VSFTPD Virtual user authentication configuration (vsftpd+pam+mysql)

First, prepare the required package

Mysql

Pam_mysql

Vsftpd

Second, start the installation

[[email protected] ~]# yum-y install mysql-server mysql-devel vsftpd pam_mysql//Note: Pam_mysql is provided by the Epel source, the Epel source needs to be set by itself

Third, create a virtual user account

1. Create database and store user's table

[[Email protected] ~]# service mysqld start//start MySQL services [[email protected] ~]# mysqlmysql> CREATE DATABASE vsftpd; Create a database named VSFTPD query OK, 1 row Affected (0.00 sec) mysql> use VSFTPD//Toggle the current database to Vsftpddatabase changedmysql> Crea Te table users (id int UNSIGNED auto_increment NOT null PRIMARY key,name VARCHAR (a) not Null,password CHAR ($) not null); Q Uery OK, 0 rows affected (0.02 sec)//Create the Users table and set up a corresponding field to hold the virtual user name and password mysql>

2, create a database user to the VSFTPD service authentication virtual user when the connection Access data use

Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' Redhat '; Query OK, 0 rows Affected (0.00 sec)//Create a user named Vsftpd, and give it View permissions for all tables VSFTPD data, the IP address above is the specified address from which to access the MySQL database mysql> Flush privileges; Query OK, 0 rows Affected (0.00 sec)

3. Add a virtual user account and password to the table

mysql> INSERT into users (Name,password) VALUES (' Tom ', ' Redhat '), (' Jerry ', ' Redhat '); Query OK, 2 rows Affected (0.00 sec)//Insert two rows of data into the users table, corresponding to two user names and passwords records:2 duplicates:0 warnings:0

Note: Here is the use of plaintext stored passwords, it is recommended to use encrypted storage, such as the password () function, using the following methods:

mysql> INSERT into users (Name,password) VALUES (' Tom ', password (' Redhat ')), (' Jerry ', PASSOWRD (' Redhat '));

Third, configuration vsftpd

1, the establishment of PAM certification required documents

[[email protected] ~]# vim /etc/pam.d/ vsftpd.mysqlauth required /lib/security/pam_mysql.so user=vsftpd passwd=redat host= 172.16.20.242 db=vsftpd table=uesrs usercolumn=name passwdcolumn=password crypto= 0account required /lib/security/pam_mysql.so user=vsftpd passwd=redhat host= 172.16.20.242 db=vsftpd table=users usercolumn=name passwdcolumn=password crypto=0//  /lib/security/pam_mysql.so Specifies that the pam_mysql.so is used for authentication// user=vsftpd  the specified database user name// passwd=redhat   Specify database user password// host=172.16.20.242  specify which host address to use for database connection// db=vsftpd  Specify the database name// table= users  Specifies the table that stores the virtual user name and password// usercolumn=name  specifies the field where the user name is stored// passwdcolumn=password  Specifies the field where the virtual user password is stored// crypto=0  specifies how the virtual user password is encrypted, 0 means no encryption, 1 is encrypted with the crypt function, 2 is encrypted with the password () function, and 3 is used for MD5 encryption. 4 means to encrypt 
 using SHA1 method

2. Modify the configuration of the vsftpd to make it suitable for MySQL authentication

[[email protected] ~]# useradd -s /sbin/nologin  -d /var/ftproot vuser[[email protected] ~]# chmod go+rx /var/ftproot/ /  Create a Virtual user mapping system user to access the FTP service, because its home directory is the access directory of the FPT service, so to give their home directory other users can access the permissions [[email protected] ~]#  vim /etc/vsftpd/vsftpd.confanonymous_enable=yes   //  allows anonymous users to access because the essence of a virtual user is an anonymous user Local_ enable=yes   //  allows local users to access because virtual users need to be mapped to local users write_enable=yes   //  Turn on Write permission to access directory, open anon_upload_enable=no   //  on demand, disable anonymous user uploads, configure Anon_mkdir_write_enable=no as required    //  prevents virtual users from creating and deleting directories, configuring chroot_local_user=yes   //  to prevent users from switching directories as required Guest_ enable=yes   //  turn on the virtual user function guest_username=vuser    //  The configuration file that sets the mapping of the virtual user for the local user to vuserpam_service_name=vsftpd.mysql    // pam defaults to VSFTPD, because the above changes, This needs to be modified to the file we configured 

Iv. start the VSFTPD service and test the configuration effect

[[Email protected] ~]# service VSFTPD start

Using CMD access to Windows

V. Configuring access rights for virtual users

VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access, the profile name of each virtual user and the user name of the virtual user, and the profile directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure VSFTPD to use the profile directory for virtual users

[[email protected] ~]# vim/etc/vsftpd/vsftpd.confuser_config_dir=/etc/vsftpd/vusers_config//Set the directory where the virtual user profile resides

2. Create the appropriate directory and create the configuration file

[[email protected] ~]# Mkdir/etc/vsftpd/vusers_config[[email protected] ~]# touch Tom Jerry

3. Configure access rights for virtual users

The virtual user's access to the VSFTPD service is done through the instructions of the anonymous user. For example, if you need to let Tom users have permission to upload files, and so on, you can modify the/etc/vsftpd/vusers_config/tom file, add the following options.

It is important to note that before the/etc/vsftpd/ Permissions in vsftpd.conf that are related to anonymous users need to be shut down, avoid conflicts, and if permissions are configured in vsftpd.conf and not configured in the virtual user's profile, the permissions in Vsftpd.conf are inherited

If permissions are configured in vsftpd.conf and the configuration file for the virtual user is configured, the configuration in the virtual user's profile is inherited

[Email protected] ~]# Vim/etc/vsftpd/vusers_config/tomanon_upload_enable=yesanon_mkdir_write_enable={yes|no}anon _other_write_enable={yes|no}

Write the more scribbled, if there are missing errors and controversies, welcome everyone's criticism and discussion, thank you.

VSFTPD Virtual user authentication configuration (vsftpd+pam+mysql)