Empulse Group a collection of notes from a sys admin, musician, and father

15Nov/100

Setting up vsftpd with MySQL authentication

Here we will be setting up vsftpd to use MySQL for authentication using pam_mysql.  MySQL already uses PAM so we will just need to edit the pam file for this service to use the pam_mysql module. Then, we edit the vsftpd.conf file. And finally, the user credentials will be stored in a MySQL database.

Install packages:

  • pam_mysql
  • mysql
  • vsftpd
[root@www ~]# cat /etc/pam.d/vsftpd
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=foo host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime
## i will just space these 2 lines out ##
account required /lib64/security/pam_mysql.so user=vsftpd passwd=foo host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime

Note: For the crypt=x option, the following applies
-------
0 = No encryption. Passwords in database in plaintext. NOT recommended!
1 = Use crypt
2 = Use MySQL PASSWORD() function

[root@www ~]# grep -v \# /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
nopriv_user=vsftpd
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
chroot_local_user=YES

Then we need to create a 'vsftpd' system user. Our virtual ftp users will have home directories under /home/vsftpd. We also have to manually create the home directory for the virutal users as specificed by the "local_root" directive in the vsftpd.conf file.

[root@www ~]# useradd --home /home/vsftpd -m --shell /bin/false vsftpd
[root@www ~]# mkdir /home/vsftpd/test3
[root@www ~]# chown vsftpd:vsftpd /home/vsftpd/test3/

CREATE DATABASE AND TABLES IN MYSQL

> create database vsftpd;
> use vsftpd;
> create table users (id int AUTO_INCREMENT NOT NULL, name char(128) binary NOT NULL, passwd char(128) binary NOT NULL, primary key(id) );
> create table logs (msg varchar(255), user char(128), pid int, host char(128), rhost char(128), logtime timestamp );
> INSERT INTO users (name, passwd) VALUES ('test5', 'test5'); // for plain text, crypt=0 in /etc/pam.d/vsftpd
> insert into users (name, passwd) values ('eric@empulsegroup.com',password('tististis')); // when using MySQL PASSWORD() function or crypt=2 in the pam file

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.