Shulou(Shulou.com)05/31 Report--

This article introduces vsftpd based on pam_mysql how to do virtual user authentication, the content is very detailed, interested friends can refer to, hope to be helpful to you.

(1) download the epel source

[root@CentOS7-175i] # wget-O / etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # download Ali Cloud's epel source [root@CentOS7-175i] # yum repolist

(2) install the required packages

# yum-y groupinstall "Development Tools"Server Platform Development" [root@CentOS7-175i] # yum-y install vsftpd pam-devel mariadb-server mariadb-devel openssl-devel [root@CentOS7-175i] # systemctl start mariadb.service [root@CentOS7-175i] # systemctl enable mariadb.service

(3) compile and install pam_mysql module

Vsftpd uses pam_mysql for user authentication, and the pam_mysql module needs to be installed, but the default system yum source is not provided, so the pam_mysql module needs to be compiled and installed.

# mkdir / home/tools/ # cd / home/tools/ [root@CentOS7-175tools] # tar xf pam_mysql-0.7RC1.tar.gz [root@CentOS7-175tools] # cd pam_mysql-0.7RC1/ [root@CentOS7-175pam_mysql-0.7RC1] #. / configure-- with-mysql=/usr-- with-openssl=/usr-- with-pam=/usr-- with-pam-mods-dir=/ Lib64/security [root@CentOS7-175pam_mysql-0.7RC1] # make & & make install [root@CentOS7-175pam_mysql-0.7RC1] # ls / lib64/security/pam_mysql.so # query whether the compilation is successful Does ls have a pam_mysql.so module / lib64/security/pam_mysql.so

(4) back up the vsftpd.conf configuration file

[root@CentOS7-175pam_mysql-0.7RC1] # systemctl stop vsftpd [root@CentOS7-175pam_mysql-0.7RC1] # cd / etc/vsftpd [root@CentOS7-175vsftpd] # cp vsftpd.conf {, .bak} [root@CentOS7-175vsftpd] # ls vsftpd.conf*vsftpd.conf vsftpd.conf.bak

(5) configure mysql

[root@CentOS7-175vsftpd] # mysql-uroot-p # Login mysqlEnter password: Welcome to the MariaDB monitor. Commands end with; or\ g.Your MariaDB connection id is 2Server version: 5.5.44-MariaDB MariaDB ServerCopyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.Type 'help;' or'\ h' for help. Type'\ c'to clear the current input statement.MariaDB [(none)] > CREATE DATABASE vsftpd; # create vsftpd library Query OK, 1 row affected (0.00 sec) MariaDB [(none)] > use vsftpd; # enter vsftpd library Database changedMariaDB [vsftpd] > CREATE TABLE users (# create users table-> id int AUTO_INCREMENT NOT NULL PRIMARY KEY,-> name char (30) NOT NULL,-> password char (48) binary NOT NULL) Query OK, 0 rows affected (0.05sec) MariaDB [vsftpd] > desc users # View users table +-+-+ | Field | Type | Null | Key | Default | Extra | +-- -+ | id | int (11) | NO | PRI | NULL | auto_increment | | name | char (30) | NO | | NULL | | password | char (48) | NO | | NULL | | +-- -+ 3 rows in set (0.00 sec) MariaDB [vsftpd] > INSERT INTO users (name) Password) VALUES ('tom',password (' zhucke')) # insert data user Query OK in the table, 1 row affected (0.00 sec) MariaDB [vsftpd] > INSERT INTO users (name,password) VALUES ('jerry',password (' zhucke.com')); Query OK, 1 row affected (0.00 sec) MariaDB [vsftpd] > SELECT * FROM users +-- + | id | name | password | +-+ -+ | 1 | tom | * 9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 | | 2 | jerry | * 3E27BE6A3667961ABCCFCA4832F06B151F81185A | +-+-+ 2 rows in set (0.00 sec) MariaDB [vsftpd] > GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'zhucke' # authorized vsftpd users to log in to mysqlQuery OK, 0 rows affected (0.04 sec) MariaDB [vsftpd] > GRANT select ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'zhucke'; # authorized vsftpd users to log in to mysqlQuery OK, 0 rows affected (0.00 sec) MariaDB [vsftpd] > FLUSH PRIVILEGES;Query OK, 0 rows affected (0.01 sec) MariaDB [vsftpd] > exitBye

