CentOS6配置Vsftpd基於MySQL虛擬用戶驗證登陸

時間 2019-11-08

標籤 centos6 centos 配置 vsftpd 基於 mysql 虛擬用戶驗證登陸欄目 CentOS 简体版

原文原文鏈接

1、服務端配置

一、環境準備

[root@server ~]# cat /etc/redhat-release 
CentOS release 6.7 (Final)
[root@server ~]# uname -r
2.6.32-573.el6.x86_64
[root@server ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo  #pam_mysql須要配置epel源
[root@server ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@server ~]# /etc/init.d/iptables stop
[root@server ~]# getenforce
Disabled

二、服務端安裝mysql，vsftpd及pam_mysql

[root@server ~]# yum install mysql-server vsftpd pam_mysql -y

三、建立用於vsftpd的數據庫，建立相關表及用戶

[root@server ~]# /etc/init.d/mysqld start
[root@server ~]# mysql
mysql> create database vsftpd;
mysql> use vsftpd
mysql> create table users(id int AUTO_INCREMENT NOT NULL,   #建立users表
    -> name char(20) binary NOT NULL,
    -> password char(48) binary NOT NULL, 
    -> primary key(id));
mysql> insert into users (name,password) values ('tom',password('tom'));   #建立鏈接ftp的用戶
mysql> insert into users (name,password) values ('test',password('test'));
mysql> grant all on vsftpd.* to vsftpd@'%' identified by '123456';    #受權
mysql> flush privileges;
mysql> \q
Bye

四、查看pam模塊並建立認證文件

[root@server ~]# rpm -ql pam_mysql
/lib64/security/pam_mysql.so   #pam模塊生成認證時須要的共享庫
/usr/share/doc/pam_mysql-0.7
/usr/share/doc/pam_mysql-0.7/COPYING
/usr/share/doc/pam_mysql-0.7/CREDITS
/usr/share/doc/pam_mysql-0.7/ChangeLog
/usr/share/doc/pam_mysql-0.7/NEWS
/usr/share/doc/pam_mysql-0.7/README

#建立認證文件
[root@server ~]# vim /etc/pam.d/vsftpd.mysql
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.23 db=vsftpd  table=users usercolu
mn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.23 db=vsftpd table=users userco
lumn=name passwdcolumn=password crypt=2
--------------------------------------------------------------------------------
#認證文件字段解釋
auth 	#表示認證
account #驗證帳號密碼正常使用
required #表示認證要經過
/lib64/security/pam_mysql.so	#認證模塊
user=vsftpd		#登陸mysql的用戶
passwd=123456 	#登陸mysql的的密碼
host=10.0.0.22 	#在mysql中定義的容許鏈接的主機名或ip地址
db=vsftpd 		#鏈接msyql的哪個庫
table=users 	#鏈接庫裏的哪個表
usercolumn=name #當作用戶名的字段
passwdcolumn=password #當作用戶名字段的密碼
crypt=2 #密碼的加密方式爲mysql password()函數加密
---------------------------------------------------------------------------------

五、建立虛擬用戶的映射用戶

[root@server ~]# mkdir /var/ftproot -p
[root@server ~]# useradd -s /sbin/nologin -d /var/ftproot/ vuser
[root@server ~]# chmod go+rx /var/ftproot/
[root@server ~]# chown -R vuser:vuser /var/ftproot/
[root@server ~]# ll /var/ftproot/ -d
drwxr-xr-x 2 vuser vuser 4096 Aug 29 04:03 /var/ftproot/  #特別注意權限，不然報錯響應:550 Create directory operation failed.

六、編輯vsftpd主配置文件，併爲單個用戶提供配置文件

[root@server ~]# vim /etc/vsftpd/vsftpd.conf
[root@server ~]# cat /etc/vsftpd/vsftpd.conf|egrep -v '^#|^$'
anonymous_enable=NO   #匿名用戶不容許訪問
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd.mysql   #修改pam_service_name
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES      #容許guest訪問
guest_username=vuser  #guest用戶名
user_config_dir=/etc/vsftpd/vuser_config   #用戶配置文件路徑

#建立用戶配置文件路徑及文件
[root@server ~]# mkdir /etc/vsftpd/vuser_config
[root@server ~]# cd /etc/vsftpd/vuser_config
[root@server vuser_config]# vim tom   
anon_upload_enable=YES        #容許用戶上傳文件
anon_mkdir_write_enable=YES   #容許建立目錄
anon_other_write_enable=YES   #容許其餘寫權限
[root@server vuser_config]# vim test 
anon_upload_enable=YES        #容許用戶上傳文件
anon_mkdir_write_enable=NO    #容許建立目錄
anon_other_write_enable=NO    #容許其餘寫權限

七、重啓vsftpd服務並驗證權限

登陸tom用戶驗證
[root@client ~]# ftp 10.0.0.23
Connected to 10.0.0.23 (10.0.0.23).
220 (vsFTPd 2.2.2)
Name (10.0.0.23:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,23,75,169).
150 Here comes the directory listing.
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> put issue   #能夠上傳文件
local: issue remote: issue
227 Entering Passive Mode (10,0,0,23,71,103).
150 Ok to send data.
226 Transfer complete.
47 bytes sent in 3.3e-05 secs (1424.24 Kbytes/sec)
ftp> mkdir 111   #能夠建立目錄
257 "/111" created
ftp> mkdir 123
257 "/123" created
ftp> delete issue   #能夠刪除文件
250 Delete operation successful.
ftp> 

登陸test用戶驗證
[root@client ~]# ftp 10.0.0.23
Connected to 10.0.0.23 (10.0.0.23).
220 (vsFTPd 2.2.2)
Name (10.0.0.23:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,23,209,129).
150 Here comes the directory listing.
drwx------    2 500      500          4096 Aug 28 21:31 111
drwx------    2 500      500          4096 Aug 28 21:32 123
226 Directory send OK.
ftp> mkdir 444    #不能建立目錄
550 Permission denied.
ftp> lcd /etc
Local directory now /etc
ftp> put services    #能夠上傳文件
local: services remote: services
227 Entering Passive Mode (10,0,0,23,190,148).
150 Ok to send data.
226 Transfer complete.
641020 bytes sent in 0.00434 secs (147632.43 Kbytes/sec)
ftp> delete services   #不能刪除文件
550 Permission denied.
ftp>