Vsftpd With Mysql Backened

EL 5
pam_mysql.so

wget ftp://ftp.pbone.net/mirror/centos.karan.org/el5/extras/testing/i386/RPMS/pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm rpm -ivh pam_mysql-0.7-0.5.rc1.el5.kb.2.i386.rpm yum install mysql-server vsftpd

EL 6 :

wget http://mirror.chpc.utah.edu/pub/epel/6/i386/epel-release-6-7.noarch.rpm rpm -ivh epel-release-6.7.noarch.rpm yum install pam_mysql mysql-server vsftpd

  1. Create Database for Storing Users and Password

Login to mysql server and issue :

CREATE DATABASE vsftpd; grant all on vsftpd.* to 'username'@'localhost' IDENTIFIED BY 'dbpassword'; FLUSH PRIVILEGES; USE vsftpd CREATE TABLE ftp_users ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY , username VARCHAR( 30 ) NOT NULL , pass VARCHAR( 50 ) NOT NULL , UNIQUE (username) ) ENGINE = MYISAM ;

Configure VSFTPD :

Create a user called vsftpd with home directory /var/ftp/vsftpd with group ‘users’. All the ftp directories will be under this home directory. or can be defined in vsftpd per user config file.

useradd -G users -s /bin/false -d /var/ftp/vsftpd vsftpd cp -v /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig vi /etc/vsftpd/vsftpd.conf

Configuration File :

anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES log_ftp_protocol=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog xferlog_std_format=YES idle_session_timeout=600 #in seconds nopriv_user=vsftpd chroot_local_user=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES

now configure user login directory

guest_enable=NO guest_username=vsftpd local_root=/home/vsftpd/$USER user_sub_token=$USER virtual_use_local_privs=YES user_config_dir=/etc/vsftpd/vsftpd_user_conf

Please not you can use user_config_dir option to specify per user configuration file to override the global setting.

mkdir /etc/vsftpd/vsftpd_user_conf vi /etc/vsftpd/vsftpd_usr_conf/exampleuser dirlist_enable=YES download_enable=YES local_root=/path/to/dir write_enable=YES

Please note you should create the directory with permission to read,write

Now configure PAM to enable mysql authentication instead of passwd and shadow

cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.orig echo "" > /etc/pam.d/vsftpd vi /etc/pam.d/vsftpd

%PAM-1.0 session       optional        pam_keyinit.so       force revoke auth required pam_mysql.so user=vsftpd passwd=vsftpdpassword  host=localhost db=vsftpd table=accounts usercolumn=username   passwdcolumn=pass crypt=3 account required pam_mysql.so user=vsftpd passwd=vsftpdpassword  host=localhost db=vsftpd table=accounts usercolumn=username  passwdcolumn=pass crypt=3

Install pam_mysql module

check if it’s installed :

ls -al /lib/security/pam_m*

Now login to mysql , and create user

insert into ftp_accounts(username,pass) VALUES('exampleuser',md5('password')); service vsftpd restart

NOTE: IF you get this error : pam_mysql – non-crypt()ish MD5 hash is not supported in this build , you have to build the pam_mysql with option :: ./configure –with-openssl

Setting SELINUX for FTP Access

getsebool -a | grep ftp setsebool -P ftp_home_dir on