Vsftpd supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.
Required software
- Berkeley DB (version 4) databases
- pam_userdb.so
Install Berkeley DB And Utilities Under RHEL / CentOS
Type the following command:# yum install db4-utils db4
Create The Virtual Users Database
To create a "db4" format file, first create a plain text files with the usernames and password on alternating lines. For e.g. create user called "vivek" with password called "vivekpass" and sayali with password "sayalipass":# cd /etc/vsftpd
# cat > vusers.txt
Sample output:
vivek vivekpass sayali sayalipass
Next, create the actual database file like this:# db_load -T -t hash -f vusers.txt vsftpd-virtual-user.db
# chmod 600 vsftpd-virtual-user.db
# rm vusers.txt
Configure VSFTPD for virtual user
Edit the vsftpd configuration file. Add or correct the following configuration options:
anonymous_enable=NO local_enable=YES # Virtual users will use the same privileges as local users. # It will grant write access to virtual users. Virtual users will use the # same privileges as anonymous users, which tends to be more restrictive # (especially in terms of write access). virtual_use_local_privs=YES write_enable=YES # Set the name of the PAM service vsftpd will use # RHEL / centos user should use /etc/pam.d/vsftpd pam_service_name=vsftpd.virtual # Activates virtual users guest_enable=YES # Automatically generate a home directory for each virtual user, based on a template. # For example, if the home directory of the real user specified via guest_username is # /home/virtual/$USER, and user_sub_token is set to $USER, then when virtual user vivek # logs in, he will end up (usually chroot()'ed) in the directory /home/virtual/vivek. # This option also takes affect if local_root contains user_sub_token. user_sub_token=$USER # Usually this is mapped to Apache virtual hosting docroot, so that # Users can upload files local_root=/home/vftp/$USER # Chroot user and lock down to their home dirs chroot_local_user=YES # Hide ids from user hide_ids=YES
Save and close the file.
Create a PAM File Which Uses Your New Database
The following PAM is used to authenticate users using your new database. Create /etc/pam.d/vsftpd.virtual:# cat > /etc/pam.d/vsftpd.virtual
Append the following:
#%PAM-1.0 auth required pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user account required pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user session required pam_loginuid.so
Create The Location Of The Files
You need to set up the location of the files / dirs for the virtual users. Type the following command:# mkdir /home/vftp
# mkdir -p /home/vftp/{vivek,sayali}
# chown -R ftp:ftp /home/vftp
Restart The FTP Server
Type the following command:# service vsftpd restart
Test Your Setup
Open another shell session and type:$ ftp ftp.nixcraft.net
Sample output:
Connected to ftp.nixcraft.net.in. Name (localhost:root): vivek 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp>
Sample log from /var/log/secure:# tail -f /var/log/secure
Output
May 21 16:54:28 xentest vsftpd: pam_userdb(vsftpd.virtual:auth): user 'vivek' granted access
相关推荐
vsftpd是Very Secure FTP daemon的缩写,是UNIX类平台上安全的FTP服务器。 vsftpd在处理ls.c时存在远程拒绝服务漏洞,远程攻击者可利用此漏洞造成受影响应用程序崩溃,拒绝服务合法用户。
vsftpd+pam+mysql.docx
vsftpd+pam+mysql安装配置[文].pdf
Vsftpd+DB4,不使用系统账号,用db4生成加密数据文件控制ftp账号,更安全
21 -p 2020:20 -p 12020:12020 -p 12021:12021 -p 12022:12022 -p 12023:12023 -p 12024:12024 -p 12025:12025 -e "USER=myuser" -e "PASS=verysecretpwd" -d --volumes-from <data> -d emilybache/vsftpd-server:...
使用pam_mysql、vsftpd 搭建ftp的详细过程,实现虚拟账号。
vsftpd的pam验证问题,提供了vsftpd的pam验证机制,和mysql验证机制。同事提公了安装包
linux的centOS7.5(1804)版本的vsftpd+ftp客户端rpm安装包
[root@localhost vsftpd]#db_load -T -t hash -f /etc/vsftpd/ftp_pam_db.users /etc/vsftpd/vsftpd.login.db 第3步,配置PAM信息,在/etc/pam.d/下新建一个文件,名字为vsftpd.pam,文件内容如下: auth required ...
NULL 博文链接:https://jdkleo.iteye.com/blog/2106210
ubuntu上配置vsftpd FTP需要用的的db包
共九个文档,其中详细介绍了,vsftpd的安装及配置,还有详细的注意事项。不过都是openoffice文档,在ubuntu才能打开哦
vsftpd 及 ftp 工具 vsftpd 是服务器端工具 ftp 是命令行工具,用于连接vsftpd。
vsftpd + ssl 搭建加密传输的安全FTP服务器
docker-alpine-ftp-server 带有vsftpd服务器的小型灵活的Docker映像用法docker run -d \ -p 21:21 \ -p 21000-21010:21000-21010 \ -e USERS="one|1234" \ -e ADDRESS=ftp.site.domain \ delfer/alpine-ftp-server...
使用vsftpd架设FTP服务器
[root@centos /]# db_load -T -t hash -f vuser.txt /etc/vsftpd/vuser.db [root@centos /]# cd /etc/vsftpd/ [root@centos vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh vuser.db [root@...
linux安装vsftpd配置FTP服务器
vsftpd搭建ftp服务器 centos7.5,自己踩坑安装了,写下文档供大家下载学习,分数只是为了自己下载东西,内含vsftp安装包。不通用户有自己的用户目录。
安装vsftpd搭建ftp服务器