Shulou(Shulou.com)05/31 Report--

MySQL in how to use the pam_mysql module to achieve vsftpd virtual users, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can get something.

I. preparation of the experimental environment

1. Download the software and dependency packages you need first.

[root@localhost ~] # yum-y install mariadb-server mariadb-devel pam-devel gcc-c++ vsftpd

two。 Install pam_mysql module (Plugable Authentication Module plug-in authentication module)

[root@localhost ~] # tar zxf pam_mysql-0.7RC1.tar.gz [root@localhost ~] # cd pam_mysql-0.7RC1 [root@localhost pam_mysql-0.7RC1] #. / configure-- with-mysql=/usr-- with-openssl-- with-pam-mods-dir=/lib/pam_mysql/ [root@localhost pam_mysql-0.7RC1] # make [root@localhost pam_mysql-0.7RC1] # make install

3. Start related services

[root@localhost ~] # systemctl start mariadb [root@localhost ~] # systemctl start vsftpd [root@localhost ~] # systemctl enable mariadb [root@localhost ~] # systemctl enable vsftpd

4. Database security settings

[root@localhost ~] # mysql_secure_installation Set root password? [Y/n] Y Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y

Second, create virtual users

1. Create databases and tables (for storing information about virtual users)

[root@localhost ~] # mysql-u root-p Enter password: MariaDB [(none)] > create database testdb; # create test database MariaDB [(none)] > grant select on testdb.* to linos@localhost identified by 'linux'; # create user MariaDB [(none)] > flush privileges; MariaDB [(none)] > use testdb Database changed MariaDB [testdb] > create table users (id int AUTO_INCREMENT NOT NULL,name char (20) binary NOT NULL,password char (20) binary NOT NULL,primary key (id)); # create a table to store users

two。 Add a virtual user

MariaDB [testdb] > insert into users (name,password) values ('tom','linux'); # create user MariaDB [testdb] > insert into users (name,password) values (' sam','linux'); # create user MariaDB [testdb] > flush privileges

3. Configure vsftp service

1. Create a pam certification file

[root@localhost ~] # cat / etc/pam.d/vsftpd.mysql auth required / lib/pam_mysql/pam_mysql.so user=linos passwd=linux host=localhost db=testdb table=users usercolumn=name passwdcolumn=password crypt=0 account required / lib/pam_mysql/pam_mysql.so user=linos passwd=linux host=localhost db=testdb table=users usercolumn=name passwdcolumn=password crypt=0

two。 To modify the vsftp configuration file, you mainly need to modify the following configuration

Anonymous_enable=NO # does not allow anonymous users to log on to local_enable=YES # allows system users to log in to write_enable=YES # allows system users to have write permissions anon_upload_enable=NO # does not allow anonymous users to upload files anon_mkdir_write_enable=NO # does not allow anonymous users to create directories chroot_local_user=YES # by default after logging in to ftp with a system user, users can cd to any directory This will have certain security risks. Enable this option to lock users in their home directory guest_enable=YES # enable this option to enable non-anonymous users to remap to system users function guest_username=virtuser # mapping system user allow_writeable_chroot=YES # since version 2.3.5, vsftpd has enhanced security checks if users are limited to their home directory Then the user's home directory can no longer have write permissions! If the check finds that there is still write permission, the error will be reported. To fix this error, you can remove the write permission from the user's home directory with the command chmod a Murw / home/username, or you can add the following item to the configuration file of vsftpd: allow_writeable_chroot=YES pam_service_name=vsftpd.mysql # specifies the configuration file of the plug-in pam module

IV. Verification

1. Restart the service

[root@localhost ~] # systemctl restart mariadb [root@localhost ~] # systemctl restart vsftpd

two。 Add the system user to which the virtual user is mapped

[root@localhost ~] # useradd-s / sbin/nologin virtuser # specifies shell as / sbin/nologin and forbids users from logging in to the system

3. Login virtual user authentication

4. Verify user Mappin

[root@localhost virtuser] # pwd / home/virtuser [root@localhost virtuser] # mkdir pub [root@localhost virtuser] # touch pub/test # virtuser create the test file under the home directory, and then log in to ftp with the sam user. You can see the home directory mapped to the virtuser user.

5. Configure authorization permissions

Sometimes we need to set different permissions for different virtual users

[root@localhost ~] # tail-1 / etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/users_permission/ [root@localhost ~] # mkdir / etc/vsftpd/users_permission/ [root@localhost ~] # cd / etc/vsftpd/users_permission/ [root@localhost users_permission] # echo # anon_upload_enable=YES > > sam [root@localhost home] # chmod-R 777 virtuser/

Before enabling anonymous user upload permission, you can see that upload is prohibited, using sam users

Enable anonymous user upload function and use sam user to upload a file

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.