Achieve FTP + PAM + MySQL environment, batch configuration virtual users
Built environment: CentOS6.5 or CentOS6.7
[root@vhost3 ~]# uname -a
Linux vhost3 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
yum install MySQL, vsftpd
yum install -y vsftpd mysql-server mysql-devel mysql-libs
Installation pam
Installation dependencies
yum install -y pam-devel fprintd-pam pam_passwdqc pam
Compile and install pam, suitable for yum install MySQL
[root@localhost]#wget http://www.huzs.net/soft/vsftpd/pam_mysql-0.7RC1.tar.gz
[root@localhost]#tar xvf pam_mysql-0.7RC1.tar.gz
[root@localhost]#cd pam_mysql-0.7RC1
[root@localhost]# ./configure --with-openssl --with-pam-mods-dir=/lib/security/
[root@localhost]# make && make install
After installation, the following two documents will generate
/lib/security/pam_mysql.la /lib/security/pam_mysql.so
Vsftpd modify profile (Reference)
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=kdui_ftp # pam认证的配置文件
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES # 启用虚拟用户
guest_username=kdui_ftp # 虚拟用户的权限是寄宿在操作系统的kdui_ftp这个用户上的,这个用户必须真实存在
local_root=/home/dms/kdui/dmsdata/userBase/$USER #指定用户登录的家目录,$USER是内置变量,表示用户名
user_sub_token=$USER
virtual_use_local_privs=YES
xferlog_file=/var/log/xferlog
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd
user_config_dir=/etc/vsftpd/user_config #每个虚拟用户的独立配置文件目录,配置文件和用户同名
Configure the system environment, according to vsftpd configuration file
Create a home directory of the host account
[root@localhost]#mkdir -p /home/dms/kdui/dmsdata/
Create a virtual host user accounts
[root@localhost]# useradd -s /sbin/nologin -d /home/dms/kdui/dmsdata/userBase/ kdui_ftp
Create a virtual user profile directory, (according to the above configuration file can not be created)
[root@localhost]# mkdir -p /etc/vsftpd/user_config
Modify pam authentication file
[root@localhost]# vim /etc/pam.d/kdui_ftp
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_mysql.so user=ftp passwd=123456 host=localhost db=ftp table=ftpuser usercolumn=username passwdcolumn=password crypt=0
account required /lib/security/pam_mysql.so user=ftp passwd=123456 host=localhost db=ftp table=ftpuser usercolumn=username passwdcolumn=password crypt=0
# 调用的模块 数据库用户名 密码 IP 库名 表名 哪个字段作为用户名 哪个字段作为密码
# crypt表示密码是否加密以及加密方式,0表示明文,1表示使用UNIX的DES加密,2表示使用MySQL的password()函数,3表示口令使用MD5加密
Configure MySQL database
Start the database
[root@localhost]# /etc/init.d/mysqld start
#Connect to the database
[root@localhost]# mysql -uroot
# Building a database
mysql> CREATE DATABASE IF NOT EXISTS `ftp` ;
mysql> use ftp;
# Build the table
mysql> CREATE TABLE IF NOT EXISTS `ftpuser` (
`id` int(6) NOT NULL AUTO_INCREMENT,
`username` varchar(20) NOT NULL,
`password` varchar(20) NOT NULL,
`status` int(1) NOT NULL DEFAULT '1',
`level` int(1) NOT NULL DEFAULT '1',
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=2 ;
Insert two virtual user data i.e. ftp
mysql> INSERT INTO `ftpuser` (`username`, `password`) VALUES ( 'aaa', '123');
mysql> INSERT INTO `ftpuser` (`username`, `password`) VALUES ( 'bbb', '456');
Pam verify authorized use mysql account
mysql> grant select on ftp.ftpuser to ftp@localhost identified by '123456';
mysql> FLUSH PRIVILEGES;
mysql> quit;
Start ftp
[root@loaclhost]#/etc/init.d/vsftpd start