Saturday, 10 December 2011

Implement Virtual Users for VSFTPD Server authentication


Implement Virtual Users for VSFTPD Server authentication


Release:
Redhat Enterprise Linux 5.x
Berkeley DB 4.7.25

Problem:
Create an virtual user database and authenticate ftp server (vsftpd service) using that virtual users.

Solution:

1) First configure the VSFTPD server and make the vsftpd service running

2) Install the required RPMs

# yum install db4-utils

3) Download the Berkeley DB from the below URL

http://www.oracle.com/technetwork/database/berkeleydb/downloads/index-082944.html

4) Install the Berkeley DB program on the sevrer

# cd /tmp
# tar -xvf db-4.7.25.tar.tar
# cd db-4.7.25/build_unix/
# ../dist/configure
# make
# make install


Create the Virtual User database:

5) Create text file with the virtual user's username and password information like below one.

# vi login.txt
testuser
12345
user1
12345

6) Create the database file using the “db_load” command.

# db_load -T -t hash -f login.txt /etc/vsftpd/login.db

7) Optionally change the permission of the db file.

# chmod 600 /etc/vsftpd/login.db

8) Edit the PAM configuration file to use the created db file.

# vi /etc/pam.d/vsftpd
session include system-auth
auth required pam_userdb.so db=/etc/vsftpd/login
account required pam_userdb.so db=/etc/vsftpd/login
session required pam_loginuid.so

9) Create a location for the virtual users

# useradd -d /var/ftp/virtualuser virtual

10) Edit the configuration file to use the virtual users

# vi /etc/vsftpd/vsftpd.conf

guest_enable=YES
guest_username=virtual

Note: If you add the above two lines means all the virtual users are redirect to the “/var/ftp/virtualuser” directory. Otherwise if you want to use chroot for every user means, that also possible. Add the below entries for every user login to their respective directory.

# vi /etc/vsftpd/vsftpd.conf

virtual_use_local_privs=YES
write_enable=YES
user_sub_token=$USER
local_root=/home/vftp/$USER
chroot_local_user=YES
hide_ids=YES
guest_enable=YES

11) Restart the ftp service on the server.

# service vsftpd restart

12) Now from the client try to login using that virtual username and password

ftp ftpserver
Connected to ftpserver.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (sbssdb5:query1): testuser
331 Please specify the password.
Password: 12345
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp>

Posted by LINUX TRICKS at 09:10
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)