1. Install MySQL database and development environment
# yum-y Install Mysql-server Mysql-devel
2, Installation Pam_mysql-0.7rc1
# Tar XF pam_mysql-0.7rc1.tar.gz
# CD PAM_MYSQL-0.7RC1
#./configure--with-mysql=/usr--with-openssl
# make
# make Install
# start MySQL
# service Mysqld Start
3. Create databases, tables, and virtual users
Mysqladmin-uroot password ' redhat '
Mysql-uroot-p
mysql> CREATE DATABASE vsftpd;
mysql> use VSFTPD;
Mysql> CREATE table users (ID smallint auto_increment NOT NULL, name char (a) binary NOT null, password char Binar Y not NULL, PRIMARY key (ID));
mysql> desc users;
mysql> INSERT into Users (Name,password) value (' Tom ', password (' Redhat ')), (' Jerry ', password (' Redhat '));
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
Mysql> Grant Select on vsftpd.* to [e-mail protected] identified by ' vsftpd ';
Mysql> select * from users;
mysql> flush Privileges;
4, Installation vsftpd
# Yum Install vsftpd lftp FTP
5. Configure the required files for PAM Certification
# Vim/etc/pam.d/vsftpd.mysql
Auth required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=2
Account required/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn= Name Passwdcolumn=password crypt=2
# Note: Pam_mysql-0.7rc1 source directory of the Readme has introduced several mechanisms of crypt
6, the establishment of virtual user mapping system users and corresponding directory
# useradd-s/sbin/nologin-d/data/ftproot VUser
# chmod go+rx/data/ftproot/
7, Configuration vsftpd
# vim/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Chroot_local_user=yes
Pam_service_name=vsftpd.mysql # Make sure the file name is correct
Guest_enable=yes
Guest_username=vuser
8. Start VSFTPD
# service VSFTPD Start
# Chkconfig VSFTPD on
9. Test VSFTPD
# ftp localhost
Trying:: 1 ...
Ftp:connect to Address:: 1Connection refused
Trying 127.0.0.1 ...
Connected to localhost (127.0.0.1).
(VsFTPd 2.2.2)
Name (localhost:root): Tom
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
Ftp> lcd/tmp
Ftp> Get Issue
Ftp> put Inittab
Local:inittab Remote:inittab
227 Entering Passive Mode (127,0,0,1,27,53).
550 Permission denied.
Ftp> bye
10. Configure virtual users to have different access rights
VSFTPD can provide each user with a separate profile in the profile directory to define their FTP service access rights, with each virtual user's profile name and the virtual user's user name. The configuration file directory can be any unused directory, just specify its path and name in vsftpd.conf.
# Configure the configuration file directory used by VSFTPD virtual users
# vim/etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/vuser/
# Create the desired directory and configuration file
# mkdir/etc/vsftpd/vuser/
# cd/etc/vsftpd/vuser/
# Touch Tom Jerry
# Configure the corresponding virtual user permissions
# VIM Tom
Anon_upload_enable=no
# vim Jerry
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
# Restart VSFTPD
# Service VSFTPD Restart
# test VSFTPD
# FTP localhost
Trying:: 1 ...
Ftp:connect to Address:: 1Connection refused
Trying 127.0.0.1 ...
Connected to localhost (127.0.0.1).
(VsFTPd 2.2.2)
Name (localhost:root): Jerry
331 Specify the password.
Password:
Successful Login.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> put Inittab
Local:inittab Remote:inittab
227 Entering Passive Mode (127,0,0,1,73,116).
Ok to send data.
226 Transfer complete.
884 bytes sent in 2.2e-05 secs (40181.82 kbytes/sec)
Ftp> ls
227 Entering Passive Mode (127,0,0,1,71,165).
Here comes the directory listing.
-RW-------1 884 may 13:00 Inittab
-rw-r--r--1 0 0 12:55 issue
226 Directory send OK.
Ftp> bye
# # # Configuration VSFTPD support OpenSSL Secure Communication # # #
# Configure the Build CA certificate
# CD/ETC/PKI/CA
# (Umask 077; OpenSSL genrsa-out Private/cakey.pem 2048)
# Vim: /tls/openssl.cnf
Countryname_default= CN
Stateorprovincename_default= Guangdong
Localityname_default= GuangZhou
0.organizationname_default= Test
Organizationalunitname_default= Tech
Dir=/etc/pki/ca
# OpenSSL Req-new-x509-key private/cakey.pem-out cacert.pem-days 3656
# mkdir Certs CRL Newcerts
# Touch Index.txt
# echo > Serial
# mkdir-p/etc/vsftpd/ssl
# cd/etc/vsftpd/ssl/
# (Umask 077;openssl genrsa-out vsftpd.key 2048)
# OpenSSL Req-new-key vsftpd.key-out VSFTPD.CSR
# OpenSSL ca-in vsftpd.csr-out vsftpd.crt-days 3656
# Configure VSFTPD to support SSL authentication
# vim/etc/vsftpd/vsftpd.conf
Ssl_enable=yes
Ssl_tlsv1=yes
Ssl_sslv2=no
Ssl_sslv3=yes
Allow_anon_ssl=no
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
Rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt
Rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key
# Restart VSFTPD
# Service VSFTPD Restart
# test
# FTP localhost
Trying:: 1 ...
Ftp:connect to Address:: 1Connection refused
Trying 127.0.0.1 ...
Connected to localhost (127.0.0.1).
(VsFTPd 2.2.2)
Name (localhost:root): Tom
530 Non-anonymous sessions must use encryption.
Login failed.
# Display the above information indicates OK, because the Linux FTP command does not support SSL connection, the solid can be used other FTP client tools (such as FileZilla) connection test, and use the Tcpdump tool capture package view.
Vsftpd+pam+mysql implementing Virtual User Access control