Utilizzare utenti virtuali in vsftpd
Jump to navigation
Jump to search
Utenze memorizzate in database Mysql
- Installare i pacchetti necessari:
sudo apt-get install vsftpd libpam-mysql
- Creare l'utente con cui girerà il daemon:
sudo useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
- Creare il database e lutente da utilizzare:
CREATE DATABASE vsftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'secretPassword';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'secretPassword';
FLUSH PRIVILEGES;
- Creare le tabelle che conterranno i dati degli accounts:
USE vsftpd; CREATE TABLE `accounts` ( `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` VARCHAR( 30 ) NOT NULL , `pass` VARCHAR( 50 ) NOT NULL , `homedir` VARCHAR( 900 ) NOT NULL , `active` int(11) NOT NULL, UNIQUE (`username`) ) ENGINE = MYISAM ;
- Creare l'utente in MYSQL, avendo cura di valorizzare il campo pass con PASSWORD(secretPassword')
INSERT INTO
accounts (username, pass, homedir)
VALUES
('testuser', PASSWORD('secretPassword'), '/var/www/testuser');
- Modificare il le seguenti direttive nel file di configurazione:
sudoedit /etc/vsftpd.conf
anonymous_enable=NO chown_uploads=YES chown_username=www-data chroot_local_user=YES dual_log_enable=YES guest_enable=YES guest_username=vsftpd local_enable=YES local_root=/home/vsftpd/$USER local_umask=022 log_ftp_protocol=YES max_login_fails=3 max_per_ip=4 nopriv_user=vsftpd pasv_addr_resolve=YES pasv_enable=YES pasv_max_port=65000 pasv_min_port=60000 rsa_cert_file=/etc/ssl/certs/vsftpd.pem user_config_dir=/etc/vsftpd/user_conf user_sub_token=$USER virtual_use_local_privs=YES vsftpd_log_file=/var/log/vsftpd.log write_enable=YES
- Creare la directory contenete i files di configurazione per i singoli account:
sudo mkdir -p /etc/vsftpd/user_conf
- Per ogni utente mysql, occorrerà creare un file che ne specifici i dettagli:
sudoedit /etc/vsftpd/user_conf/nomeutente
dirlist_enable=YES download_enable=YES local_root=/var/www/nomeutente
- Impostare le permission sulla directory:
sudo chown -R vsftpd:www-data /var/www/nomeutente
- Configuriamo il modulo pam:
sudoedit /etc/pam.d/vsftpd
auth required pam_mysql.so user=vsftpd passwd=secretPassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 verbose=1 account required pam_mysql.so user=vsftpd passwd=secretPassword host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2 verbose=1
- Riavviare vsftpd
sudo invoke-rc.d vsftpd restart
Riferimenti
Utenze memorizzate in text file
vsftpd is a secure, fast and stable FTP server. In this tutorial we'll install the server and make it check in a flat text file for virtual users allowed to login.
1. Install required packages
apt-get install vsftpd libpam-pwdfile
2. Configure vsftpd (pico /etc/vsftpd.conf)
Edit these variables in the config file and leave everything else with the default value.
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 nopriv_user=vsftpd virtual_use_local_privs=YES guest_enable=YES user_sub_token=$USER local_root=/var/www/$USER chroot_local_user=YES hide_ids=YES guest_username=vsftpd pasv_addr_resolve=YES
Set the local_root to the parent directory where the user's home directories are located
3. Configure PAM to check the passwd file for users (pico /etc/pam.d/vsftpd)
auth required pam_pwdfile.so pwdfile /etc/ftpd.passwd account required pam_permit.so
Make sure you remove everything else from the file
4. Create the passwd file containing the users
htpasswd -c /etc/ftpd.passwd user1
You can later add additional users to the file like this:
htpasswd /etc/ftpd.passwd user2
5. Create a local user that’s used by the virtual users to authenticate
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
6. Restart vsftpd
/etc/init.d/vsftpd restart
7. Create user's home directory since vsftpd doesn't do it automatically
mkdir /var/www/user1 chown vsftpd:nogroup /var/www/user1