vsftpd基于mysql的认证方式
-rwxr-xr-x 1 root root 42424 Aug 14 2011 /lib64/security/pam_mysql.so
配置数据库:
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'127.0.0.1' identified by 'redhat';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
然后在该数据库创建表:
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(id int auto_increment not null,name char(20) binary not null,password char(48) binary not null,primary key(id));
Query OK, 0 rows affected (0.05 sec)
MariaDB [vsftpd]> insert into users(name,password) values ('admin',password('redhat'));
Query OK, 1 row affected (0.05 sec)
由于vsftpd和mysql服务都是在同一台主机上,所以相对来说授权的host范围小,当mysql和vsftpd不在同一台主机上时,
pam_mysql这个包还是和vsftpd上安装,这个时候该主机还得安装mysql客户端,远程的mysql服务器应该给予vsftpd这
台主机host访问的权限
配置完成mysql后然后配置pam认证信息:
[root@wadeson ~]# vim /etc/pam.d/vsftpd.mysql
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
然后修改vsftpd.conf配置文件的相关信息:
整个vsftpd.conf的配置内容:
anonymous_enable=NO
local_enable=YES
#write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_port=21
userlist_enable=YES
chroot_local_user=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=ftpuser (如果设置了这个,需要在系统上创建该用户)
pam_service_name=vsftpd.mysql
user_config_dir=/etc/vsftpd/vsftpd_user_conf
virtual_use_local_privs=YES
pasv_min_port=50000
pasv_max_port=60000
pasv_enable=yes
max_clients=200
max_per_ip=4
idle_session_timeout=600
ftpd_banner=Welcome to opendoc FTP service.
然后修改/etc/vsftpd/vsftpd_user_conf该目录下面虚拟账户的各自配置:(该目录如果没有需要进行创建)
[root@wadeson vsftpd_user_conf]# cat admin
write_enable=YES
anonymous_enable=NO
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_umask=022
download_enable=Yes
local_root=/var/ftproot
然后进行访问:
[root@wadeson vsftpd_user_conf]# ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 Welcome to opendoc FTP service.
Name (127.0.0.1:root): admin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,209,50).
150 Here comes the directory listing.
-rw-r--r-- 1 501 501 423612 Jun 23 07:06 2015_12.7z
drwxr-xr-x 2 501 501 4096 Jul 12 07:25 test
drwxr-xr-x 2 501 501 4096 Jul 12 12:38 test02
226 Directory send OK.
ftp> mkdir test03
257 "/test03" created