Realize the vsftpd virtual user based on MYSQL authentication

Realize the vsftpd virtual user based on MYSQL authentication

Environment preparation as FTP server as MySQl Client The

Insert picture description here

first step: installation

Install the mysql database on the database server and configure the database

[[email protected] ~]#yum -y install mariadb-server
[[email protected] ~]#systemctl enable --now mariadb.service

Enter the database:

Insert picture description here
use vsftpd
insert users(name,password) values('alang',password('123456'));
insert users(name,password) values('alei',password('123456'));   #这里用password是给密码加密
select * from users;
grant select on vsftpd.* TO [email protected]'10.0.0.%' identified by '123456';
Insert picture description here

Then install vsftpd and pam_mysql packages on the FTP server on

yum -y install vsftpd
systemctl enable --now vsftpd

centos7 and 8: There is no corresponding rpm package, you need to manually compile and install, and the pam-mysql source code is compiled or downloaded directly after uploading and directly decompressing step;

yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel  #安装相关包
wget #下载pam-mysql源码
tar xvf pam_mysql-0.7RC1.tar.gz  #解压
tar xvf pam_mysql-0.7RC1.tar.gz -C /usr/local/src  #解压后习惯放在src下
Insert picture description here
cd pam_mysql-0.7RC1/           #切换到pam_mysql-0.7RC1/目录下
./configure --with-pam-mods-dir=/lib64/security   #执行变量
make install          #执行安装
#ll /lib64/security/pam_mysql*  #查看编译完成的文件

Establish required documents for pam authentication on 7 FTP server

vi /etc/pam.d/vsftpd.mysql

Add the following two lines

auth required user=vsftpd passwd=123456 host= db=vsftpd table=users usercolumn=name  passwdcolumn=password crypt=2   #第一行 文本里必须放在同一行
account required user=vsftpd passwd=123456 host= db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2   #第二行,文本里必须放在同一行

Create the corresponding user and modify the vsftpd configuration file

useradd -s /sbin/nologin -d /data/ftproot -r vuser
mkdir -pv /data/ftproot/upload
setfacl -m u:vuser:rwx /data/ftproot/upload

Make sure the following options have been enabled in /etc/vsftpd/vsftpd.conf

pam_service_name=vsftpd.mysql   # 手动添加vsftpd后面的 .mysql
guest_enable=YES                # 在最后手动添加
guest_username=vuser            # 在最后手动添加
systemctl  restart vsftpd       # 保存退出后重启服务

Step 2: Test

Log in to the alang and alei tests just set up on the client respectively (the user name can be set arbitrarily) to

Insert picture description here

Insert picture description here

test whether the upload can upload ftp> put hosts

Insert picture description here

currently does not have permission to upload

The third step: setting

Configure virtual users with different access rights on the FTP server
#Configure vsftpd to use configuration file directories for virtual users

vim /etc/vsftpd/vsftpd.conf          #打开文本
user_config_dir=/etc/vsftpd/conf.d/  #在文本最后添加这行

It should be noted that
configuring the access rights of
virtual users# Virtual users' access rights to the vsftpd service are carried out through the relevant instructions of anonymous users. If you want the user alnag to have the permission to upload files, you can modify the /etc/vsftpd/vusers.d/wang file, add the following options in it and set it to YES, and set it to NO for read-only

mkdir /etc/vsftpd/conf.d/     #创建文本
vim /etc/vsftpd/conf.d/alang  #编辑文本

Set the following in the alang text


Then restart the service systemctl restart vsftpd in

Insert picture description here

order to upload data in upload, execute

mkdir /data/ftproot1/upload -pv
chown vuser.vuser /data/ftproot1/upload/   #更改权限
touch /data/ftproot1/upload/alang.txt      #在7上创建一个文件,在客户端可以看到 示例


Insert picture description here

it on and upload the file to test the put hosts

Insert picture description here

on the FTP server at, which can be checked

Insert picture description here

. Currently alei cannot be uploaded because it has not been specified separately.

mkdir /data/ftproot2/             #设置单独的目录
touch /data/ftproot2/alei.txt     #设置alei的文件

Then switch to cd
/etc/vsftpd/conf.d/ to copy the alang file and generate it directly

cd /etc/vsftpd/conf.d/
cp alang alei  
vim alei

The setting is not allowed to upload comments or delete the first three lines,

Insert picture description here

then restart the service systemctl restart vsftpd,
log in on the client, and you can see the file of alei,

Insert picture description here

so that each user has his own settings, and because there is no setting to allow uploading, so

Insert picture description here

far the setting is complete
. If you want to add users, execute directly on the 8 host MySQL

insert users(name,password) values('asan',password('123456'));

Then log in directly to

Insert picture description here

this setting is complete

Personal experience about this experiment: Start learning as a zero foundation, no matter what experiment, it’s best to do it, so that you can make faster progress