(6) vsftpd users log in to mysql for testing

[root@CentOS7-175 vsftpd] # mysql-uvsftpd-pEnter password:Welcome to the MariaDB monitor. Commands end with; or\ g.Your MariaDB connection id is 4Server version: 5.5.44-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or'\ h' for help. Type'\ c'to clear the current input statement. MariaDB [(none)] > SHOW DATABASES;+-+ | Database | +-+ | information_schema | | test | | vsftpd | +-+ 3 rows in set (0.01 sec) MariaDB [(none)] > use vsftpd Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with-A Database changedMariaDB [vsftpd] > SELECT * FROM users +-- + | id | name | password | +-+ -+ | 1 | tom | * 9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 | | 2 | jerry | * 3E27BE6A3667961ABCCFCA4832F06B151F81185A | +-+-+ 2 rows in set (0.01sec)

(7) configure pam

[root@CentOS7-175vsftpd] # cd / etc/pam.d/ [root@CentOS7-175pam.d] # vim vsftpd.mysql [root@CentOS7-175pam.d] # cat vsftpd.mysqlauth required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd tablee=users usercolumn=name passwdcolumn=password crypt=2 [root@CentOS7-175pam.d] # useradd-s / sbin/nologin-d / ftproot vuser [root@CentOS7-175pam.d] # ls-ld / ftproot/drwx -- 3 vuser vuser 74 Jun 11 11:30 / ftproot/ [root@CentOS7-175pam.d] # chmod go+rx / ftproot/ [root@CentOS7-175pam.d] # ls-ld / ftproot/drwxr-xr-x 3 vuser vuser 74 Jun 11 11:30 / ftproot/ [root@CentOS7-175pam.d] # vim / etc/vsftpd/vsftpd.conf [root@CentOS7-175pam.d] # tail-7 / etc/vsftpd/vsftpd.confpam_service_name=vsftpd.mysqllocal_enable=YESwrite_enable=YESlocal_umask=022guest_enable=YESguest _ username=vuser # indicates the system user to which the virtual user is mapped [root@CentOS7-175pam.d] # chmod-w / ftproot/ [root@CentOS7-175pam.d] # systemctl restart vsftpd [root@CentOS7-175pam.d] # mkdir / ftproot/ {pub Upload}

(8) Log in to the ftp server with tom user and jerry user on Client:192.168.5.171 respectively

[root@CentOS7-171c] # ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175) .220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom # login 331 Please specify the password.Password:230 Login successful with tom user. # Log in successfully Remote system type is UNIX.Using binary mode to transfer files.ftp > ls # View the file 227 Entering Passive Mode in the ftp service (192meme 168 Entering Passive Mode 5) 175 Here comes the directory listing.drwxr-xr-x 58188) .150 Here comes the directory listing.drwxr-xr-x 2006 Jun 11 03:34 pubdrwxr-xr-x 2006 Jun 11 03:34 upload226 Directory send OK.ftp > exit221 Goodbye. [root@CentOS7-171l] # ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5) .175: root): jerry # Log in to 331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp > ls227 Entering Passive Mode with the jerry user (192Mei168 Magi 5 175189114) .150 Here comes the directory listing.drwxr-xr-x 2000 Jun 11 03:34 pubdrwxr-xr-x 2000 6 Jun 11 03:34 upload226 Directory send OK.

