Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解

時間  2019-11-20
標籤 linux 基礎 入門 vsftp+mysql vsftp mysql mariadb 認證 虛擬 用戶 配置 詳解 欄目 Linux 简体版
原文   原文鏈接

https://www.dwhd.org/20150603_144841.htmlhtml

 

摘要

VSFTP可使用系統帳戶或者匿名帳戶登陸,可是出於安全的考慮,一般建議使用vsftp虛擬帳戶來登陸ftp服務器,虛擬用戶是指使用獨立的文件保存vsftp用戶賬號,虛擬帳戶只能登陸ftp服務器。mysql

 

1、配置基於MySQL認證的的vsftpdsql

一、安裝vsftpd、啓動vsftpd、配置vsftpd開機啓動shell

1
2
3
4
5
6
7
8
9
[root@Legion100 ~] # yum install vsftpd pam_mysql -y
[root@Legion100 ~] # service vsftpd start
爲 vsftpd 啓動 vsftpd:                                    [肯定]
[root@Legion100 ~] # netstat -tnlp | grep 21
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      7574 /vsftpd
[root@Legion100 ~] # chkconfig vsftpd on
[root@Legion100 ~] # chkconfig --list vsftpd
vsftpd          0:關閉  1:關閉  2:啓用  3:啓用  4:啓用  5:啓用  6:關閉
[root@Legion100 ~] #

二、安裝MySQL/MariaDB數據庫

1)、編譯安裝MariaDB、設置開機啓動安全

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[root@Legion100 ~] # cd /tmp/
[root@Legion100 /tmp ] # groupadd -g 1500 mysql && useradd -g mysql -u 1500 -s /sbin/nologin -M mysql
[root@Legion100 /tmp ] # yum install cmake -y
[root@Legion100 /tmp ] # wget "https://downloads.mariadb.org/interstitial/mariadb-10.0.19/source/mariadb-10.0.19.tar.gz/from/http%3A//mirrors.opencas.cn/mariadb" -O mariadb-10.0.19.tar.gz
[root@Legion100 /tmp ] # tar xf mariadb-10.0.19.tar.gz
[root@Legion100 /tmp ] # cd mariadb-10.0.19
[root@Legion100 /tmp/mariadb-10 .0.19] # cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR= /data/mysql \
-DWITH_SSL=system \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_SPHINX_STORAGE_ENGINE=1 \
-DWITH_ARIA_STORAGE_ENGINE=1 \
-DWITH_XTRADB_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATEDX_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_EMBEDDED_SERVER=1 \
-DWITH_READLINE=1 \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR= /tmp/mysql .sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@Legion100 /tmp/mariadb-10 .0.19] # make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install  && echo $?
[root@Legion100 /tmp/mariadb-10 .0.19] # cd /usr/local/mysql/
[root@Legion100 /usr/local/mysql ] # echo "export PATH=/usr/local/mysql/bin:\$PATH" > /etc/profile.d/mariadb10.0.19.sh
[root@Legion100 /usr/local/mysql ] # . /etc/profile.d/mariadb10.0.19.sh
[root@Legion100 /usr/local/mysql ] # sed -i "$(awk '$1=="MANPATH"{a=NR}END{print a}' /etc/man.config)a MANPATH\t/usr/local/mysql/man" /etc/man.config
[root@Legion100 /usr/local/mysql ] # cp -a support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@Legion100 /usr/local/mysql ] # \cp support-files/my-large.cnf /etc/my.cnf
[root@Legion100 /usr/local/mysql ] # sed -i '/query_cache_size/a datadir = /data/mysql' /etc/my.cnf
[root@Legion100 /usr/local/mysql ] # mkdir -p /data/mysql
[root@Legion100 /usr/local/mysql ] # chown -R mysql.mysql /data/mysql
[root@Legion100 /usr/local/mysql ] # /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql/ --basedir=/usr/local/mysql
[root@Legion100 /usr/local/mysql ] # chkconfig mysqld on
[root@Legion100 /usr/local/mysql ] # chkconfig --list mysqld
mysqld          0:關閉  1:關閉  2:啓用  3:啓用  4:啓用  5:啓用  6:關閉
[root@Legion100 /usr/local/mysql ] # service mysqld start
Starting MySQL.                                            [肯定]
[root@Legion100 /usr/local/mysql ] # ss -tnlp | grep 3306
LISTEN     0      150                      :::3306                    :::*      users :(( "mysqld" ,33450,21))
[root@Legion100 /usr/local/mysql ] #

2)、作vsftpd用戶認證的受權bash

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[root@Legion100 ~] # mysql   #登陸數據庫
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.0.19-MariaDB-log Source distribution
 
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> USE mysql; #進入mysql庫
Database changed
MariaDB [mysql]> UPDATE user set password=PASSWORD( 'lookback' ) WHERE USER= 'root' ; #給全部的root賬戶設置密碼爲lookback
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4  Changed: 4  Warnings: 0
 
