建站
咨詢
售后
建站咨詢
新聞中心
這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
vsftpd基于pam_mysql如何做虛擬用戶認證
這篇文章給大家介紹vsftpd基于pam_MySQL如何做虛擬用戶認證,內(nèi)容非常詳細,感興趣的小伙伴們可以參考借鑒,希望對大家能有所幫助。
讓客戶滿意是我們工作的目標,不斷超越客戶的期望值來自于我們對這個行業(yè)的熱愛。我們立志把好的技術通過有效、簡單的方式提供給客戶,將通過不懈努力成為客戶在信息化領域值得信任、有價值的長期合作伙伴,公司提供的服務項目有:申請域名、雅安服務器托管、營銷軟件、網(wǎng)站建設、呼中網(wǎng)站維護、網(wǎng)站推廣。
(1)下載epel源
[root@CentOS7-175 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #下載阿里云的epel源 [root@CentOS7-175 ~]# yum repolist
(2)安裝所需要的包
[root@CentOS7-175 ~]# yum -y groupinstall "Development Tools" "Server Platform Development" [root@CentOS7-175 ~]# yum -y install vsftpd pam-devel mariadb-server mariadb-devel openssl-devel [root@CentOS7-175 ~]# systemctl start mariadb.service [root@CentOS7-175 ~]# systemctl enable mariadb.service
(3)編譯安裝pam_mysql模塊
vsftpd通過pam_mysql進行用戶驗證,需要安裝pam_mysql模塊,但是默認系統(tǒng)yum源不提供,所以需要編譯安裝pam_mysql模塊
[root@CentOS7-175 ~]# mkdir /home/tools/ [root@CentOS7-175 ~]# cd /home/tools/ [root@CentOS7-175 tools]# tar xf pam_mysql-0.7RC1.tar.gz [root@CentOS7-175 tools]# cd pam_mysql-0.7RC1/ [root@CentOS7-175 pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr --with-pam-mods-dir=/lib64/security [root@CentOS7-175 pam_mysql-0.7RC1]# make && make install [root@CentOS7-175 pam_mysql-0.7RC1]# ls /lib64/security/pam_mysql.so #查詢是否編譯成功,ls是否有pam_mysql.so模塊 /lib64/security/pam_mysql.so
(4)備份vsftpd.conf配置文件
[root@CentOS7-175 pam_mysql-0.7RC1]# systemctl stop vsftpd
[root@CentOS7-175 pam_mysql-0.7RC1]# cd /etc/vsftpd
[root@CentOS7-175 vsftpd]# cp vsftpd.conf{,.bak}
[root@CentOS7-175 vsftpd]# ls vsftpd.conf*
vsftpd.conf vsftpd.conf.bak(5)配置mysql
[root@CentOS7-175 vsftpd]# mysql -uroot -p #登錄mysql
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.44-MariaDB MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE vsftpd; #創(chuàng)建vsftpd庫
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd; #進入vsftpd庫
Database changed
MariaDB [vsftpd]> CREATE TABLE users ( #創(chuàng)建users表
-> id int AUTO_INCREMENT NOT NULL PRIMARY KEY,
-> name char(30) NOT NULL,
-> password char(48)binary NOT NULL);
Query OK, 0 rows affected (0.05 sec)
MariaDB [vsftpd]> desc users; #查看users表
+----------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(30) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('tom',password('zhucke')); #在表中插入數(shù)據(jù)用戶
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('jerry',password('zhucke.com'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> SELECT * FROM users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 |
| 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'zhucke'; #授權vsftpd用戶登錄mysql
Query OK, 0 rows affected (0.04 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'zhucke'; #授權vsftpd用戶登錄mysql
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> exit
Bye(6)測試用vsftpd用戶登錄mysql
[root@CentOS7-175 vsftpd]# mysql -uvsftpd -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 5.5.44-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | test | | vsftpd | +--------------------+ 3 rows in set (0.01 sec) MariaDB [(none)]> use vsftpd; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [vsftpd]> SELECT * FROM users; +----+-------+-------------------------------------------+ | id | name | password | +----+-------+-------------------------------------------+ | 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 | | 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A | +----+-------+-------------------------------------------+ 2 rows in set (0.01 sec)
(7)配置pam
[root@CentOS7-175 vsftpd]# cd /etc/pam.d/
[root@CentOS7-175 pam.d]# vim vsftpd.mysql
[root@CentOS7-175 pam.d]# cat vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd tablee=users usercolumn=name passwdcolumn=password crypt=2
[root@CentOS7-175 pam.d]# useradd -s /sbin/nologin -d /ftproot vuser
[root@CentOS7-175 pam.d]# ls -ld /ftproot/
drwx------ 3 vuser vuser 74 Jun 11 11:30 /ftproot/
[root@CentOS7-175 pam.d]# chmod go+rx /ftproot/
[root@CentOS7-175 pam.d]# ls -ld /ftproot/
drwxr-xr-x 3 vuser vuser 74 Jun 11 11:30 /ftproot/
[root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf
[root@CentOS7-175 pam.d]# tail -7 /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.mysql
local_enable=YES
write_enable=YES
local_umask=022
guest_enable=YES
guest_username=vuser #指明虛擬用戶映射到的系統(tǒng)用戶
[root@CentOS7-175 pam.d]# chmod -w /ftproot/
[root@CentOS7-175 pam.d]# systemctl restart vsftpd
[root@CentOS7-175 pam.d]# mkdir /ftproot/{pub,upload}(8)Client:192.168.5.171上分別用tom用戶和jerry用戶登錄ftp服務器
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom #用tom用戶登錄 331 Please specify the password. Password: 230 Login successful. #登錄成功 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls #查看ftp服務內(nèi)的文件 227 Entering Passive Mode (192,168,5,175,58,188). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 0 0 6 Jun 11 03:34 upload 226 Directory send OK. ftp> exit 221 Goodbye. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry #用jerry用戶登錄 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,189,114). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 0 0 6 Jun 11 03:34 upload 226 Directory send OK.
