Shulou(Shulou.com)05/31 Report--

This article mainly introduces how to configure virtual users in Vsftpd+Mysql+Pam. It is very detailed and has a certain reference value. Friends who are interested must read it!

1. Installation of VSFTPD

Currently, the latest version of VSFTPD is version 1.2.0. The official download address is ftp://vsftpd.beasts.org/users/cevans/vsftpd-1.2.0.tar.gz. The following preparations need to be done before installation:

The "nobody" user is required in the default configuration of VSFTPD. Add this user to the system, and the useradd command prompts you if the user already exists.

[root@hpe45 root] # useradd nobody useradd: user nobody exists

The "/ usr/share/empty" directory is required in the default configuration of VSFTPD. On the system, if this directory already exists, the mkdir command prompts you accordingly.

[root@hpe45 root] # mkdir / usr/share/empty/ mkdir: cannot create directory'/ usr/share/empty': File exists

When VSFTPD provides anonymous FTP services, you need a "ftp" user and a valid anonymous directory.

[root@hpe45 root] # mkdir / var/ftp/ [root@hpe45 root] # useradd-d / var/ftp ftp the next action is useful for whether the ftp user already exists.

[root@hpe45 root] # chown root.root / var/ftp [root@hpe45 root] # chmod og-w / var/ftp

After the above preparations are complete, we can start compiling the source code. Assuming the vsftpd-1.2.0.tar.gz we downloaded is in the / root directory, execute the following command: [root@hpe45 root] # tar zxvf vsftpd-1.2.0.tar.gz [root@hpe45 root] # cd vsftpd-1.2.0 [root@hpe45 vsftpd-1.2.0] # make [root@hpe45 vsftpd-1.2.0] # make install

The "make install" command above copies the compiled binaries, manuals, and so on to the appropriate directory. On RHL9, you may need to manually perform the following replication: [root@hpe45 vsftpd-1.2.0] # cp vsftpd / usr/local/sbin/vsftpd [root@hpe45 vsftpd-1.2.0] # cp vsftpd.conf.5 / usr/local/share/man/man5 [root@hpe45 vsftpd-1.2.0] # cp vsftpd.8 / usr/local/share/man/man8

Next, we copy a simple configuration file as the basis for later modification.

[root@hpe45 vsftpd-1.2.0] # cp vsftpd.conf / etc [root@hpe45 vsftpd-1.2.0] # cp RedHat/vsftpd.pam / etc/pam.d/ftp copies the PAM authentication file to allow local users to log in to VSFTPD.

[root@hpe45 vsftpd-1.2.0] # cp RedHat/vsftpd.pam / etc/pam.d/ftp

Second, create guest users

VSFTPD uses PAM to authenticate virtual users. Because the user name / password of the virtual user is saved separately, VSFTPD needs to read the database file or database server as a system user to complete the authentication, which is the guest user of VSFTPD. This is just like anonymous users also need to have a system user ftp. Of course, we can also think of guest users as representatives of virtual users in the system. Let's add the vsftpdguest user to the system as the guest of VSFTPD.

[root@hpe45 vsftpd-1.2.0] # useradd vsftpdguest when the virtual user logs in, the location is vsftpdguest's home directory / home/vsftpdguest. If you want the virtual user to log in to another directory, such as / var/ftp, modify vsftpdguest's own directory.

Set up the VSFTPD configuration file

In the / etc/vsftpd.conf file, add the following option: guest_enable=YES guest_username=vsftpdguest

Then execute the following command to have VSFTPD run in the background: [root@hpe45 vsftpd-1.2.0] # / usr/local/sbin/vsftpd &

Save the virtual user in the MySQL database server

We set up the database vsftpdvu, table users, fields name and passwd to hold the user name and password of the virtual user, while adding two virtual users, xiaotong and xiaowang.

[root@hpe45 vsftpd-1.2.0] # mysql-p mysql >; create database vsftpdvu; mysql >; use vsftpdvu; mysql >; create table users (name char (16) binary,passwd char (16) binary); mysql >; insert into users (name,passwd) values ('xiaotong',password (' qqmywife')); mysql >; insert into users (name,passwd) values ('xiaowang',password (' ttmywife')); mysql >; quit

The authorized vsftpdguest can then read the users table of the vsftpdvu database. Execute the following command: [root@hpe45 vsftpd-1.2.0] # mysql-u root mysql-p mysql >; grant select on vsftpdvu.users to vsftpdguest@localhost identified by 'i52serial0questions; mysql >; quit

To verify the success of the previous operation, you can execute the following command: [root@hpe45 vsftpd] # mysql-u vsftpdguest-pi52serial0 vsftpdvu mysql >; if successful, select * from users; will list xiaotong, xiaowang and encrypted password

5. Set PAM verification for MySQL

Here we will use an open source project (http://sourceforge.net/projects/pam-mysql/) that uses mysql for pam verification. First download its package pam_myql-0.5.tar.gz from the website and copy it to the / root directory. Before compiling and installing, make sure that the RPM package for mysql-devel is installed on your machine. If not, install the package from the RHL installation CD. Then, execute the following command: [root@hpe45 root] # tar xvzf pam_mysql-0.5.tar.gz [root@hpe45 root] # cd pam_mysql [root@hpe45 pam_mysql] # make [root@hpe45 pam_mysql] # make install make install this step may cause an error, so you have to manually copy the pam_mysql.so generated in this directory to the / lib/security directory.

