Vsftp+mysql Virtual User Configuration process

VSFTPD is a very safe and fast FTP server in Unix/linux and has been adopted by many large sites. VSFTPD supports saving user names and passwords to a database file or database server. VSFTPD calls this form of User a virtual user. Compared to the FTP local (System) users, virtual users are only the exclusive users of the FTP server, virtual users can only access the resources provided by the FTP server, which greatly enhance the security of the system itself. In contrast to anonymous users, virtual users require a username and password to obtain files in an FTP server, increasing the manageability of users and downloads. A virtual user is an excellent solution for users who need to provide a download service, but do not want everyone to be able to download it anonymously, both for the download user and for the host security and easy to manage FTP sites. This article describes how to save the VSFTPD virtual user name and password on the MySQL database server on Redhat Linux 9.
　　
First, the installation of VSFTPD

Currently, the latest version of VSFTPD is the 1.2.0 version. The official download address is ftp://vsftpd.beasts.org/users/cevans/vsftpd-1.2.0.tar.gz. Before installing, you need to do the following:
　　
The "Nobody" user is required in the VSFTPD default configuration. Add this user to the system, Useradd command prompts if the user already exists.
[Root@hpe45 root]# Useradd Nobody
Useradd:user Nobody exists
　　
The "/usr/share/empty" directory is required in the VSFTPD default configuration. In the system this directory, if the directory already exists, the mkdir command has the appropriate prompt.
[Root@hpe45 root]# mkdir/usr/share/empty/
Mkdir:cannot Create directory '/usr/share/empty ': File exists
　　
When VSFTPD provides anonymous FTP services, it requires an "ftp" user and a valid anonymous directory.
[Root@hpe45 root]# mkdir/var/ftp/
[Root@hpe45 root]# useradd-d/var/ftp FTP
The next action is useful for whether the FTP user already exists.
[Root@hpe45 root]# chown root.root/var/ftp
[Root@hpe45 root]# chmod og-w/var/ftp
　　
Once the preparation is complete, we can start compiling the source code. Assuming we download the vsftpd-1.2.0.tar.gz in the/root directory, execute the following command:
[Root@hpe45 root]# tar zxvf vsftpd-1.2.0.tar.gz
[Root@hpe45 root]# CD vsftpd-1.2.0
[Root@hpe45 vsftpd-1.2.0]# make
[Root@hpe45 vsftpd-1.2.0]# make install
　　
The "Make install" command above copies the compiled binaries, manuals, and so on to the appropriate directory. On RHL9, you may need to manually perform the following replication:
[Root@hpe45 vsftpd-1.2.0]# CP vsftpd/usr/local/sbin/vsftpd
[Root@hpe45 vsftpd-1.2.0]# CP Vsftpd.conf.5/usr/local/share/man/man5
[Root@hpe45 vsftpd-1.2.0]# CP VSFTPD.8/USR/LOCAL/SHARE/MAN/MAN8
　　
Next, we copy a simple configuration file as the basis for later modification.
[Root@hpe45 vsftpd-1.2.0]# CP vsftpd.conf/etc
[Root@hpe45 vsftpd-1.2.0]# CP redhat/vsftpd.pam/etc/pam.d/ftp
Copy the PAM validation file to allow local users to log on to VSFTPD.
[Root@hpe45 vsftpd-1.2.0]# CP redhat/vsftpd.pam/etc/pam.d/ftp
　　
Ii. Creating guest Users

VSFTPD uses PAM to authenticate virtual users. Because the user name/password of the virtual user is saved separately, VSFTPD needs to use the identity of a system user to read the database file or the database server to complete the validation, which is the guest user of vsftpd. This just as anonymous users also need to have a system user ftp. Of course, we can also consider the Guest user as the representative of the virtual user in the system. The following adds Vsftpdguest users to the system as guest for VSFTPD.
[Root@hpe45 vsftpd-1.2.0]# Useradd vsftpdguest
When a virtual user logs in, the location is Vsftpdguest's own directory/home/vsftpdguest. If you want to allow virtual users to log in to other directories such as/VAR/FTP, modify Vsftpdguest's own directory.
　　
Iii. setting up VSFTPD configuration files

In the/etc/vsftpd.conf file, add the following options:
Guest_enable=yes
Guest_username=vsftpdguest
　　
Then execute the following command to have VSFTPD run in the background:
[Root@hpe45 vsftpd-1.2.0]#/USR/LOCAL/SBIN/VSFTPD &
　　
Four, the virtual user to protect the MySQL database server

We set up Database Vsftpdvu, table users, field name and passwd to save the user name and password for the virtual user, while adding two virtual users Xiaotong and Xiaowang.　　

[root@hpe45 vsftpd-1.2.0]# mysql-p
mysql>create database vsftpdvu;
Mysql>use Vsftpdvu;
Mysql>create Table Users (name char () binary,passwd char () binary);
Mysql>insert into users (NAME,PASSWD) VALUES (' Xiaotong ', password (' Qqmywife '));
Mysql>insert into users (NAME,PASSWD) VALUES (' Xiaowang ', password (' Ttmywife '));
Mysql>quit

Then authorize Vsftpdguest to read the users table for the VSFTPDVU database. Execute the following command:
[root@hpe45 vsftpd-1.2.0]# mysql-u root mysql-p
Mysql>grant Select on Vsftpdvu.users to Vsftpdguest @localhost identified by ' i52serial0 ';
Mysql>quit

If you want to verify that the action you just made is successful, you can execute the following command:
[root@hpe45 vsftpd] #mysql-u vsftpdguest-pi52serial0 vsftpdvu
Mysql>select * from users;
If successful, will list Xiaotong, Xiaowang, and encrypted passwords

v. Set up MySQL authentication for the MySQL

Here we're going to use a source project (http://sourceforge.net/projects/pam-mysql/) that uses MySQL for Pam validation. First download its package pam_myql-0.5.tar.gz from the Web site and copy it to the/root directory. Before compiling the installation, make sure that the Mysql-devel RPM package is installed on your machine, and if not, install the package from the RHL installation CD. Then, execute the following command:
[Root@hpe45 Root] #tar xvzf pam_mysql-0.5.tar.gz
[Root@hpe45 Root] #cd pam_mysql
[Root@hpe45 Pam_mysql] #make
[Root@hpe45 Pam_mysql] #make Install