MariaDB [mysql]> DELETE FROM user WHERE User= '' ;   #刪除MariaDB全部的匿名賬號
Query OK, 2 rows affected (0.00 sec)
 
MariaDB [mysql]> create database vsftpd;   #新建vsftpd庫
Query OK, 1 row affected (0.01 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@localhost identified by 'lookback' ; #新建一個vsftpd的用戶密碼是lookback權限是查詢select,本地訪問
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'lookback' ; #新建一個vsftpd的用戶密碼是lookback權限是select,本地訪問
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@ '172.16.%.%' identified by 'lookback' ; #新建一個vsftpd的用戶密碼是lookback權限是select,能夠在172.16.0.0/8網段內訪問
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> SELECT USER,PASSWORD,HOST FROM user; #查看下MariaDB上的用戶用戶名和host
+--------+-------------------------------------------+--------------------+
| USER   | PASSWORD                                  | HOST               |
+--------+-------------------------------------------+--------------------+
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost          |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | legion100.dwhd.org |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1          |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | ::1                |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost          |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1          |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 172.16.%.%         |
+--------+-------------------------------------------+--------------------+
7 rows in set (0.00 sec)
 
MariaDB [mysql]> use vsftpd;  #進入vsftpd庫
Database changed
MariaDB [vsftpd]> create table users (
     -> id int AUTO_INCREMENT NOT NULL,
     -> name char(20) binary NOT NULL,
     -> password char(48) binary NOT NULL,
     -> primary key( id )
     -> );    #新建一個名爲users的表,表中有id、name、password字段,id是自動增加,name是20個字符長度二進制存放區分大小寫,password最大48字符二進制存放區分大小寫,
Query OK, 0 rows affected (0.12 sec)
 
MariaDB [vsftpd]> insert into users (name,password) values( 'Legion' ,password( 'lookback' )); #在users表中新建個Legion的用戶密碼是lookback
Query OK, 1 row affected (0.00 sec)
 
MariaDB [vsftpd]> insert into users (name,password) values( 'LookBack' ,password( 'lookback' )); #在users表中新建個LookBack的用戶密碼是lookback
Query OK, 1 row affected (0.01 sec)
 
MariaDB [vsftpd]> SELECT id ,name,password FROM users ; #查看下users表
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | Legion   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
|  2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows in set (0.00 sec)
 
MariaDB [vsftpd]> FLUSH PRIVILEGES; #刷新生效上面的配置
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~] #

3)、測試MariaDB的鏈接服務器

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@Legion100 ~] # mysql -uvsftpd -plookback -h172.16.6.100 -P3306
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.0.19-MariaDB-log Source distribution
 
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
| vsftpd             |
+--------------------+
3 rows in set (0.00 sec)
 
MariaDB [(none)]> USE vsftpd
Database changed
MariaDB [vsftpd]> SHOW tables;
+------------------+
| Tables_in_vsftpd |
+------------------+
| users            |
+------------------+
1 row in set (0.00 sec)
 
MariaDB [vsftpd]> SELECT id ,name,password FROM users ;
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | Legion   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
|  2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows in set (0.00 sec)
 
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~] #

三、配置vsFTPDapp

1)、創建pam認證所需的文件
新建個/etc/pam.d/vsftpd.mariadb文件tcp

1
[root@Legion100 ~] # touch /etc/pam.d/vsftpd.mariadb

2)、64位系統寫入下面的內容

1
2
auth required /lib64/security/pam_mysql .so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2
account required /lib64/security/pam_mysql .so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2

32位系統寫入下面的內容

1
2
auth required /lib/security/pam_mysql .so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2
account required /lib/security/pam_mysql .so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2

32位和64位通用寫法

1
2
auth required pam_mysql.so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2
account required pam_mysql.so user=vsftpd passwd =lookback host=172.16.6.100 db=vsftpd table= users usercolumn=name passwdcolumn=password crypt =2

3)、修改vsftpd配置文件

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
[root@Legion100 ~] # cd /etc/vsftpd/
[root@Legion100 /etc/vsftpd ] # cp vsftpd.conf vsftpd.conf_`date +%F`
[root@Legion100 /etc/vsftpd ] # ls
ftpusers user_list vsftpd.conf vsftpd.conf_2015-06-03 vsftpd_conf_migrate.sh
[root@Legion100 /etc/vsftpd ] # groupadd -g 1501 vftpuser && useradd -g vftpuser -u 1501 -s /sbin/nologin -d /home/vftpuser vftpuser
[root@Legion100 /etc/vsftpd ] # id vftpuser
uid=1501(vftpuser) gid=1501(vftpuser) 組=1501(vftpuser)
[root@Legion100 /etc/vsftpd ] # finger vftpuser
Login: vftpuser                         Name:
Directory: /home/vftpuser               Shell: /sbin/nologin
Never logged in .
No mail.
No Plan.
[root@Legion100 /etc/vsftpd ] # mkdir -p /home/vftpuser
[root@Legion100 /etc/vsftpd ] # chown -R vftpuser.vftpuser /home/vftpuser
[root@Legion100 /etc/vsftpd ] # chmod go+rx /home/vftpuser
[root@Legion100 /etc/vsftpd ] # ls -ld /home/vftpuser/
drwxr-xr-x 4 vftpuser vftpuser 4096 6月   3 16:14 /home/vftpuser/
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
[root@Legion100 /etc/vsftpd ] # grep -Ev '(^#\s.*|^#|^$)' vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd.mariadb
#這裏直接把pam的認證文件換成了vsftpd.mariadb後系統用戶就不能登陸ftp了
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vftpuser