Next, we will set up the PAM authentication file for vsftpd. Open the / etc/pam.d/ftp file and add the following: the parameters involved in auth required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2 account required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=2 can be understood as long as they correspond to the previous database settings. What needs to be explained here is the crypt parameter. Crypt indicates that the password in the password field is encrypted: crypt=0, the password is stored in the database in clear text (not encrypted); crypt=1, the password is encrypted using the DES encryption method of the UNIX system and saved in the database; crypt=2, the password is encrypted and saved by the password () function of MySQL.

VI. Further virtual user settings

After the above steps, the virtual user can use it normally. Further virtual user settings are described here. First of all, introduce the permission settings of the virtual user.

VSFTPD-1.2.0 adds the virtual_use_local_privs parameter, which, when activated (YES), gives the virtual user the same permissions as the local user. When this parameter is off (NO), virtual users use the same permissions as anonymous users, which is how previous versions of VSFTPD-1.2.0 handled virtual user rights. Compared with the two approaches, the latter is more stringent, especially when there is write access. This parameter is off by default (NO).

When virtual_use_local_privs=YES, only need to set write_enable=YES, the virtual user can have write permission. On the other hand, when using virtual_use_local_privs=NO, the setting of virtual user rights is more and more strict.

Control the virtual user browsing the directory: if the user can not browse the directory, but can still operate on the file, then need to perform the following two steps: first, in the configuration file, anon_world_readable_only=YES. Second, the permissions of the virtual user directory can only be operated by vsftpdguest: [root@hpe45 root] # chown vsftpdguest.vsftpdguest / home/vsftpdguest [root@hpe45 root] # chmod 700 / home/vsftpdguest

Allow virtual users to upload files:

Write_enable=YES anon_upload_enable=YES allows virtual users to change file names and delete files: anon_other_write_enable=YES also works for anonymous users because of the above options. If you don't want anonymous users to have the same permissions, it's best to disable anonymous users from logging in.

Second, because the virtual user is vsftpdguest in the system, you can access other directories of the system. To be more secure, we can limit virtual users to their own directory. There are two ways to do this: first, add the following option chroot_local_user=NO chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list to the configuration file, and then add the virtual usernames xiaotong and xiaowang to the / etc/vsftpd.chroot_list file.

Second, modify the chroot_local_user=YES in the configuration file.

After modification, the root directory of the virtual user is restricted to / home/vsftpdguest after logging in, and other directories cannot be accessed.

7. The personal directory of virtual users

You can find that no matter which virtual user is logged in, the directory is / home/vsftpdguest, that is, the home directory of the guest_username user. Next, how to set up your own directory for each virtual user. First, add the following option to the main configuration file: user_config_dir=/etc/vsftpd/vsftpd_user_conf and then generate the / etc/vsftpd/vsftpd_user_conf directory And create a file with the same name as a specific virtual user in this directory: the operations above [root@hpe45 root] # mkdir / etc/vsftpd/vsftpd_user_conf [root@hpe45 root] # cd / etc/vsftpd/vsftpd_user_conf [root@hpe45 vsftpd_user_conf] # touch xiaowang create a personal profile / etc/vsftpd/vsftpd_user_conf/xiaowang for the virtual user xiaowang. Next, change the home directory of xiaowang to / home/xiaowang in xiaowang's personal configuration file, with the configuration option:

Local_root=/home/xiaowang then create a new xiaowang directory and set the permission to vsftpdguest: [root@hpe45 vsftpd_user_conf] # mkdir / home/xiaowang [root@hpe45 vsftpd_user_conf] # chown vsftpdguest.vsftpdguest. / xiaowang [root@hpe45 vsftpd_user_conf] # chmod 600 / home/xiaowang

After the above settings, xiaowang logs in to VSFTPD and uses the "pwd" command to find that it has been located to its own "/ home/xiaowang" directory.

At the file system level, because the permissions of the "/ home/xiaowang" directory belong to vsftpdguest, other virtual users can also access xiaowang's own directory. Solving this problem is also very simple, we only need to let VSFTPD be responsible for restricting virtual users to their own directory, and we can avoid virtual users accessing each other. The specific approach is referred to in the previous step 6, and I will not repeat it here. After the above settings, virtual users can have their own directories.

Usr/bin/ld: cannot find-lmysqlclient you won't have such an error if you copy the file of / usr/local/mysql/lib/mysql to / usr/lib/.

These are all the contents of the article "how to configure Virtual users in Vsftpd+Mysql+Pam". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.