VSFTP+MARIADB for anonymous authentication of FTP
Mysql:
172.20.1.11 as a service side of MySQL, the installation process is slightly
Create a database and authorize a remote account
MariaDB [(None)]> CREATE Database vsftpd;
MariaDB [(None)]> GRANT Select on vsftpd.* to ' ftpuser ' @ '% ' identified by ' 123456 ';
MariaDB [(None)]> flush privileges;
MariaDB [(None)]> use vsftpd;
Database changed
MariaDB [vsftpd]> CREATE TABLE users (
-ID int auto_increment NOT NULL,
, name char (a) binary NOT NULL,
Password char () binary NOT NULL,
Primary key (ID));
MariaDB [vsftpd]>
Insert into users (Name,password) VALUES (' Zhangsan ', password (' Zhangsan ')), (' Lisi ', password (' Lisi '));
VSFTPD:
172.20.1.10 vsftp server needs to be installed VSFTPD and Pam_mysql (Epel source, is Pam connection MySQL driver, Epel source needs to be configured separately)
[email protected] ~]# Yum install vsftpd pam_mysql
Establish the required files for PAM Certification
[Email protected] log]# RPM-QL pam_mysql
/lib64/security/pam_mysql.so share the path of the module, the following will be used to get
/usr/share/doc/pam_mysql-0.7
/usr/share/doc/pam_mysql-0.7/copying
/usr/share/doc/pam_mysql-0.7/credits
/usr/share/doc/pam_mysql-0.7/changelog
/usr/share/doc/pam_mysql-0.7/news
/usr/share/doc/pam_mysql-0.7/readme
[[email protected] vsftpd]# Vim/etc/pam.d/vsftpd.mysql (not available, created)
Auth required/lib64/security/pam_mysql.so user=ftpuser passwd=123456 host=172.20.1.11 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2
Account required/lib64/security/pam_mysql.so user=ftpuser passwd=123456 host=172.20.1.11 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2
Create a system user (virtual user needs a system user)
[Email protected] vsftpd]# useradd-s/sbin/nologin-d/var/ftproot vuser
[Email protected] vsftpd]# chmod go+rx/var/ftproot
Make sure that the following options are enabled in/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes
Local_enable=yes
Write_enable=yes
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Chroot_local_user=yes
Then add the following options
Guest_enable=yes
Guest_username=vuser
And make sure that the value of the Pam_service_name option is as follows
Pam_service_name=vsftpd.mysql
At this point vsftpd can be turned on normally, but when you log in with a virtual user, all permissions are the same
Assigning different permissions to different virtual users
Edit/etc/vsftpd/vsftpd.conf Add as downstream
User_config_dir=/etc/vsftpd/vusers_config
[[email protected] vsftpd]# Mkdir/etc/vsftpd/vusers_config directory does not exist, created
[Email protected] vsftpd]# Cd/etc/vsftpd/vusers_config
[[email protected] vusers_config]# Touch Zhangsan Lisi Create a file for each virtual user with content that defines its permissions
Commonly used are:
Anon_upload_enable={yes|no} Whether the upload operation is allowed
Anon_mkdir_write_enable={yes|no} Whether write operations are allowed
Anon_other_write_enable={yes|no} Whether delete operations are allowed
[email protected] vusers_config]# cat Zhangsan Lisi
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=no
Anon_other_write_enable=no
Zhangsan User Login effect, can upload, rename and delete
650) this.width=650; "title=" clip_image001 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image001 "src=" http://s3.51cto.com/wyfs02/M02/8B/41/ Wkiol1hiuwghq3cdaabkbukhgoi298.png "" 364 "height=" 172 "/>
650) this.width=650; "title=" clip_image002 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image002 "src=" http://s3.51cto.com/wyfs02/M00/8B/41/ Wkiol1hiuwhxcbsaaaa37mmm1wo707.png "" 366 "height=" 113 "/>
Lisi User Login effect, can upload, but not to rename and delete
650) this.width=650; "title=" clip_image004 "style=" border-top:0px; border-right:0px; Background-image:none; border-bottom:0px; padding-top:0px; padding-left:0px; border-left:0px; padding-right:0px "border=" 0 "alt=" clip_image004 "src=" http://s3.51cto.com/wyfs02/M01/8B/41/ Wkiol1hiuwkjvv6laabgdrf2dlm428.jpg "" 368 "height=" 201 "/>
If you prohibit uploading, creating, renaming, deleting, etc.
VSFTP+MARIADB for anonymous authentication of FTP