reload下vsftpd使剛纔上面的配置文件修改生效

1
2
3
4
[root@Legion100 /etc/vsftpd ] # service vsftpd reload
關閉 vsftpd:                                              [肯定]
爲 vsftpd 啓動 vsftpd:                                    [肯定]
[root@Legion100 /etc/vsftpd ] #

四、測試登陸

1)、Linux下

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@Legion101 ~] # ifconfig | sed -rn '/^[^ \t]/{N;s/(^[^ ]*).*addr:([^ ]*).*/\1 \2/p}' | \
> awk '$2!~/^192\.168|^10\.|^127|^0|^$/{print $1"="$2}'
eth0=172.16.6.101
[root@Legion101 ~] # ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp > bye
221 Goodbye.
[root@Legion101 ~] # ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): LookBack
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp > bye
221 Goodbye.
[root@Legion101 ~] #

Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解

2)、Windows下

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation。保留全部權利。
 
C:\Users\Administrator>ftp 172.16.6.100
鏈接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用戶(172.16.6.100:(none)): Legion
331 Please specify the password.
密碼:
230 Login successful.
ftp> pwd
257 "/"
ftp> bye
221 Goodbye.
 
C:\Users\Administrator>ftp 172.16.6.100
鏈接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用戶(172.16.6.100:(none)): LookBack
331 Please specify the password.
密碼:
230 Login successful.
ftp> pwd
257 "/"
ftp> bye
221 Goodbye.
 
C:\Users\Administrator>

Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解

3)、客戶端
Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解
Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解

五、配置基於單個虛擬用的權限
從上面能夠看出咱們建立的兩個虛擬用戶只能登陸 可是不上傳文件。下面將說說具體的虛擬用戶權限配置

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
[root@Legion100 /etc/vsftpd ] # echo "user_config_dir=/etc/vsftpd/vftpusers" >> /etc/vsftpd/vsftpd.conf
[root@Legion100 /etc/vsftpd ] # mkdir -p /etc/vsftpd/vftpusers
[root@Legion100 /etc/vsftpd ] # cd /etc/vsftpd/vftpusers
[root@Legion100 /etc/vsftpd/vftpusers ] # touch /etc/vsftpd/vftpusers/{Legion,LookBack}
[root@Legion100 /etc/vsftpd/vftpusers ] # cat > /etc/vsftpd/vftpusers/Legion <<EOF
anon_upload_enable=YES
#容許Legion用戶能夠上傳文件
anon_mkdir_write_enable=YES
#容許Legion用能夠建立文件
anon_other_write_enable=YES
#容許Legion能夠刪除文件
EOF
[root@Legion100 /etc/vsftpd/vftpusers ] # cat /etc/vsftpd/vftpusers/Legion > /etc/vsftpd/vftpusers/LookBack
[root@Legion100 /etc/vsftpd/vftpusers ] # sed -i 's/NO/YES/' /etc/vsftpd/vftpusers/LookBack #修改LookBack沒有上傳 建立 刪除權限
[root@Legion100 /etc/vsftpd/vftpusers ] # service vsftpd restart
關閉 vsftpd:                                              [肯定]
爲 vsftpd 啓動 vsftpd:                                    [肯定]
[root@Legion100 /etc/vsftpd/vftpusers ] #

2)、測試

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@Legion101 ~] # ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp > lcd /etc/
Local directory now /etc
ftp > put inittab
local : inittab remote: inittab
227 Entering Passive Mode (172,16,6,100,253,120).
150 Ok to send data.
226 Transfer complete.
884 bytes sent in 7.4e-05 secs (11945.94 Kbytes /sec )
ftp > ls -l
227 Entering Passive Mode (172,16,6,100,244,244).
150 Here comes the directory listing.
-rw-------    1 1501     1501          884 Jun 03 09:02 inittab
226 Directory send OK.
ftp > bye
221 Goodbye.
[root@Legion101 ~] # ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Lookback
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp > lcd /etc/
Local directory now /etc
ftp > put fstab
local : fstab remote: fstab
530 Please login with USER and PASS.
Passive mode refused.
ftp > bye
221 Goodbye.
[root@Legion101 ~] #

Linux基礎入門之vsFTP+MySQL/MariaDB認證明現虛擬用戶配置詳解

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程