Vsftpd FTP服务器-虚拟用户(mysql)和本地用户同时验证
所需软件:
1.vsftpd-2.0.6.tar.gz
2.pam_mysql-0.7RC1.tar.gz
3.Mysql5.0.27
一、安装vsftpd
[root@ganwenliang soft]# tar xzfv vsftpd-2.0.6.tar.gz
[root@ganwenliang vsftpd-2.0.6]# make
[root@ganwenliang vsftpd-2.0.6]# make install
[root@ganwenliang vsftpd-2.0.6]# cp vsftpd.conf /etc
在系统中添加用户soft,作为guest用户
[root@ganwenliang vsftpd-2.0.6]# adduser soft
编辑vsftpd.conf在最下面加入下面三行:
guest_enable=YES
guest_username=soft
listen=YES
启运vsftpd:
[root@ganwenliang vsftpd-2.0.6]# /usr/local/sbin/vsftpd &
如果大家遇到诸如“vsftpd:500 OOPS: bad bool value in config file for: anonymous_enable”的报错的话,可以看一下我这篇文章 http://www.2cto.com/os/201112/115710.html
二、安装MySQL
[root@ganwenliang soft]# tar -zvxf mysql-max-5.0.27.tar.gz
[root@ganwenliang soft]# cd mysql-max-5.0.27
[root@ganwenliang mysql-max-5.0.27]# ./configure --prefix=/usr/local/mysql
[root@ganwenliang mysql-max-5.0.27]# make
[root@ganwenliang mysql-max-5.0.27]# make install
[root@ganwenliang mysql-max-5.0.27]# cp support-files/my-medium.cnf /etc/my.cnf
添加mysql用户及用户组
[root@ganwenliang soft]# groupadd mysql
[root@ganwenliang soft]# useradd -g mysql mysql
修改mysql目录权限
[root@ganwenliang soft]# chown -R root /usr/local/mysql
[root@ganwenliang soft]# chgrp -R mysql /usr/local/mysql
[root@ganwenliang soft]# chown -R mysql /usr/local/mysql/var
生成mysql系统数据库
[root@ganwenliang soft]# /usr/local/mysql/bin/mysql_install_db --user=mysql
启动mysql服务
[root@ganwenliang soft]# /usr/local/mysql/bin/mysqld_safe --user=mysql &
如出现Starting mysqld daemon with databases from /usr/local/mysql/var
代表正常启动mysql服务了, 按Ctrl + C 跳出
修改mysql 的root 密码
[root@ganwenliang soft]# /usr/local/mysql/bin/mysqladmin -u root -p password "123456"
建立相应的数据库、表来存放FTP用户数据:
create database ftp;
CREATE TABLE `logs` (
`msg` varchar(255) default NULL,
`user` char(16) default NULL,
`pid` int(11) default NULL,
`host` char(32) default NULL,
`rhost` char(32) default NULL,
`logtime` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP
) ENGINE=MyISAM DEFAULT CHARSET=gb2312;
#
# Table structure for table users
#
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`name` char(16) character set gb2312 collate gb2312_bin default NULL,
`passwd` char(48) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=gb2312;
如果大家遇到说找不到gb2312的错误提示的话,可以重新编译mysql,让其支持gbk。还有一个方法是将上面sql语句中的“DEFAULT CHARSET=gb2312”去掉
三、安装Pam_mysql
[root@ganwenliang soft]# tar xzfv pam_mysql-0.7pre3
[root@ganwenliang soft]# cd pam_mysql-0.7pre3
因为我这人是自己安装的Mysql,所以要设置两个软链接,否则pam_mysql编译会通不过
[root@ganwenliang pam_mysql-0.7pre3]# ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
[root@ganwenliang pam_mysql-0.7pre3]# ln -s /usr/local/mysql/include/mysql /usr/include/mysql
现在开始编译:
[root@ganwenliang pam_mysql-0.7pre3]# ./configure --with-openssl
[root@ganwenliang pam_mysql-0.7pre3]# make
[root@ganwenliang pam_mysql-0.7pre3]# make install
[root@ganwenliang security]# ls
classpath.security libgcj.security pam_mysql.la pam_mysql.so
[root@ganwenliang security]# pwd
/usr/lib/security
[root@ganwenliang security]#
完成后,我们需要的pam_mysql.so就在这个目录了
四、配置pam文件
要想实现虚拟用户和本地用户同时能够验证pam文件必须使用这两个参数sufficient和required
这是我的vsftpd.mysql文件,大家可以参考:
前面2行用于虚拟用户认证,当认证不通过时,自动验证本地用户(后面5行)
auth sufficient /usr/lib/security/pam_mysql.so user=root passwd=mysql_password host=localhost db=ftp table=users usercolumn=name passwdcolumn=passwd crypt=2 sqllog=1 logtable=logs logmsgcolumn=msg
logusercolumn=user logpidcolumn=pid log
hostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1
account sufficient /usr/lib/security/pam_mysql.so user=root passwd=mysql_password host=localhost db=ftp table=users usercolumn=name passwdcolumn=passwd crypt=2 sqllog=1 logtable=logs logmsgcolumn=msg
logusercolumn=user logpidcolumn=pid
loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_shells.so
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
其中user=root passwd=mysql_password 为你mysql的用户名和密码,请注意修改一下
我的vsftpd.conf部分内容给大家参考:
guest_enable=YES
guest_username=soft
pam_service_name=/etc/pam.d/vsftpd.mysql
user_config_dir=/etc/vsftpd/vsftpd_user
userlist_enable=YES
listen=YES
tcp_wrappers=YES
如需给用户设置单独的权限,在/etc/vsftpd/vsftpd_user 建立以用户命名的文件,如test,
然后vi /etc/vsftpd/vsftpd_user/test,将下面代码复制进去
#anon_world_readable_only=NO
local_root=/home/dong
anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES
virtual_use_local_privs=YES
chmod_enable=YES
file_open_mode=0775