VSFTPD configuration of virtual users based on Pam_mysql authentication and hash coding

The basic introduction of what you search for yourself. Start with the installation configuration directly below.

Environment: CENTOS6

First, installation

Yum-y Install VSFTPD

It can be started directly after the installation is complete. Service VSFTPD Start

Second, the configuration

Use the Pam_mysql or Db_load authentication method:

A) Use Db_load to set up virtual users

1. Create two directories under/etc/vsftpd/

mkdir/etc/vsftpd/vuser_dir# Subsequent storage of the virtual user's configuration file

mkdir/etc/vsftpd/vuser_db# Storing authentication files for virtual users

2. Generate Database files

Cd/etc/vsftpd/vuser_db/vim login_vuser username# Line user name, password password username password

Db_load-t-t-f/etc/vsftpd/vuser_db/login_vuser/etc/vsftpd/vuser_db/vuser.db #生成虚拟用户的数据库文件

3. Change the PAM authentication module

Cd/etc/pam.d/vim Vsftpd.vuser authrequired/lib64/security/pam_userdb.sodb=/etc/vsftpd/vuser_db/vuser# Here take care not to add. D b suffix account required/lib64/security/pam_userdb.so db=/etc/vsftpd/vuser_db/vuser

4. Change the VSFTPD configuration file

    vim /etc/vsftpd/vsftpd.conf         anonymous_enable=yes# Open Anonymous user access     local_enable=yes# local user access     write_ enable=yes# User's Write permission     local_umask=022    ############################## ########################    dirmessage_enable=yes    xferlog_enable= yes    connect_from_port_20=yes    xferlog_std_format=yes     ######################################################    listen=YES     user_config_dir=/etc/vsftpd/vuser_dir    pam_service_name=/etc/pam.d/ vsftpd.vuser    userlist_enable=no    tcp_wrappers=yes     chroot_list_enable=yes# does not allow users to switch home directories     ######################################### #############     guest_enable=yes# Open Anonymous User     guest_username=vuser    ########## ############################################    chown_uploads=yes# whether the uploaded files are allowed to change the owner      chown_username=root# Change to which owner

5. Create the corresponding configuration file for the virtual user

cd/etc/vsftpd/vuser_dir/#创建两个虚拟用户的配置文件 vim test anon_upload_enable=yes download_enable=yes Anon_other_writ E_enable=no Anon_mkdir_write_enable=no local_root=/some/to/path/################################################ ###### Vim admin anon_upload_enable=yes download_enable=yes anon_other_write_enable=yes anon_mkdir_write_en Able=yes Anon_world_readable_only=no local_root=/some/to/path/

6. Restart VSFTPD Test Login

Service vsftpd Restart Lftp-u Username,password host #测试

b) Use Pam_mysql to authenticate users

1. Create a directory store virtual user profile

Mkdir/etc/vsftpd/vuser_dir

2. Install Mysql-server mysql-devel openssl-devel pam_mysql Software

Yum-y Install mysql-server mysql-devel openssl-devel pam_mysql #epel源里有pam_mysql模块

3. Log in to MySQL to create VSFTPD library files, etc.

    mysql -uroot -p password         create database vsftpd    grant all on vsftpd.* to   ' vsftpd ' @ ' localhost '  identified by  ' vsftpd ';    grant all  on vsftpd.* to  ' vsftpd ' @ ' 127.0.0.1 '  identified by  ' vsftpd ';         use vsftpd;    CREATE TABLE  ' users '   (' ID '  int ( unsigned not null auto_increment), ' name '  varchar ( NOT NULL) , ' Password '  char ( NOT NULL,PRIMARY KEY  (' id '));     insert  INTO users  (Name,password)  VALUES  (' username ', ' password '), (' username ', ' password ');     flush privileges;        mysql - uusername -ppassword  #测试Whether the user created above is valid 

4. Create a MySQL Authentication file

Vim vsftpd.mysql auth required/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd tabl E=users usercolumn=name passwdcolumn=password cypt=0 account required/lib64/security/pam_mysql.so user=vsftpd passwd= VSFTPD host=localhost db=vsftpd table=users usercolumn=name Passwdcolumn=password cypt=0

5. Modify the VSFTPD configuration file

    vim /etc/vsftpd/vsftpd.conf         anonymous_enable=yes# Open Anonymous user access     local_enable=yes# local user access     write_ enable=yes# User's Write permission     local_umask=022    ############################## ########################    dirmessage_enable=yes    xferlog_enable= yes    connect_from_port_20=yes    xferlog_std_format=yes     ######################################################    listen=YES     user_config_dir=/etc/vsftpd/vuser_dir    pam_service_name=/etc/pam.d/ vsftpd.mysql       #这里与上面的hash认证是有区别的     userlist_enable=no     tcp_wrappers=yes    chroot_list_enable=yes# does not allow users to switch home directories      ######################################################     guest_enable=yes# Open Anonymous Users      guest_username=vuser    ######################################################     chown_uploads=yes# whether the uploaded file is allowed to change the master     chown_username=root# change to which owner

6. Create the corresponding file for the virtual user

cd/etc/vsftpd/vuser_dir/#创建两个虚拟用户的配置文件 vim test anon_upload_enable=yes download_enable=yes Anon_other_writ E_enable=no Anon_mkdir_write_enable=no local_root=/some/to/path/################################################ ###### Vim admin anon_upload_enable=yes download_enable=yes anon_other_write_enable=yes anon_mkdir_write_en Able=yes Anon_world_readable_only=no local_root=/some/to/path/

7. Restart VSFTPD Test Login

Service vsftpd Restart Lftp-u Username,password host #测试

All configurations for user rights can be configured individually under the path of the included virtual user profile.

If the configuration is not logged in, you can view the security authentication log.

This article is from the "Soul" blog, make sure to keep this source http://chenpipi.blog.51cto.com/8563610/1566803

VSFTPD configuration of virtual users based on Pam_mysql authentication and hash coding