Very Secure FTP Daemon (VSFTPD) is a popular and highly secure FTP server that supports virtual users. This guide will walk you through the process of configuring VSFTPD with virtual users in a MySQL database on CentOS 7. Virtual users are useful for isolating FTP access and enhancing security as they do not require system accounts.
Prerequisites
- CentOS 7 installed
- Root access or a user with sudo privileges
- MySQL or MariaDB server installed and configured
Installation and Basic Configuration of VSFTPD
- Installing VSFTPD First, install VSFTPD using YUM:
sudo yum install vsftpd
- Basic Configuration After installation, open the VSFTPD configuration file (
/etc/vsftpd/vsftpd.conf
) and make the following modifications:- Disable anonymous FTP access by changing
anonymous_enable=YES
toanonymous_enable=NO
. - Enable local users by changing
local_enable=NO
tolocal_enable=YES
. - Allow write access to directories by changing
write_enable=NO
towrite_enable=YES
.
- Disable anonymous FTP access by changing
Setting Up MySQL Database for Virtual Users
- Creating a Database and User In MySQL or MariaDB, create a new database and user for VSFTPD:
CREATE DATABASE vsftpd; GRANT ALL PRIVILEGES ON vsftpd.* TO 'vsftpd_user'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES;
- Creating a Table for Virtual Users Create a table to store virtual user credentials:
USE vsftpd; CREATE TABLE accounts ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, username VARCHAR(30) NOT NULL, password VARCHAR(255) NOT NULL );
Integrating VSFTPD with MySQL
- Installing the PAM Module For authenticating virtual users via the database, install the PAM (Pluggable Authentication Modules) module for MySQL:
sudo yum install pam_mysql
- Configuring PAM for VSFTPD Create a new PAM configuration file for VSFTPD (
/etc/pam.d/vsftpd_virtual
) with the following content:auth required pam_mysql.so user=vsftpd_user passwd=password host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd_user passwd=password host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=2
- Updating VSFTPD Configuration for PAM Modify the file
/etc/vsftpd/vsftpd.conf
and add the following lines:guest_enable=YES guest_username=ftp pam_service_name=vsftpd_virtual virtual_use_local_privs=YES user_sub_token=$USER local_root=/var/ftp/virtual/$USER chroot_local_user=YES
After completing the configuration, restart VSFTPD and enable the service:
sudo systemctl restart vsftpd
sudo systemctl enable vsftpd
You should now be able to log in to the FTP server using virtual user accounts defined in the database. Ensure you have set appropriate permissions and created home directories for virtual users.
This guide provides a basic overview of setting up VSFTPD with virtual users in a database on CentOS 7. Depending on your requirements, you can further customize the configuration to enhance security or meet specific needs of your environment.