vsftpd基于mysql的认证方式

安装epel源:
cd /etc/yum.repos.d
wget http://mirrors.neusoft.edu.cn/epel/epel-release-latest-6.noarch.rpm
rpm -ivh epel-release-latest-6.noarch.rpm
 
然后安装pam_mysql这个包:
yum -y install pam_mysql
[root@wadeson yum.repos.d]# ll /lib64/security/pam_mysql.so 

-rwxr-xr-x 1 root root 42424 Aug 14 2011 /lib64/security/pam_mysql.so

 

配置数据库:

MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'127.0.0.1' identified by 'redhat';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

然后在该数据库创建表:

MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(id int auto_increment not null,name char(20) binary not null,password char(48) binary not null,primary key(id));
Query OK, 0 rows affected (0.05 sec)

MariaDB [vsftpd]> insert into users(name,password) values ('admin',password('redhat'));
Query OK, 1 row affected (0.05 sec)

由于vsftpd和mysql服务都是在同一台主机上,所以相对来说授权的host范围小,当mysql和vsftpd不在同一台主机上时,

pam_mysql这个包还是和vsftpd上安装,这个时候该主机还得安装mysql客户端,远程的mysql服务器应该给予vsftpd这

台主机host访问的权限

 

配置完成mysql后然后配置pam认证信息:

[root@wadeson ~]# vim /etc/pam.d/vsftpd.mysql

auth required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

然后修改vsftpd.conf配置文件的相关信息:

整个vsftpd.conf的配置内容:

anonymous_enable=NO
local_enable=YES
#write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_port=21
userlist_enable=YES
chroot_local_user=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=ftpuser            (如果设置了这个,需要在系统上创建该用户)
pam_service_name=vsftpd.mysql
user_config_dir=/etc/vsftpd/vsftpd_user_conf
virtual_use_local_privs=YES
pasv_min_port=50000
pasv_max_port=60000
pasv_enable=yes
max_clients=200
max_per_ip=4
idle_session_timeout=600
ftpd_banner=Welcome to opendoc FTP service.

然后修改/etc/vsftpd/vsftpd_user_conf该目录下面虚拟账户的各自配置:(该目录如果没有需要进行创建)

[root@wadeson vsftpd_user_conf]# cat admin
write_enable=YES
anonymous_enable=NO
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_umask=022
download_enable=Yes
local_root=/var/ftproot

然后进行访问:

[root@wadeson vsftpd_user_conf]# ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 Welcome to opendoc FTP service.
Name (127.0.0.1:root): admin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,209,50).
150 Here comes the directory listing.
-rw-r--r-- 1 501 501 423612 Jun 23 07:06 2015_12.7z
drwxr-xr-x 2 501 501 4096 Jul 12 07:25 test
drwxr-xr-x 2 501 501 4096 Jul 12 12:38 test02
226 Directory send OK.
ftp> mkdir test03
257 "/test03" created

posted on 2017-07-12 20:47  wadeson  阅读(663)  评论(0编辑  收藏  举报