Vsftpd With Mysql backened
Vsftpd With Mysql Backened
EL 5
pam_mysql.so
wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm rpm -ivh pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm yum install mysql-server vsftpd
EL 6 :
wget http://mirror.chpc.utah.edu/pub/epel/6/i386/epel-release-6-7.noarch.rpm rpm -ivh epel-release-6.7.noarch.rpm yum install pam_mysql mysql-server vsftpd
- Create Database for Storing Users and Password
Login to mysql server and issue :
CREATE DATABASE vsftpd; grant all on vsftpd.* to 'username'@'localhost' IDENTIFIED BY 'dbpassword'; FLUSH PRIVILEGES; USE vsftpd CREATE TABLE ftp_users ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY , username VARCHAR( 30 ) NOT NULL , pass VARCHAR( 50 ) NOT NULL , UNIQUE (username) ) ENGINE = MYISAM ;
Configure VSFTPD :
Create a user called vsftpd with home directory /var/ftp/vsftpd with group ‘users’. All the ftp directories will be under this home directory. or can be defined in vsftpd per user config file.
useradd -G users -s /bin/false -d /var/ftp/vsftpd vsftpd cp -v /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig vi /etc/vsftpd/vsftpd.conf
Configuration File :
anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES log_ftp_protocol=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES idle_session_timeout=600 #in seconds nopriv_user=vsftpd chroot_local_user=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
now configure user login directory
guest_enable=NO guest_username=vsftpd local_root=/home/vsftpd/$USER user_sub_token=$USER virtual_use_local_privs=YES user_config_dir=/etc/vsftpd/vsftpd_user_conf
Please not you can use user_config_dir option to specify per user configuration file to override the global setting.
mkdir /etc/vsftpd/vsftpd_user_conf vi /etc/vsftpd/vsftpd_usr_conf/exampleuser dirlist_enable=YES download_enable=YES local_root=/path/to/dir write_enable=YES
Please note you should create the directory with permission to read,write
Now configure PAM to enable mysql authentication instead of passwd and shadow
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.orig echo "" > /etc/pam.d/vsftpd vi /etc/pam.d/vsftpd
%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_mysql.so user=vsftpd passwd=vsftpdpassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3 account required pam_mysql.so user=vsftpd passwd=vsftpdpassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=3
Install pam_mysql module
check if it’s installed :
ls -al /lib/security/pam_m*
Now login to mysql , and create user
insert into ftp_accounts(username,pass) VALUES('exampleuser',md5('password')); service vsftpd restart
NOTE: IF you get this error : pam_mysql – non-crypt()ish MD5 hash is not supported in this build , you have to build the pam_mysql with option :: ./configure –with-openssl
Setting SELINUX for FTP Access
getsebool -a | grep ftp setsebool -P ftp_home_dir on