2. Tech
  3. VSFTP + MYSQL virtual user configuration

VSFTP + MYSQL virtual user configuration

xiaoxiao2021-03-06  66

VSFTP MYSQL virtual user configuration

http://www.kehui.net/index.php/Article/read/39/23792

2004-11-29

VSFTPD

It is a very safe and fast FTP server in UNIX / Linux, which is currently used by many large sites. VSFTPD supports saving usernames and passwords in database files or database servers. VSFTPD said this form of user is a virtual user. Compared to the local (system) user of FTP, virtual users are only proprietary users of the FTP server, and virtual users can only access the resources provided by the FTP server, which greatly enhances the security of the system itself. Compared to anonymous users, virtual users need usernames and passwords to get files in the FTP server, add managementability to users and downloads. For download services, but don't want everyone to download anonymously; both need to manage the downloading users, and considering host security and convenient FTP sites, virtual users are an excellent solution. This article describes how to save the VSFTPD virtual user name and password on the MySQL database server on FreeBSD 5.1-Release.

First, the installation of vsftpd is currently, the latest version version 2.0.1 of VSFTPD. The download address is http://ftp.isu.edu.tw/pub/unix/ftp/vsftpd/vsftpd-2.0.1.tar.gz. Before installing, you need to do the following preparation: "Nobody" users are required in the vsftpd default configuration, requiring the "/ usr / share / empty" directory. [Root @ hpe45 root] #POT @ HPE45 root] # mkdir / usr / share / empty / vsftpd provides an anonymous FTP service, you need "FTP" and a valid anonymous directory. [Root @ HPE45 root] # mkdir / var / ftp / [root @ hpe45 root] #PW Useradd -d / var / ftp ftp Next action is useful for FTP users already exist. [Root @ hpe45 root] # chown root / var / ftp [root @ hpe45 root] # chmod og-w / var / ftp The preparatory work is completed, we can start compiling the source code. Assume that we downloaded vsftpd-2.0.1.tar.gz in the / root directory, execute the following command: [Root @ hpe45 root] # tar zxvf vsftpd-2.0.1.tar.gz [root @ hpe45 root] # CD vsftpd- 2.0.1 [root @ HPE45 vSFTPD-2.0.1] # make [root @ hpe45 vsftpd-2.0.1] # Make Install command The above "make install" command will be compiled into the corresponding directory. On RHL9, you may need to manually perform the following copy: [Root @ hpe45 vsftpd-2.0.1] # cp vsftpd / usr / local / sbin / vsftpd [root @ HPE45 vsftpd-2.0.1] # cp vsftpd.conf.5 / USR / local / share / man / man5 [root @ hpe45 vsftpd-2.0.1] # cp vsftpd.8 / usr / local / share / man / man8 Next, we copy a simple configuration file as a base supply back modification. [Root @ hpe45 vsftpd-2.0.1] # cp vsftpd.conf / etc copy PAM authentication file to allow local users to log in to VSFTPD (can not be taken, do not care, useful as follows). [Root @ HPE45 vSFTPD-2.0.1] # CP redhat / vsftpd.pam /etc/pam.dpd 2, Creating guest users vsftpd uses PAM way to verify virtual users. Since the username / password of the virtual user is saved separately, VSFTPD needs to read the database file or database server as a system user to complete the verification, which is the Guest user of VSFTPD. This is just like anonymous users, it needs to have a system user FTP. Of course, we can also regard guest users as a virtual user representatives in the system. The following is a VSFTPDGUEST user, as a guest of VSFTPD. [Root @ HPE45 VSFTPD-2.0.1] # PW UseRadd vsftpdguest When the virtual user is logged in, the location is vsftpdguest's own directory / home / vsftpdguest. If you want to let the virtual user log in to other directories such as / var / ftp, modify the VSFTPDGUEST's own directory.

Third, set the vsftpd configuration file in the /etc/vsftpd.conf file, add the following options: guest_enable = yesguest_username = vsftpdguest

PAM_SERVICE_NAME = FTP (Verification File to be called)

SetPROCTITLE_ENABLE = YES (PROCESS for all online conditions is presented)

Local_root = / home / vsftpdguest (define all local users' roots)

Anon_root = / var / ftp (define all the roots of the named user)

Background = yes (let the vsftpd background running)

Listen = yes (Yes, if you run independently, if you don't add this sentence, you have to use Xinetd to run, otherwise you will have the following error message :)

