Realize vsftpd virtual user access based on MySQL authentication

Time:2022-1-12

1、 Configure MySQL server

1.1 installing MySQL

# yum -y install mariadb-server
# systemctl enable --now mariadb.service && systemctl status

1.2 create database support vsftpd service

#1 create databases and tables for storing virtual users
MariaDB [(none)]> create database vsftpd;
MariaDB [vsftpd]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| vsftpd             |
+--------------------+
4 rows in set (0.000 sec)
MariaDB [(none)]> use vsftpd
MariaDB [vsftpd]> create table users(id int auto_increment not null primary key,name char(50) binary not null,password char(48) binary not null);
MariaDB [vsftpd]> show tables;
+------------------+
| Tables_in_vsftpd |
+------------------+
| users            |
+------------------+
1 row in set (0.001 sec)

#2 add virtual user
MariaDB [vsftpd]> insert into users(name,password) values('xiaoming',password('123456'));
Query OK, 1 row affected (0.002 sec)
MariaDB [vsftpd]> insert into users(name,password) values('xiaohong',password('654321'));
Query OK, 1 row affected (0.004 sec)
MariaDB [vsftpd]> select * from users;
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | xiaoming | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
|  2 | xiaohong | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+----+----------+-------------------------------------------+
2 rows in set (0.001 sec)

#3. Create an account to connect to the database
MariaDB [(none)]> grant select on vsftpd.* to [email protected]'10.0.0.%' identified by "123456";
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)

2、 Configure FTP server

2.1 installation vsftpd

# yum -y install vsftpd

2.2 compiling and installing PAM_ mysq

# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
# tar xvf pam_mysql-0.7RC1.tar.gz
# cd pam_mysql-0.7RC1/
# ./configure --with-pam-mods-dir=/lib64/security
# make install
# ll /lib64/security/pam_mysql* 
-rwxr-xr-x 1 root root    882 Dec 25 22:14 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Dec 25 22:14 /lib64/security/pam_mysql.so

2.3 create documents required for PAM certification

# cat > /etc/pam.d/vsftpd.mysql << EOF
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
EOF

2.4 creating system users

# useradd -r -s /sbin/nologin -d /data/ftproot  vuser
# mkdir -pv /data/ftproot/upload
# setfacl -m u:vuser:rwx /data/ftproot/upload

2.5 modify vsftpd configuration file

# vi /etc/vsftpd/vsftpd.conf

guest_ Enable = yes # all system users are mapped to guest users
guest_ Username = Vuser # specifies the guest user
pam_ service_ name=vsftpd. MySQL # add PAM template

2.6 start vsftpd service

# systemctl enable --now vsftpd

3、 Testing

[[email protected] ~]#ftp 10.0.0.7
-bash: ftp: command not found
[[email protected] ~]#yum provides ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.cloud.tencent.com
 * epel: mirrors.cloud.tencent.com
 * extras: mirrors.cloud.tencent.com
ftp-0.17-67.el7.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
Repo        : base
[[email protected] ~]#yum -y install ftp-0.17-67.el7.x86_64
[[email protected] ~]#ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): xiaoming
331 Please specify the password.
Password:  #123456
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
#Successfully logged in

[[email protected] ~]#ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): xiaohong
331 Please specify the password.
Password:  #654321
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
#Successfully logged in