VSFTPD Virtual user authentication based on MySQL

Source: Internet
Author: User
Tags crypt mkdir server hosting

Virtual User:

where is the user account stored?

files, MySQL,Redis, ...

VSFTPD 's authentication function is hosted to Pam:

Pluggable authencate Module, certification framework, certification Library;

complete the authentication function through the module:/usr/lib64/security/

Pam_mysql module:

Download pam_mysql 's source package official download http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

(1) prepare to compile the installation environment

[[Email protected] ~] #yum –y groupinstall "Development Tools"

[[Email protected] ~] #wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

[Email protected] ~]# Tar XF pam_mysql-0.7rc1.tar.gz

[Email protected] ~]# CD pam_mysql-0.7rc1/

[Email protected] ~]#/configure--with-pam=/usr--with-mysql=/usr--with-pam-mods-dir=/usr/lib64/security

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504467309494.png "title= "1476504467309494.png" alt= "1.png"/>

If this error occurs during compilation, the Mysql-devel development package needs to be installed

[Email protected] pam_mysql-0.7rc1]# yum-y install Mysql-devel

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504543117575.png "title= "1476504543117575.png" alt= "2.png"/>


You will also need to install Pam-devel 's development package if you encounter this error

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504666672754.png "title= "1476504666672754.png" alt= "3.png"/>

[Email protected] pam_mysql-0.7rc1]# yum-y pam-devel

The config file is completed by this check environment and only the make and make install is required.

[[email protected] pam_mysql-0.7rc1]# make

[[email protected] pam_mysql-0.7rc1]# make install

View files in the/usr/lib64/security directory after the compilation installation is complete

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504755780358.png "title= "1476504755780358.png" alt= "4.png"/>


Prepare the database:

VSFTPD based on virtual user authentication is operated on the CentOS7 host

Installing the Database

[Email protected] ~]# yum-y install Mariadb-server

Next , you can start the MySQL service

[[Email protected] ~] #systemctl start mariadb

[[Email protected]~] #ss –tnl //Type this command to see if the 3306 port is listening

after that, we need to put the virtual user authentication user and password into the database, so we need to create a data and the corresponding table for VSFTPD, the following

Create a database

mysql> CREATE DATABASE vsftpd;

use the newly created database, and then use this database to create the table users

Mysql>use vsftpd;

Mysql> CREATE TABLE vsftpd.users (id INT not NULL auto_increment PRIMARY KEY, name CHAR (+) NOT null UNIQUE Key,passwor D CHAR (48));

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504825879861.png "title= "1476504825879861.png" alt= "5.png"/>

creating data on the users table

Mysql>insert into Users (Name,password) VALUES (' Tom ', password (' Redhat ')), (' Jerry ', password (' Redhat '));

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504866201401.png "title= "1476504866201401.png" alt= "6.png"/>

authorizing remote users to log in to MySQL

Mysql> GRANT all on vsftpd.* to ' vsftpd ' @ ' localhost ' identified by ' mageedu ';

Mysql> GRANT all on vsftpd.* to ' vsftpd ' @ ' 127.0.0.1 ' identified by ' mageedu ';

mysql> FLUSH privileges; refresh the authorization to make it effective

the need for localhost and 127.0.0.1 Two host authorization is due to the database sometimes in the direction of parsing when the IP address is not resolved so that users cannot log in, so two hosts need to be authorized


650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504932740708.png "title= "1476504932740708.png" alt= "7.png"/>

VSFTPD configuration files that are authenticated by Pam_mysql enable Pam to use the Pam-mysql module to connect to the database to get the user name and password in the database. So need to edit:/etc/pam.d/vsftpd.mysql file, file content as follows

Auth required/usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

Account required/usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

User: the username that connects to the MySQL server, this user should have access to the authentication vsftpd service database;

passwd: The password of the user above;

Host:mysql server hosting address;

DB: The database name of the authentication vsftpd service;

table: The user and password tables are stored;

Usercolumn: The field that corresponds to the user name;

Passwdcolumn: The field that corresponds to the password;

Crypt: Password encryption method;

To prepare anonymous user mappings for the System user account:

# Mkdir/ftproot

# useradd-d/ftproot vuser// Create user VUser and set the user's home directory to /ftproot

# mkdir/ftproot/{pub,upload}// Create a common directory and a directory to upload files at the root of the virtual user

# setfacl-m U:vuser:rwx/ftproot/upload// Add access control lists to virtual users and use the ability to upload files

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504986521461.png "title= "1476504986521461.png" alt= "8.png"/>

configuration vsftpd:vsftpd.conf

Pam_service_name=vsftpd.mysql

Guest_enable=yes

Guest_username=vuser

Configure each anonymous user to have separate permission settings

Vsftpd.conf, add:

User_config_dir=/etc/vsftpd/users_conf


To Create a directory:

# mkdir/etc/vsftpd/vusers_conf

to provide a profile for each user:

/etc/vsftpd/vusers_conf/{tom,jerry}

instructions for configuring permissions:

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

Test:

Log in to FTP for upload file test on another host

Lftp-u tom,mageedu 10.1.48.11


650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476505090710164.png "title= "1476505090710164.png" alt= "9.png"/>


650) this.width=650; "Src=" http://www.178linux.com/wp-content/plugins/ueditor/ueditor/themes/default/images/ Spacer.gif "alt=" Spacer.gif "width=" 554 "border=" 0 "height="/>



This article is from the "Operation and maintenance Career" blog, please make sure to keep this source http://fszxxxks.blog.51cto.com/10122713/1862144

VSFTPD Virtual user authentication based on MySQL

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.