(9)設置文件可以上傳
[root@CentOS7-175 pam.d]# chown vuser /ftproot/upload/ #修改此目錄屬主為vuser用戶 [root@CentOS7-175 pam.d]# ls -ld /ftproot/upload/ drwxr-xr-x 2 vuser root 6 Jun 11 11:34 /ftproot/upload/ [root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf #編譯vsftpd.conf文件 anon_upload_enable=YES #將此行#號去掉,開啟文件上傳 [root@CentOS7-175 pam.d]# systemctl restart vsftpd
(10)測試文件上傳
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom #用tom用戶登錄 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd upload #進入upload目錄 250 Directory successfully changed. ftp> lcd /etc #進入本地的/etc目錄 Local directory now /etc ftp> put fstab #上傳fstab文件 local: fstab remote: fstab 227 Entering Passive Mode (192,168,5,175,72,65). 150 Ok to send data. 226 Transfer complete. 648 bytes sent in 0.000229 secs (2829.69 Kbytes/sec) ftp> ls #查看是否有fstab文件 227 Entering Passive Mode (192,168,5,175,187,100). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab #上傳成功 226 Directory send OK. ftp> exit 221 Goodbye. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry #用jerry用戶登錄 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd upload #進入upload目錄 250 Directory successfully changed. ftp> lcd /etc #進入本地的/etc/目錄 Local directory now /etc ftp> put issue #上傳issue文件 local: issue remote: issue 227 Entering Passive Mode (192,168,5,175,95,111). 150 Ok to send data. 226 Transfer complete. 23 bytes sent in 0.000659 secs (34.90 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,175,177,97). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab -rw------- 1 1001 1001 23 Jun 11 03:52 issue #上傳issue文件成功 226 Directory send OK.
(11)配置用戶擁有不同的權限,一個可以上傳,一個不可以上傳
[root@CentOS7-175 pam.d]# cd /etc/vsftpd [root@CentOS7-175 vsftpd]# mkdir vusers.conf.d [root@CentOS7-175 pam.d]# cd vusers.conf.d [root@CentOS7-175 vusers.conf.d]# vim tom anon_upload_enable=YES #tom用戶可以上傳 [root@CentOS7-175 vusers.conf.d]# vim jerry anon_upload_enable=NO #jerry用戶不上傳 [root@CentOS7-175 vsftpd]# vim /etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/vusers.conf.d [root@CentOS7-175 vsftpd]# systemctl restart vsftpd.service
(12)驗證tom用戶和jerry用戶
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,205,162). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 1001 0 30 Jun 11 03:52 upload 226 Directory send OK. ftp> cd upload 250 Directory successfully changed. ftp> lcd /etc Local directory now /etc ftp> put grub2.cfg local: grub2.cfg remote: grub2.cfg 227 Entering Passive Mode (192,168,5,175,211,51). 150 Ok to send data. #tom用戶上傳成功 226 Transfer complete. 4213 bytes sent in 0.0815 secs (51.69 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,175,111,189). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab -rw------- 1 1001 1001 4213 Jun 11 04:04 grub2.cfg -rw------- 1 1001 1001 23 Jun 11 03:52 issue 226 Directory send OK. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,31,254). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 1001 0 62 Jun 11 04:06 upload 226 Directory send OK. ftp> lcd /etc Local directory now /etc ftp> cd upload 250 Directory successfully changed. ftp> put issue local: issue remote: issue 227 Entering Passive Mode (192,168,5,175,87,198). 550 Permission denied. #jerry測試結果是不能上傳
關于vsftpd基于pam_mysql如何做虛擬用戶認證就分享到這里了,希望以上內(nèi)容可以對大家有一定的幫助,可以學到更多知識。如果覺得文章不錯,可以把它分享出去讓更多的人看到。
當前標題:vsftpd基于pam_mysql如何做虛擬用戶認證
網(wǎng)站路徑:http://www.ef60e0e.cn/article/gosjoo.html
