1、服務端配置
一、環境準備
[root@server ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@server ~]# uname -r
2.6.32-573.el6.x86_64
[root@server ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo #pam_mysql須要配置epel源
[root@server ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@server ~]# /etc/init.d/iptables stop
[root@server ~]# getenforce
Disabled
二、服務端安裝mysql,vsftpd及pam_mysql
[root@server ~]# yum install mysql-server vsftpd pam_mysql -y
三、建立用於vsftpd的數據庫,建立相關表及用戶
[root@server ~]# /etc/init.d/mysqld start
[root@server ~]# mysql
mysql> create database vsftpd;
mysql> use vsftpd
mysql> create table users(id int AUTO_INCREMENT NOT NULL, #建立users表
-> name char(20) binary NOT NULL,
-> password char(48) binary NOT NULL,
-> primary key(id));
mysql> insert into users (name,password) values ('tom',password('tom')); #建立鏈接ftp的用戶
mysql> insert into users (name,password) values ('test',password('test'));
mysql> grant all on vsftpd.* to vsftpd@'%' identified by '123456'; #受權
mysql> flush privileges;
mysql> \q
Bye
四、查看pam模塊並建立認證文件
[root@server ~]# rpm -ql pam_mysql
/lib64/security/pam_mysql.so #pam模塊生成認證時須要的共享庫
/usr/share/doc/pam_mysql-0.7
/usr/share/doc/pam_mysql-0.7/COPYING
/usr/share/doc/pam_mysql-0.7/CREDITS
/usr/share/doc/pam_mysql-0.7/ChangeLog
/usr/share/doc/pam_mysql-0.7/NEWS
/usr/share/doc/pam_mysql-0.7/README
#建立認證文件
[root@server ~]# vim /etc/pam.d/vsftpd.mysql
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.23 db=vsftpd table=users usercolu
mn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.23 db=vsftpd table=users userco
lumn=name passwdcolumn=password crypt=2
--------------------------------------------------------------------------------
#認證文件字段解釋
auth #表示認證
account #驗證帳號密碼正常使用
required #表示認證要經過
/lib64/security/pam_mysql.so #認證模塊
user=vsftpd #登陸mysql的用戶
passwd=123456 #登陸mysql的的密碼
host=10.0.0.22 #在mysql中定義的容許鏈接的主機名或ip地址
db=vsftpd #鏈接msyql的哪個庫
table=users #鏈接庫裏的哪個表
usercolumn=name #當作用戶名的字段
passwdcolumn=password #當作用戶名字段的密碼
crypt=2 #密碼的加密方式爲mysql password()函數加密
---------------------------------------------------------------------------------
五、建立虛擬用戶的映射用戶
[root@server ~]# mkdir /var/ftproot -p
[root@server ~]# useradd -s /sbin/nologin -d /var/ftproot/ vuser
[root@server ~]# chmod go+rx /var/ftproot/
[root@server ~]# chown -R vuser:vuser /var/ftproot/
[root@server ~]# ll /var/ftproot/ -d
drwxr-xr-x 2 vuser vuser 4096 Aug 29 04:03 /var/ftproot/ #特別注意權限,不然報錯響應:550 Create directory operation failed.
六、編輯vsftpd主配置文件,併爲單個用戶提供配置文件
[root@server ~]# vim /etc/vsftpd/vsftpd.conf
[root@server ~]# cat /etc/vsftpd/vsftpd.conf|egrep -v '^#|^$'
anonymous_enable=NO #匿名用戶不容許訪問
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd.mysql #修改pam_service_name
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES #容許guest訪問
guest_username=vuser #guest用戶名
user_config_dir=/etc/vsftpd/vuser_config #用戶配置文件路徑
#建立用戶配置文件路徑及文件
[root@server ~]# mkdir /etc/vsftpd/vuser_config
[root@server ~]# cd /etc/vsftpd/vuser_config
[root@server vuser_config]# vim tom
anon_upload_enable=YES #容許用戶上傳文件
anon_mkdir_write_enable=YES #容許建立目錄
anon_other_write_enable=YES #容許其餘寫權限
[root@server vuser_config]# vim test
anon_upload_enable=YES #容許用戶上傳文件
anon_mkdir_write_enable=NO #容許建立目錄
anon_other_write_enable=NO #容許其餘寫權限
七、重啓vsftpd服務並驗證權限
登陸tom用戶驗證
[root@client ~]# ftp 10.0.0.23
Connected to 10.0.0.23 (10.0.0.23).
220 (vsFTPd 2.2.2)
Name (10.0.0.23:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,23,75,169).
150 Here comes the directory listing.
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> put issue #能夠上傳文件
local: issue remote: issue
227 Entering Passive Mode (10,0,0,23,71,103).
150 Ok to send data.
226 Transfer complete.
47 bytes sent in 3.3e-05 secs (1424.24 Kbytes/sec)
ftp> mkdir 111 #能夠建立目錄
257 "/111" created
ftp> mkdir 123
257 "/123" created
ftp> delete issue #能夠刪除文件
250 Delete operation successful.
ftp>
登陸test用戶驗證
[root@client ~]# ftp 10.0.0.23
Connected to 10.0.0.23 (10.0.0.23).
220 (vsFTPd 2.2.2)
Name (10.0.0.23:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,23,209,129).
150 Here comes the directory listing.
drwx------ 2 500 500 4096 Aug 28 21:31 111
drwx------ 2 500 500 4096 Aug 28 21:32 123
226 Directory send OK.
ftp> mkdir 444 #不能建立目錄
550 Permission denied.
ftp> lcd /etc
Local directory now /etc
ftp> put services #能夠上傳文件
local: services remote: services
227 Entering Passive Mode (10,0,0,23,190,148).
150 Ok to send data.
226 Transfer complete.
641020 bytes sent in 0.00434 secs (147632.43 Kbytes/sec)
ftp> delete services #不能刪除文件
550 Permission denied.
ftp>
八、使用filezilla登陸ftp
