Implement Virtual Users for VSFTPD Server authentication
Release:
Redhat Enterprise Linux 5.x
Berkeley DB 4.7.25
Problem:
Create an virtual user database and authenticate ftp server (vsftpd service) using that virtual users.
Solution:
1) First configure the VSFTPD server and make the vsftpd service running
2) Install the required RPMs
# yum install db4-utils
3) Download the Berkeley DB from the below URL
4) Install the Berkeley DB program on the sevrer
# cd /tmp
# tar -xvf db-4.7.25.tar.tar
# cd db-4.7.25/build_unix/
# ../dist/configure
# make
# make install
Create the Virtual User database:
5) Create text file with the virtual user's username and password information like below one.
# vi login.txt
testuser
12345
user1
12345
6) Create the database file using the “db_load” command.
# db_load -T -t hash -f login.txt /etc/vsftpd/login.db
7) Optionally change the permission of the db file.
# chmod 600 /etc/vsftpd/login.db
8) Edit the PAM configuration file to use the created db file.
# vi /etc/pam.d/vsftpd
session include system-auth
auth required pam_userdb.so db=/etc/vsftpd/login
account required pam_userdb.so db=/etc/vsftpd/login
session required pam_loginuid.so
9) Create a location for the virtual users
# useradd -d /var/ftp/virtualuser virtual
10) Edit the configuration file to use the virtual users
# vi /etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=virtual
Note: If you add the above two lines means all the virtual users are redirect to the “/var/ftp/virtualuser” directory. Otherwise if you want to use chroot for every user means, that also possible. Add the below entries for every user login to their respective directory.
# vi /etc/vsftpd/vsftpd.conf
virtual_use_local_privs=YES
write_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
hide_ids=YES
guest_enable=YES
11) Restart the ftp service on the server.
# service vsftpd restart
12) Now from the client try to login using that virtual username and password
$ ftp ftpserver
Connected to ftpserver.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (sbssdb5:query1): testuser
331 Please specify the password.
Password: 12345
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>
No comments:
Post a Comment