500 OOPS: VSFTPD: NOT Configured For Standalone, Must Be Started from inetd (When the above error prompts appear, ask / Etc/xinetd.d/vsftpd /etc/xinetd.d/vsftpd, change disable = yes, so that the system is restarted When the vsftpd is automatically restarted, and it is not seen by thread start (inetd). It is displayed with the TOP command. It is tested under redHateas3. Use listen = yes directly under FreeBSD.) Execute the following command, let VSFTPD run in the background: [Root @ HPE45 vSFTPD-2.0.1] # / usr / local / sbin / vsftpd & ('& "is to let the vsftpd background run or in vsftpd.conf with' Background = YES '4. Save the virtual user in the MySQL Database Server we create database vsftpdvu, table users, field name, and passwd to save the user name and password of the virtual user while adding two virtual users xiaotong and xiaowang. [root @ hpe45 vsftpd-2.0.1] # mysql -p mysql> Create Database vsftpdvu; mysql> use vsftpdvu; mysql> create Table users (Name Char (16) binary, passwd char (16) binary; mysql> Insert Into Users (Name, Passwd) ('xiaotong'); mysql> INSERT INTO USERS (Name, Passwd) Values ​​('xiaowang', password ('ttmywife')); mysql> quit then, authorize VSFTPDGUEST can read the UserS table of the vsftpdvu database. Perform the following command: [Root @ HPE45 vSFTPD-2.0.1] # mysql -u root mysql -p mysql> grant select on vsftpdvu.users to vsftpdguest @ localhost iDentified by 'i52serial0'; mysql> quit If you want to verify that the operation just now Success can perform the following command: [root @ hpe45 vsftpd] #mysql -u vsftpdguest -pi52serial0 vsftpdvu mysql> select * from users; if success, you will list xiaotong, xiaowang, and encrypted password five, set Mysql PAM Verification Linux Next: Here we have to use an open source project (http://sourceforge.net/projects/pam-mysql/) using MySQL. First download its package PAM_MYQL-0.5.tar.gz from the website, copy to the / root directory. Before compiling and install, make sure that mysql-wevel's RPM package is already installed on your machine, if not, please install the package from the RHL installation CD.

Then, perform the following command: [root @ hpe45 root] #tar xvzf PAM_MYSQL-0.5.tar.gz [root @ hpe45 root] #CD PAM_MYSQL [root @ hpe45 pam_mysql] #make [root @ hpe45 pam_mysql] #make install make install This step may have an error, then manually copy the PAM_MYSQL.O generated in this directory to the / lib / security directory. Under UNIX: (Experiment is installed by Ports)

Use the ports installation to enter the corresponding directory:

Free # cd / usr / ports / security / pam-mysql /

Free # make

Free # make install

Next, we have to set the PAM verification file for VSFTPD. /Etc/pam.d/ftp open file, add the following: auth required pam_mysql.so user = vsftpdguest passwd = i52serial0 host = localhost db = vsftpdvu table = users usercolumn = name passwdcolumn = passwd crypt = 2 account required pam_mysql.so user = vsftpdguest passwd = i52serial0 host = localhost db = vsftpdvu table = userColumn = name passwdcolumn = passwd crypt = 2 The parameters involved above, as long as the settings of the previous database can be understood. The Crypt parameters are required herein. Crypt indicates the encryption method of the password in the password field: CRYPT = 0, the password is saved in the database in a clear text method (not encrypted); Crypt = 1, the password is encrypted in the DES encryption method of the UNIX system; Crypt = 2, The password is saved after encrypting the pAssword () function of MySQL. Sixth, further virtual users have set the above steps, virtual users can be used normally. Here is a further virtual user settings. First, describe the permissions settings of the virtual user. VSFTPD-2.0.1 newly added Virtual_Use_local_privs parameters, when this parameter is activated (YES), virtual users use the same permissions as local users. When this parameter is turned off (NO), the virtual user uses the same permissions as anonymous users, which is the processing method for virtual user privileges before VSFTPD-2.0.1. Compared with the two practices, the latter is more strict, especially in the case of writing access. By default, this parameter is closed (NO). When Virtual_Use_local_privs = yes, simply set WRITE_ENABLE = YES, virtual users can have write permissions. When Virtual_Use_local_privs = no, the settings for virtual user privileges are more stringent. Control virtual user browsing directory: If the user can't browse the directory, you can still perform the following steps: 1. In the configuration file, Anon_World_Readable_only = yes. Second, the permissions of the virtual user directory can only be operated by vsftpdguest: [root @ hpe45 root] # chown vsftpdguest.vsftpdguest / home / vsftpdguest [root @ HPE45 root] # chmod 700 / home / vsftpdguest Allow virtual users to upload files: Write_enable = YES Anon_upload_enable = YES Allows the virtual user to modify the file name and delete file: Anon_other_write_enable = yes Since the above option is equally valid. If you don't want an anonymous user to have the same permissions, it is best to prohibit anonymous user login. Second, since the virtual user is VSFTPDGUEST identity in the system, other directories can be accessed.

转载请注明原文地址:https://www.9cbs.com/read-87524.html

9cbs

New Post(0)