Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Vsftpd does virtual user authentication based on mysql

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Share

Shulou(Shulou.com)06/01 Report--

Virtual user:

Where is the user account stored?

File, MySQL,Redis,...

The authentication function of vsftpd is hosted to pam:

Pluggable Authencate Module, authentication framework, authentication library

Complete the authentication function through the module: / usr/lib64/security/

Pam_mysql module:

Download the source package of pam_mysql officially download http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

(1) prepare to compile and install the environment

[root@server1 ~] # yum-y groupinstall "Development Tools"

[root@server1 ~] # wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

[root@server1 ~] # tar xf pam_mysql-0.7RC1.tar.gz

[root@server1 ~] # cd pam_mysql-0.7RC1/

[root@server1] # / configure-with-pam=/usr-with-mysql=/usr-with-pam-mods-dir=/usr/lib64/security

If this error occurs during compilation, you need to install the mysql-devel package.

[root@server1 pam_mysql-0.7RC1] # yum-y install mysql-devel

If you encounter this error, you also need to install the development package for pam-devel.

[root@server1 pam_mysql-0.7RC1] # yum-y pam-devel

To check the environment to generate the config file is completed, and then only need make and make install

[root@server1 pam_mysql-0.7RC1] # make

[root@server1 pam_mysql-0.7RC1] # make install

After the compilation and installation is complete, check the / usr/lib64/security directory for the files shown in the figure

Prepare the database:

Vsftpd operates on the host of CentOS7 based on virtual user authentication

Install the database

[root@server1 ~] # yum-y install mariadb-server

Next, start the mysql service.

[root@server1 ~] # systemctl start mariadb

[root@server1~] # ss-tnl / / Type this command to see if port 3306 is listening

After that, you need to put the users and passwords authenticated by virtual users into the database, so you need to create a data and a corresponding table for vsftpd, as follows

Create a database

Mysql > CREATE DATABASE vsftpd

Use the newly created database, then use this database and then create the table users

Mysql > USE vsftpd

Mysql > CREATE TABLE vsftpd.users (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, name CHAR (30) NOT NULL UNIQUE KEY,password CHAR (48)

Create data on the users table

Mysql > INSERT INTO users (name,password) VALUES ('tom',PASSWORD (' redhat')), ('jerry',PASSWORD (' redhat'))

Authorize remote users to log in to mysql

Mysql > GRANT ALL ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY' mageedu'

Mysql > GRANT ALL ON vsftpd.* TO 'vsftpd'@'127.0.0.1' IDENTIFIED BY' mageedu'

Mysql > FLUSH PRIVILEGES; / / Refresh authorization to make it effective

Here, localhost and 127.0.0.1 need to be authorized because the database sometimes fails to resolve the ip address, so the user cannot log in, so the two hosts need to be authorized.

Vsftpd's configuration file authenticated by pam_mysql enables pam to use the pam-mysql module to connect to the database to obtain the user name and password in the database, so you need to edit the: / etc/pam.d/vsftpd.mysql file, which is as follows

Auth required / usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

Account required / usr/lib64/security/pam_mysql.so user=vsftpd passwd=mageedu host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

User: the user name that connects to the mysql server. This user must have access to the database that authenticates the vsftpd service.

Passwd: the password of the user above

Host:mysql server host address

Db: database name of the authenticated vsftpd service

Table: a table that stores users and passwords

Usercolumn: field corresponding to user name

Passwdcolumn: field corresponding to password

Crypt: password encryption method

Prepare the system user account for anonymous user mapping:

# mkdir / ftproot

# useradd-d / ftproot vuser / / create a user vuser and set the user's home directory to / ftproot

# mkdir / ftproot/ {pub,upload} / / create a public directory and a directory where files are uploaded under the virtual user's root directory

# setfacl-m u:vuser:rwx / ftproot/upload / / add access control lists to virtual users and use the ability to upload files

Configure vsftpd:vsftpd.conf

Pam_service_name=vsftpd.mysql

Guest_enable=YES

Guest_username=vuser

Configure individual permission settings for each anonymous user

Vsftpd.conf, add:

User_config_dir=/etc/vsftpd/users_conf

Create a directory:

# mkdir / etc/vsftpd/vusers_conf

Provide a profile for each user:

/ etc/vsftpd/vusers_conf/ {tom,jerry}

Instructions for configuring permissions:

Anon_upload_enable=YES

Anon_mkdir_write_enable=YES

Anon_other_write_enable=YES

Test:

Log in to ftp on another host to test uploading files

Lftp-u tom,mageedu 10.1.48.11

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Database

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report