Realize the vsftpd virtual user based on MYSQL authentication

Realize the vsftpd virtual user based on MYSQL authentication

Environment preparation
10.0.0.7 as FTP server
10.0.0.8 as MySQl
10.0.0.150 Client The

Insert picture description here


first step: installation

Install the mysql database on the 10.0.0.8 database server and configure the database

[[email protected] ~]#yum -y install mariadb-server
[[email protected] ~]#systemctl enable --now mariadb.service

Enter the database:

Insert picture description here
CREATE DATABASE vsftpd;
use vsftpd
CREATE TABLE users (id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,name CHAR(50)BINARY NOT NULL,password CHAR(48) BINARY NOT NULL);
insert users(name,password) values('alang',password('123456'));
insert users(name,password) values('alei',password('123456'));   #这里用password是给密码加密
select * from users;
grant select on vsftpd.* TO [email protected]'10.0.0.%' identified by '123456';
Insert picture description here


Then install vsftpd and pam_mysql packages on the FTP server on 10.0.0.7

yum -y install vsftpd
systemctl enable --now vsftpd

centos7 and 8: There is no corresponding rpm package, you need to manually compile and install, and the pam-mysql source code is compiled or downloaded directly after uploading and directly decompressing step;

yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel  #安装相关包
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz #下载pam-mysql源码
tar xvf pam_mysql-0.7RC1.tar.gz  #解压
tar xvf pam_mysql-0.7RC1.tar.gz -C /usr/local/src  #解压后习惯放在src下
Insert picture description here
cd pam_mysql-0.7RC1/           #切换到pam_mysql-0.7RC1/目录下
./configure --with-pam-mods-dir=/lib64/security   #执行变量
make install          #执行安装
#ll /lib64/security/pam_mysql*  #查看编译完成的文件

Establish required documents for pam authentication on 7 FTP server

vi /etc/pam.d/vsftpd.mysql

Add the following two lines

auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name  passwdcolumn=password crypt=2   #第一行 文本里必须放在同一行
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2   #第二行,文本里必须放在同一行

Create the corresponding user and modify the vsftpd configuration file

useradd -s /sbin/nologin -d /data/ftproot -r vuser
mkdir -pv /data/ftproot/upload
setfacl -m u:vuser:rwx /data/ftproot/upload

Make sure the following options have been enabled in /etc/vsftpd/vsftpd.conf

pam_service_name=vsftpd.mysql   # 手动添加vsftpd后面的 .mysql
guest_enable=YES                # 在最后手动添加
guest_username=vuser            # 在最后手动添加
systemctl  restart vsftpd       # 保存退出后重启服务

Step 2: Test

Log in to the alang and alei tests just set up on the 10.0.0.150 client respectively (the user name can be set arbitrarily) to

Insert picture description here


Insert picture description here


test whether the upload can upload ftp> put hosts

Insert picture description here


currently does not have permission to upload

The third step: setting

Configure virtual users with different access rights on the 10.0.0.7 FTP server
#Configure vsftpd to use configuration file directories for virtual users

vim /etc/vsftpd/vsftpd.conf          #打开文本
user_config_dir=/etc/vsftpd/conf.d/  #在文本最后添加这行

It should be noted that
configuring the access rights of
virtual users# Virtual users' access rights to the vsftpd service are carried out through the relevant instructions of anonymous users. If you want the user alnag to have the permission to upload files, you can modify the /etc/vsftpd/vusers.d/wang file, add the following options in it and set it to YES, and set it to NO for read-only

mkdir /etc/vsftpd/conf.d/     #创建文本
vim /etc/vsftpd/conf.d/alang  #编辑文本

Set the following in the alang text

anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot1

Then restart the service systemctl restart vsftpd in

Insert picture description here


order to upload data in upload, execute

mkdir /data/ftproot1/upload -pv
chown vuser.vuser /data/ftproot1/upload/   #更改权限
touch /data/ftproot1/upload/alang.txt      #在7上创建一个文件,在客户端可以看到 示例

Check

Insert picture description here


it on 10.0.0.150 and upload the file to test the put hosts

Insert picture description here


on the FTP server at 10.0.0.7, which can be checked

Insert picture description here


. Currently alei cannot be uploaded because it has not been specified separately.

mkdir /data/ftproot2/             #设置单独的目录
touch /data/ftproot2/alei.txt     #设置alei的文件

Then switch to cd
/etc/vsftpd/conf.d/ to copy the alang file and generate it directly

cd /etc/vsftpd/conf.d/
cp alang alei  
vim alei

The setting is not allowed to upload comments or delete the first three lines,

Insert picture description here


then restart the service systemctl restart vsftpd,
log in on the client, and you can see the file of alei,

Insert picture description here


so that each user has his own settings, and because there is no setting to allow uploading, so

Insert picture description here


far the setting is complete
. If you want to add users, execute directly on the 8 host MySQL

insert users(name,password) values('asan',password('123456'));

Then log in directly to

Insert picture description here


this setting is complete

Personal experience about this experiment: Start learning as a zero foundation, no matter what experiment, it’s best to do it, so that you can make faster progress