Vsftpd realizes user authentication based on MySQL

Keywords: Linux vsftpd ftp vim MySQL

VSFTP introduction

VSFTP is a kind of FTP server software used on Unix like system published based on GPL. Its full name is Very Secure FTP.

Software installation

yum install vsftpd mariadb-server mariadb-devel pam-devel -y

wget  http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz

tar xf pam_mysql-0.7RC1.tar.gz 

cd pam_mysql-0.7RC1

./configure --with-pam=/usr --with-mysql=/usr --with-pam-mods-dir=/usr/lib64/security

make -j 4 && make install

Configuration database

Configure my.cnf

vim /etc/my.cnf
[mysqld]
innodb_file_per_table = 1
skip_name_resolve=1
log_bin=mysql-bin

Starting mariadb

systemctl start mariadb.service
systemctl enable mariadb.service

Establish data user authorization

mysql
grant all on vsftpd.* to 'vsftpd'@'l27.0.0.1' identified by 'vsftpd';
grant all on vsftpd.* to 'vsftpd'@'localhost' identified by 'vsftpd';

Building database

mysql -uvsftpd -pvsftpd -hlocalhost
create database vsftpd;

Create table

use vsftpd;
create table users(id int unsigned not null auto_increment primary key, name varchar(100) not null,password char(48) not null,unique key(name));
desc users;

Establish FTP login authorization account

insert into users (name,password) values ('ftp1',password('ftp1')), ('ftp2',password('ftp2'));

Configure Vsftp

Create system user vuser

mkdir -pv /ftproot
useradd  -d /ftproot/vuser vuser

Create directory authorization

mkdir -pv /ftproot/vuser/{pub,upload}
chmod a-w  /ftproot/vuser

Configure vsftpd.vusers

vim /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

crypt=0: indicates that the password is saved in the database in clear text
crypt=1: indicates that the password is encrypted with DES encryption method of UNIX and saved in the database
crypt=2: indicates that the password is encrypted with MySQL's password() function and saved in the database
crypt=3: indicates that the password is saved in the database by using MD5 hash value

Configure vsftpd.conf

cp /etc/vsftpd/vsftpd.conf{,.back}
vim /etc/vsftpd/vsftpd.conf                           
guest_enable=YES                             #Turn on virtual users
guest_username=vuser                      #The system user corresponding to the FTP virtual user needs to create a system user
pam_service_name=vsftpd.vusers     #PAM authentication file here is the name of the PAM authentication file created manually
user_config_dir=/etc/vsftpd/vusers_config/

Virtual user rights

chown vuser.vuser /ftproot/vuser/upload
mkdir -pv /etc/vsftpd/vusers_config
touch /etc/vsftpd/vusers_config/{ftp1,ftp2}
vim /etc/vsftpd/vusers_config/ftp1
anon_upload_enable=YES
vim /etc/vsftpd/vusers_config/ftp2
anon_upload_enable=YES
anon_mkdir_write_enable=YES

Start vsftpd service

systemctl start vsftpd.service
systemctl enable vsftpd.service

validate logon
ftp1

ftp 10.120.123.11
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp1
331 Please specify the password.
Password:
230 Login successful.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> put issue
local: issue remote: issue

ftp> ls
227 Entering Passive Mode (10,120,123,11,130,37).
150 Here comes the directory listing.
-rw-------    1 1000     1000           23 Apr 20 08:24 issue
-rw-------    1 1000     1000      3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.
ftp> mkdir 123
550 Permission denied.
ftp> rm issue
550 Permission denied.

ftp2

ftp 10.120.123.11
Connected to 10.120.123.11 (10.120.123.11).
220 (vsFTPd 3.0.2)
Name (10.120.123.11:root): ftp2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode (10,120,123,11,36,210).
150 Ok to send data.
226 Transfer complete.
465 bytes sent in 7e-05 secs (6642.86 Kbytes/sec)
ftp> mkdir ftp2
257 "/upload/jerry" created
ftp> ls
227 Entering Passive Mode (10,120,123,11,27,190).
150 Here comes the directory listing.
-rw-------    1 1000     1000          465 Apr 20 08:29 fstab
-rw-------    1 1000     1000           23 Apr 20 08:24 issue
drwx------    2 1000     1000            6 Apr 20 08:30 ftp2
-rw-------    1 1000     1000      3157504 Apr 20 08:23 putty-64bit-0.71-installer.msi
226 Directory send OK.

Configure firewall

Load modules P ﹣ conntrack ﹣ FTP, IP ﹣ NAT ﹣ FTP

vim /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"
IPTABLES_MODULES="ip_nat_ftp
vim /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT

Start firewall

systemctl restart iptables.service

Posted by maGGot_H on Sat, 23 Nov 2019 13:24:44 -0800

Hot Keywords

©2024 Programmer Group