實驗環境:mysql
Linux centos-server 2.6.32-504.el6.x86_64 vsftpd-2.2.2-13.el6_6.1.x86_64 mysql-5.1.73-3.el6_5.x86_64
搭建所需環境:sql
yum install mysql mysql-server openssl pam-devel yum -y groupinstall "Development Tools" "Development Libraries"
安裝pam_mysql:centos
wget http://ncu.dl.sourceforge.net/project/pam-mysql/pam-mysql/0.7RC1/pam_mysql-0.7RC1.tar.gz tar zxvf pam_mysql-0.7RC1.tar.gz cd pam_mysql-0.7RC1 ./configure --with-pam=/usr/ --with-mysql=/usr/bin/mysql_config --with-openssl make && make install 安裝完成之後在/lib/security/下會多出個pam_mysql.la和pam_mysql.so [root@centos-server ~]# ls /lib/security/ pam_mysql.la pam_mysql.so
安裝vsftp: bash
yum -y install vsftpd
在mysql中新建用戶"vsftpd"用於vsftpd查詢,而且新建vsftpd表並建立虛擬用戶"down"和"up":app
mysql> create database vsftpd; mysql> grant select on vsftpd.* to vsftpd@localhost identified by 'dragon'; mysql> create table user( -> id int AUTO_INCREMENT NOT NULL primary key, -> name char(20) binary NOT NULL, -> password char(48) binary NOT NULL, -> ); mysql> insert into user(name,password) values('down','qwe123'); Query OK, 1 row affected (0.00 sec) mysql> insert into user(name,password) values('up','qwe123'); Query OK, 1 row affected (0.00 sec)
配置pam經過mysql認證:
tcp
[root@centos-server ~]# cat >>/etc/pam.d/vsftpd.mysql<< end auth required /lib/security/pam_mysql.so user=vsftpd passwd=dragon host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=0 account required /lib/security/pam_mysql.so user=vsftpd passwd=dragon host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=password crypt=0 end
添加虛擬用戶宿主用戶:ide
[root@centos-server ~]# useradd -s /sbin/nologin -d /var/ftp/v vuser1 [root@centos-server ~]# chmod o+rx /var/ftp/v/
建立虛擬用戶「UP」的配置文件,瀏覽+下載+上傳+建立目錄+刪除:測試
[root@centos-server ~]# cat >>/etc/vsftpd/vuser_dir/up <<end local_root /var/ftp/v/up anon_world_readable_only=no #可瀏覽 write_enable=yes#可寫 anon_upload_enable=yes #可上傳,須要write_enable=yes anon_other_write_enable=yes anon_mkdir_write_enable=yes #可建立目錄 end
建立虛擬用戶「down」的配置文件,可下載:ui
[root@centos-server ~]# cat >>/etc/vsftpd/vuser_dir/down<<end local_root=/var/ftp/v/down download_enable=YES write_enable=NO anon_upload_enable=NO end
建立虛擬用戶的根目錄spa
[root@centos-server ~]# mkdir /var/ftp/v/down [root@centos-server ~]# chown -R vuser1.vuser1 /var/ftp/v/down/ [root@centos-server ~]# mkdir /var/ftp/v/up [root@centos-server ~]# chown -R vuser1.vuser1 /var/ftp/v/up
在vsftpd.conf的添加如下配置
[root@centos-server ~]# tail -n 6 /etc/vsftpd/vsftpd.conf pam_service_name=vsftpd.mysql #pam認證文件 userlist_enable=YES #開啓用戶訪問控制列表 tcp_wrappers=YES#開啓tcp_wrappers訪問控制 guest_enable=YES#開啓虛擬用戶功能 guest_username=vuser1#虛擬用戶宿主用戶 user_config_dir=/etc/vsftpd/vuser_dir #配置虛擬用戶文件目錄
暫時SELINUX:
setenforce 0
開啓服務:
[root@centos-server ~]# service vsftpd restart
測試效果:
用戶up可登陸和上傳:
2.用戶「down」可登陸,建立和上傳操做被拒絕: