Shulou(Shulou.com)06/01 Report--

Editor to share with you how to configure vsftpd virtual users, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Virtual user configuration of vsftpd: PAM + PgSQL + FreeBSD-4

(1.0beta, welcome debug. I will update it at any time.)

Vsftpd is probably the best ftpd in the world. It is very popular in the linux world, with security and high performance.

The purpose of this article is to have PgSQL store your vsftp's virtual users and passwords and authenticate them through something called pam.

Zero. Briefly describe the principle of PAM.

If you already know something about pam, please skip it. I may not know as much as you do. Please skip it if you are not interested, because it can be configured without looking at this.

Code:

User vsftpd PAM module user and password database

Vsftpd uses a clever and unix/linux specification to authenticate users, which is PAM. People may be strange to PAM, but they use it all the time. The so-called PAM, English is: Pluggable Authentication Modules, pluggable authentication module (I do not know whether this translation is correct). When you see the keyword plug, you know it is very flexible.

Nowadays, almost all daemon programs generally use PAM for authentication, including telnet/sshd/imapd, and even your login, using PAM. Friends on fbsd 4, you can call ps-ax | grep pam, and you will find that there will be as many pam processes as there are consoles in login.

The biggest advantage of PAM is flexibility. It doesn't matter what data format your users and passwords are stored in (database or usually password files), as long as there is a corresponding PAM module. For example, you can not only use vsftpd + PgSQL for user login verification, as long as you like you can also use MySQL,Oracle,LDAP database to store user data, as long as there is a corresponding PAM. All daemon can use a background database for user authentication login, including telnet/sshd and so on.

The configuration mechanism of pam varies from version to version of freebsd.

Freebsd-4 is placed in / etc/pam.conf, a file that records all pam services.

Freebsd-5 is placed in / etc/pam.d,/usr/local/etc/pam.d. Each pam service is recorded by a separate file.

This article does not intend to describe the configuration of PAM in detail. The configuration of PAM is not very difficult, after all, it only requires you to configure some parameters, not to develop a pam module. And the space of this article is limited, I just know a little thing hope to play a role. When I get a little more familiar with pam, I'll write another article about pam.

Ready to begin: summary

Talk briefly about the role of the configuration file you want to use.

Reference:

/ etc/pam.conf # configuration of the pam service

/ etc/pam_pgsql.conf # configuration of pam_pgsql.so

/ usr/local/etc/vsftpd.conf # configuration of vsftpd

First, install vsftpd,PostgreSQL,pam_pgsql.

I use port to install, please use port/package to install, do not download the source code to compile, otherwise it may not work properly according to the method of this article. Vsftpd and pam-pgsql must be installed with port/package.

The following is their port directory:

Reference:

/ usr/ports/ftp/vsftpd

/ usr/ports/databases/postgresql7

/ usr/ports/security/pam-pgsql

Install: as long as cd goes in, then make install will OK.

Second, PostgreSQL installation (if you already have PostgreSQL, you don't need to see this section)

Simply mention the process of using port to install PostgreSQL, because the methods of installing PgSQL on the BSD version are compiled by downloading the source code. I use port to compile and install, because this is the recommended installation method of fbsd, and the installed software will be installed according to bsd's hier (directory structure), which is easier to manage.

When PostgreSQL is installed with port, the default database management user is pgsql (automatically added by the installer in port), and other systems default to postgres. The procedure to initialize PostgreSQL is as follows:

1. Initial database. Please log in with root or su to root first. Then, issue the command:

Code:

# su pgsql

# initdb

Normal initialization should have the following prompt:

Reference:

This database system will be initialized with username "pgsql".

This user will own all the data files and must also own the server process.

Creating directory / usr/local/pgsql/data

Creating directory / usr/local/pgsql/data/base

Creating directory / usr/local/pgsql/data/global

Creating directory / usr/local/pgsql/data/pg_xlog

Creating template1 database in / usr/local/pgsql/data/base/1

[snip]

Success. You can now start the database server using:

/ usr/local/bin/postmaster-D / usr/local/pgsql/data

Or

/ usr/local/bin/pg_ctl-D / usr/local/pgsql/data-l logfile start

2. Start PostgreSQL

Code:

# / usr/local/etc/rc.d/010.pgsql.sh start

For more detailed help, see an article on freebsddiary that installs PostgreSQL with port, all in English.

Http://www.freebsddiary.org/postgresql.php

Third, set up the user database.

I am a beginner in PgSQL, and I am not familiar with the command line, so I use phpPgAdmin to manage the database.

1. First create a database called mydb.

2. Set up a data table called ftp, which is used to store user names and accounts. The structure of this data table is the simplest table specified by the pam_pgsql module. Every field is required. You can extend the structure of this table, but do not delete these fields. I have exported a SQL script that is easy for you to create.

Code:

CREATE TABLE "ftp" (

"ID" int4 DEFAULT nextval ('public. "ftp_ID_seq"') NOT NULL

"usr" varchar (32) NOT NULL

"pass" varchar (32) NOT NULL

"expired" bool DEFAULT false NOT NULL

"newtok" bool DEFAULT false NOT NULL

);

Please create some users to facilitate debugging:

This is my ftp table. The names of these records are random. But please note that only those with an expired of f (false) can log in successfully.

Code:

ID | usr | pass | expired | newtok

The above is all the contents of the article "how to configure Virtual users in vsftpd". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.