home/username/doc"> doc
# Mkdir/home/username/music
# Chown ftpguest. nogroup/home/username/music
# Chmod 600/home/username/music
# Chown ftpguest. nogroup/home/username/doc
# Chmod 600/home/username/doc
Add user_config_dir =/etc/vsftpd_user_conf to vsftpd. conf.
All done. do you understand?
References:
Http://www.gbunix.com/article/article.php/427
Http://dev.csdn.net/article/33/33451.shtm