VSFTPD Virtual user authentication based on MySQL

Virtual User:

where is the user account stored?

files, MySQL,Redis, ...

VSFTPD 's authentication function is hosted to Pam:

Pluggable authencate Module, certification framework, certification Library;

complete the authentication function through the module:/usr/lib64/security/

Pam_mysql module:

Download pam_mysql 's source package official download http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

(1) prepare to compile the installation environment

[[Email protected] ~] #yum –y groupinstall "Development Tools"

[[Email protected] ~] #wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

[Email protected] ~]# Tar XF pam_mysql-0.7rc1.tar.gz

[Email protected] ~]# CD pam_mysql-0.7rc1/

[Email protected] ~]#/configure--with-pam=/usr--with-mysql=/usr--with-pam-mods-dir=/usr/lib64/security

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504467309494.png "title= "1476504467309494.png" alt= "1.png"/>

If this error occurs during compilation, the Mysql-devel development package needs to be installed

[Email protected] pam_mysql-0.7rc1]# yum-y install Mysql-devel

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504543117575.png "title= "1476504543117575.png" alt= "2.png"/>

You will also need to install Pam-devel 's development package if you encounter this error

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504666672754.png "title= "1476504666672754.png" alt= "3.png"/>

[Email protected] pam_mysql-0.7rc1]# yum-y pam-devel

The config file is completed by this check environment and only the make and make install is required.

[[email protected] pam_mysql-0.7rc1]# make

[[email protected] pam_mysql-0.7rc1]# make install

View files in the/usr/lib64/security directory after the compilation installation is complete

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504755780358.png "title= "1476504755780358.png" alt= "4.png"/>

Prepare the database:

VSFTPD based on virtual user authentication is operated on the CentOS7 host

Installing the Database

[Email protected] ~]# yum-y install Mariadb-server

Next , you can start the MySQL service

[[Email protected] ~] #systemctl start mariadb

[[Email protected]~] #ss –tnl //Type this command to see if the 3306 port is listening

after that, we need to put the virtual user authentication user and password into the database, so we need to create a data and the corresponding table for VSFTPD, the following

Create a database

mysql> CREATE DATABASE vsftpd;

use the newly created database, and then use this database to create the table users

Mysql>use vsftpd;

Mysql> CREATE TABLE vsftpd.users (id INT not NULL auto_increment PRIMARY KEY, name CHAR (+) NOT null UNIQUE Key,passwor D CHAR (48));

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504825879861.png "title= "1476504825879861.png" alt= "5.png"/>

creating data on the users table

Mysql>insert into Users (Name,password) VALUES (' Tom ', password (' Redhat ')), (' Jerry ', password (' Redhat '));

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504866201401.png "title= "1476504866201401.png" alt= "6.png"/>

authorizing remote users to log in to MySQL

Mysql> GRANT all on vsftpd.* to ' vsftpd ' @ ' localhost ' identified by ' mageedu ';

Mysql> GRANT all on vsftpd.* to ' vsftpd ' @ ' 127.0.0.1 ' identified by ' mageedu ';

mysql> FLUSH privileges; refresh the authorization to make it effective

the need for localhost and 127.0.0.1 Two host authorization is due to the database sometimes in the direction of parsing when the IP address is not resolved so that users cannot log in, so two hosts need to be authorized

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504932740708.png "title= "1476504932740708.png" alt= "7.png"/>

VSFTPD configuration files that are authenticated by Pam_mysql enable Pam to use the Pam-mysql module to connect to the database to get the user name and password in the database. So need to edit:/etc/pam.d/vsftpd.mysql file, file content as follows

Auth required/usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

Account required/usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

User: the username that connects to the MySQL server, this user should have access to the authentication vsftpd service database;

passwd: The password of the user above;

Host:mysql server hosting address;

DB: The database name of the authentication vsftpd service;

table: The user and password tables are stored;

Usercolumn: The field that corresponds to the user name;

Passwdcolumn: The field that corresponds to the password;

Crypt: Password encryption method;

To prepare anonymous user mappings for the System user account:

# Mkdir/ftproot

# useradd-d/ftproot vuser// Create user VUser and set the user's home directory to /ftproot

# mkdir/ftproot/{pub,upload}// Create a common directory and a directory to upload files at the root of the virtual user

# setfacl-m U:vuser:rwx/ftproot/upload// Add access control lists to virtual users and use the ability to upload files

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476504986521461.png "title= "1476504986521461.png" alt= "8.png"/>

configuration vsftpd:vsftpd.conf

Pam_service_name=vsftpd.mysql

Guest_enable=yes

Guest_username=vuser

Configure each anonymous user to have separate permission settings

Vsftpd.conf, add:

User_config_dir=/etc/vsftpd/users_conf

To Create a directory:

# mkdir/etc/vsftpd/vusers_conf

to provide a profile for each user:

/etc/vsftpd/vusers_conf/{tom,jerry}

instructions for configuring permissions:

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

Test:

Log in to FTP for upload file test on another host

Lftp-u tom,mageedu 10.1.48.11

650) this.width=650; "src=" Http://www.178linux.com/ueditor/php/upload/image/20161015/1476505090710164.png "title= "1476505090710164.png" alt= "9.png"/>

650) this.width=650; "Src=" http://www.178linux.com/wp-content/plugins/ueditor/ueditor/themes/default/images/ Spacer.gif "alt=" Spacer.gif "width=" 554 "border=" 0 "height="/>

This article is from the "Operation and maintenance Career" blog, please make sure to keep this source http://fszxxxks.blog.51cto.com/10122713/1862144

VSFTPD Virtual user authentication based on MySQL