Shulou(Shulou.com)06/01 Report--

First, install the required programs

1. Install the software packages required for the ftp service

[root@fsy-Centos6 ~] # yum install vsftpd

two。 Install the MySQL database:

[root@fsy-Centos6 ~] # yum-y install mysql-server mysql-devel

3. The environment required for installation, compilation and installation

[root@fsy-Centos6 ~] # yum-y groupinstall "Development Tools"Development Libraries"

4. Compile and install pam_mysql-0.7RC1.tar.gz

[root@fsy-Centos6 ~] # tar xf pam_mysql-0.7RC1.tar.gz

[root@fsy-Centos6 ~] # cd pam_mysql-0.7RC1/

[root@fsy-Centos6 pam_mysql-0.7RC1] # / configure-- with-mysql=/usr-- with-openssl

You may encounter the following problems during compilation and installation:

Configure: error: Cannot find pam headers. Please check if your system is ready for pam module development.

Solution:

[root@fsy-rhel7 pam_mysql-0.7RC1] # yum install pam-devel.x86_64

[root@fsy-Centos6 pam_mysql-0.7RC1] # make

[root@fsy-Centos6 pam_mysql-0.7RC1] # make install

Create a virtual user account

1. Prepare database and related tables

First, make sure that the mysql service is started properly. Then, as needed, set up a database to store the virtual user, which is created as a vsftpd database:

Mysql > create database vsftpd

Mysql > use vsftpd

Mysql > create table users (

-> id int AUTO_INCREMENT NOT NULL

-> name char (20) binary NOT NULL

-> password char (48) binary NOT NULL

-> primary key (id)

->)

Mysql > grant select on vsftpd.* to vsftpd@localhost identified by '123456'

Mysql > grant select on vsftpd.* to vsftpd@127.0.0.1 identified by '123456'

Mysql > flush privileges

2. Add a virtual user for the test

Add the required users as needed, and their passwords are stored in clear text format here, because the password () function of pam_mysql may be different from the password () function of MySQL.

Mysql > insert into users (name,password) values ('tom','123456')

Mysql > insert into users (name,password) values ('jerry','123456')

3. Configure vsftpd

1. Put the compiled files in the corresponding location

[root@fsy-Centos6 ~] # cp / usr/lib/security/pam_mysql.so / lib/security/

[root@fsy-Centos6 ~] # cp / usr/lib/security/pam_mysql.la / lib/security/

two。 Establish the documents required for pam certification

[root@fsy-Centos6 ~] # vim / etc/pam.d/vsftpd.mysql

Add the following two lines

Auth required / usr/lib/security/pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=0

Account required / usr/lib/security/pam_mysql.so user=vsftpd passwd=123456

Host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=0

3. Modify the configuration file of vsftpd to adapt to mysql authentication

1) establish the system user and corresponding directory of virtual user mapping

[root@fsy-Centos6] # useradd-s / sbin/nologin-d / var/ftproot vuser

[root@fsy-Centos6 ~] # chmod go+rx / var/ftproot/

2) make sure that the following options are enabled in / etc/vsftpd/vsftpd.conf

Anonymous_enable=YES

Local_enable=YES

Write_enable=YES

Anon_upload_enable=NO

Anon_mkdir_write_enable=NO

Chroot_local_user=YES

Then add the following options

Guest_enable=YES

Guest_username=vuser

And make sure that the value of the pam_service_name option is as follows

Pam_service_name=vsftpd.mysql

Start the vsftpd service for testing

[root@fsy-Centos6 ~] # service vsftpd restart

5. Configure virtual users with different access rights

Vsftpd can provide a separate profile for each user in the profile directory to define their access to ftp services, and the profile name of each virtual user is the same as the user name of the virtual user. The profile directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure vsftpd to use the profile directory for virtual users

[root@fsy-Centos6 ~] # vim vsftpd.conf

Add the following options

User_config_dir=/etc/vsftpd/vusers_dir

2. Create the required directories and provide configuration files for virtual users

[root@fsy-Centos6 ~] # mkdir / etc/vsftpd/vusers_dir/

[root@fsy-Centos6 ~] # cd / etc/vsftpd/vusers_dir/

[root@fsy-Centos6 vuser_dir] # touch tom jerry

3. Configure the access rights of virtual users

The access rights of virtual users to vsftpd services are carried out through the relevant instructions of anonymous users.

6. Common instructions in vfstpd.conf:

Whether anonymous_enable=YES allows anonymous users to log in

Does local_enable=YES allow ordinary users to log in?

Does write_enable=YES allow ordinary users to upload files?

Does anon_upload_enable=YES allow anonymous users to upload files?

Whether anon_mkdir_write_enable=YES allows anonymous users to create files

Whether anon_other_write_enable=YES allows anonymous users to delete files

Dirmessage_enable=YES whether a welcome message is displayed when a user enters a directory

Whether xferlog_enable=YES opens the transfer log (that is, user uploads and downloads of files will be recorded)

Xferlog_file=/var/log/xferlog indicates the file that records the transfer log

Whether the xferlog_std_format=YES log file uses the standard format

Whether to modify the owner of the file after the user uploads the file:

Chown_uploads=YES

Chown_username=whoever

Whether to use text to transfer files:

Ascii_upload_enable=YES

Ascii_download_enable=YES

Imprison users:

Chroot_list_enable=YES is ready to start imprisoning users.

The list file of imprisoned users created by chroot_list_file=/etc/vsftpd/chroot_list. Users in this directory will be locked up in the home directory.

Imprison all users:

Chroot_local_user=YES

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.