Achieve FTP + PAM + MySQL environment, batch configuration virtual users

Others 2019-12-23 21:05:51 views: null

Achieve FTP + PAM + MySQL environment, batch configuration virtual users

Built environment: CentOS6.5 or CentOS6.7

 [root@vhost3 ~]# uname -a
 Linux vhost3 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

yum install MySQL, vsftpd

 yum install -y vsftpd mysql-server mysql-devel mysql-libs

Installation pam

Installation dependencies

 yum install -y pam-devel fprintd-pam pam_passwdqc pam

Compile and install pam, suitable for yum install MySQL

 [root@localhost]#wget http://www.huzs.net/soft/vsftpd/pam_mysql-0.7RC1.tar.gz
 [root@localhost]#tar xvf pam_mysql-0.7RC1.tar.gz
 [root@localhost]#cd pam_mysql-0.7RC1
 [root@localhost]# ./configure --with-openssl --with-pam-mods-dir=/lib/security/
 [root@localhost]# make && make install

After installation, the following two documents will generate

 /lib/security/pam_mysql.la  /lib/security/pam_mysql.so

Vsftpd modify profile (Reference)

 anonymous_enable=NO
 local_enable=YES
 write_enable=YES
 local_umask=022
 dirmessage_enable=YES
 xferlog_enable=YES
 connect_from_port_20=YES
 xferlog_std_format=YES
 listen=YES
 pam_service_name=kdui_ftp        # pam认证的配置文件
 userlist_enable=YES
 tcp_wrappers=YES
 guest_enable=YES    # 启用虚拟用户
 guest_username=kdui_ftp        # 虚拟用户的权限是寄宿在操作系统的kdui_ftp这个用户上的,这个用户必须真实存在
 local_root=/home/dms/kdui/dmsdata/userBase/$USER    #指定用户登录的家目录,$USER是内置变量,表示用户名
 user_sub_token=$USER
 virtual_use_local_privs=YES
 xferlog_file=/var/log/xferlog
 dual_log_enable=YES
 vsftpd_log_file=/var/log/vsftpd
 user_config_dir=/etc/vsftpd/user_config        #每个虚拟用户的独立配置文件目录,配置文件和用户同名

Configure the system environment, according to vsftpd configuration file

Create a home directory of the host account

 [root@localhost]#mkdir -p /home/dms/kdui/dmsdata/

Create a virtual host user accounts

 [root@localhost]# useradd -s /sbin/nologin -d /home/dms/kdui/dmsdata/userBase/ kdui_ftp

Create a virtual user profile directory, (according to the above configuration file can not be created)

[root@localhost]# mkdir -p /etc/vsftpd/user_config

Modify pam authentication file

[root@localhost]# vim /etc/pam.d/kdui_ftp 
 #%PAM-1.0
 session       optional        pam_keyinit.so       force revoke
 auth required /lib/security/pam_mysql.so user=ftp passwd=123456 host=localhost db=ftp table=ftpuser usercolumn=username passwdcolumn=password crypt=0
 account required /lib/security/pam_mysql.so user=ftp passwd=123456 host=localhost db=ftp table=ftpuser usercolumn=username passwdcolumn=password crypt=0
 #            调用的模块        数据库用户名    密码      IP         库名    表名      哪个字段作为用户名   哪个字段作为密码
 # crypt表示密码是否加密以及加密方式,0表示明文,1表示使用UNIX的DES加密,2表示使用MySQL的password()函数,3表示口令使用MD5加密

Configure MySQL database

Start the database

[root@localhost]# /etc/init.d/mysqld start

#Connect to the database

[root@localhost]# mysql -uroot

# Building a database

 mysql> CREATE DATABASE IF NOT EXISTS `ftp` ;
  mysql> use ftp;

# Build the table

 mysql> CREATE TABLE IF NOT EXISTS `ftpuser` (
   `id` int(6) NOT NULL AUTO_INCREMENT,
   `username` varchar(20) NOT NULL,
   `password` varchar(20) NOT NULL,
   `status` int(1) NOT NULL DEFAULT '1',
   `level` int(1) NOT NULL DEFAULT '1',
   PRIMARY KEY (`id`)
   ) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;

Insert two virtual user data i.e. ftp

mysql> INSERT INTO `ftpuser` (`username`, `password`) VALUES ( 'aaa', '123');
mysql> INSERT INTO `ftpuser` (`username`, `password`) VALUES ( 'bbb', '456');

Pam verify authorized use mysql account

mysql>  grant select on ftp.ftpuser to ftp@localhost identified by '123456';
 mysql> FLUSH PRIVILEGES;
mysql>  quit;

Start ftp

[root@loaclhost]#/etc/init.d/vsftpd start

Guess you like

Origin www.cnblogs.com/passzhang/p/12088251.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com