(9) Settings files can be uploaded

[root@CentOS7-175pam.d] # chown vuser / ftproot/upload/ # modify this directory owner to vuser user [root@CentOS7-175pam.d] # ls-ld / ftproot/upload/drwxr-xr-x 2 vuser root 6 Jun 11 11:34 / ftproot/upload/ [root@CentOS7-175pam.d] # vim / etc/vsftpd/vsftpd.conf # compile vsftpd.conf file anon_upload_enable=YES # remove this line # Enable file upload [root@CentOS7-175pam.d] # systemctl restart vsftpd

(10) Test file upload

[root@CentOS7-171l] # ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175) 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom # log in to 331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp > cd upload # with the tom user to enter the upload directory 250 Directory successfully changed.ftp > lcd / etc # and enter the local / etc directory Record Local directory now / etcftp > put fstab # upload fstab file local: fstab remote: fstab227 Entering Passive Mode 175 Ok to send data.226 Transfer complete.648 bytes sent in 72 Entering Passive Mode 65). 150 Ok to send data.226 Transfer complete.648 bytes sent in 0.000229 secs (2829.69 Kbytes/sec) ftp > ls # to see if there are any fstab files 175187100) .150 Here comes the directory listing.-rw- 1 1001 1001 648 Jun 11 03:50 fstab # uploaded successfully Directory send OK.ftp > exit221 Goodbye. [root@CentOS7-1001] # ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175) .220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry # log in to Please with jerry user Specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp > cd upload # enter upload directory 250Directory successfully changed.ftp > lcd / etc # enter local / etc/ directory Local directory now / etcftp > put issue # upload issue file local: issue remote: issue227 Entering Passive Mode 175 Ok to send data.226 Transfer complete.23 bytes sent in 95111). 150 Ok to send data.226 Transfer complete.23 bytes sent in 0.000659 secs (34.90 Kbytes/sec) ftp > ls227 Entering Passive Mode. 150 Here comes the directory listing.-rw- 1 1001 1001 648 Jun 11 03:50 fstab-rw- 1 1001 1001 23 Jun 11 03:52 issue # uploaded issue file successfully.

(11) configure users to have different permissions, one can upload and the other cannot upload

[root@CentOS7-175pam.d] # cd / etc/vsftpd [root@CentOS7-175vsftpd] # mkdir vusers.conf.d [root@CentOS7-175pam.d] # cd vusers.conf.d [root@CentOS7-175vusers.conf.d] # vim tomanon_upload_enable=YES # tom users can upload [root@CentOS7-175vusers.conf.d] # vim jerryanon_upload_enable=NO # jerry users do not upload [root@CentOS7-175vsftpd] # vim / etc/vsftpd/vsftpd .confuser _ config_dir=/etc/vsftpd/ vusers.conf.d [root @ CentOS7-175 vsftpd] # systemctl restart vsftpd.service

(12) verify tom and jerry users

# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp > ls227 Entering Passive Mode 175205162) .150 Here comes the directory listing.drwxr-xr-x 2006 Jun 11 03:34 pubdrwxr-xr-x 2 1001 030 Jun 11 03:52 upload226 Directory send OK.ftp > cd upload250 Directory successfully changed.ftp > lcd / etcLocal directory now / etcftp > put grub2.cfglocal: grub2.cfg remote: grub2.cfg227 Entering Passive Mode. # tom users uploaded successfully 226 Transfer complete.4213 bytes sent in 0.0815 secs (51.69 Kbytes/sec) ftp > ls227 Entering Passive Mode 175111189) .150 Here comes the directory listing.-rw- 1 1001 1001 Jun 11 03:50 fstab-rw- 1 1001 1001 4213 Jun 11 04:04 grub2.cfg-rw- 1 1001 1001 23 Jun 11 03:52 issue226 Directory send OK. [root@CentOS7-1001] # ftp 192.168.5.175Connected to 192.168. 5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry 331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp > ls227 Entering Passive Mode 175 Here comes the directory listing.drwxr-xr-x 31254). 150 Here comes the directory listing.drwxr-xr-x 200 6 Jun 11 03:34 pubdrwxr-xr-x 2 1001 062 Jun 11 04:06 upload226 Directory send OK.ftp > lcd / etcLocal directory now / etcftp > cd upload250 Directory successfully changed.ftp > put issuelocal: issue remote: issue227 Entering Passive Mode. 550 Permission denied. # jerry test results can not be uploaded about vsftpd how to do virtual user authentication based on pam_mysql. I hope the above content can be helpful to you and learn more. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.