vsftpd基于pam_mysql如何做虚拟用户认证
这篇文章给大家介绍vsftpd基于pam_MySQL如何做虚拟用户认证,内容非常详细,感兴趣的小伙伴们可以参考借鉴,希望对大家能有所帮助。
让客户满意是我们工作的目标,不断超越客户的期望值来自于我们对这个行业的热爱。我们立志把好的技术通过有效、简单的方式提供给客户,将通过不懈努力成为客户在信息化领域值得信任、有价值的长期合作伙伴,公司提供的服务项目有:申请域名、雅安服务器托管、营销软件、网站建设、呼中网站维护、网站推广。
(1)下载epel源
[root@CentOS7-175 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #下载阿里云的epel源 [root@CentOS7-175 ~]# yum repolist
(2)安装所需要的包
[root@CentOS7-175 ~]# yum -y groupinstall "Development Tools" "Server Platform Development" [root@CentOS7-175 ~]# yum -y install vsftpd pam-devel mariadb-server mariadb-devel openssl-devel [root@CentOS7-175 ~]# systemctl start mariadb.service [root@CentOS7-175 ~]# systemctl enable mariadb.service
(3)编译安装pam_mysql模块
vsftpd通过pam_mysql进行用户验证,需要安装pam_mysql模块,但是默认系统yum源不提供,所以需要编译安装pam_mysql模块
[root@CentOS7-175 ~]# mkdir /home/tools/ [root@CentOS7-175 ~]# cd /home/tools/ [root@CentOS7-175 tools]# tar xf pam_mysql-0.7RC1.tar.gz [root@CentOS7-175 tools]# cd pam_mysql-0.7RC1/ [root@CentOS7-175 pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr --with-pam-mods-dir=/lib64/security [root@CentOS7-175 pam_mysql-0.7RC1]# make && make install [root@CentOS7-175 pam_mysql-0.7RC1]# ls /lib64/security/pam_mysql.so #查询是否编译成功,ls是否有pam_mysql.so模块 /lib64/security/pam_mysql.so
(4)备份vsftpd.conf配置文件
[root@CentOS7-175 pam_mysql-0.7RC1]# systemctl stop vsftpd [root@CentOS7-175 pam_mysql-0.7RC1]# cd /etc/vsftpd [root@CentOS7-175 vsftpd]# cp vsftpd.conf{,.bak} [root@CentOS7-175 vsftpd]# ls vsftpd.conf* vsftpd.conf vsftpd.conf.bak
(5)配置mysql
[root@CentOS7-175 vsftpd]# mysql -uroot -p #登录mysql Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 5.5.44-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE vsftpd; #创建vsftpd库 Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> use vsftpd; #进入vsftpd库 Database changed MariaDB [vsftpd]> CREATE TABLE users ( #创建users表 -> id int AUTO_INCREMENT NOT NULL PRIMARY KEY, -> name char(30) NOT NULL, -> password char(48)binary NOT NULL); Query OK, 0 rows affected (0.05 sec) MariaDB [vsftpd]> desc users; #查看users表 +----------+----------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+----------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | name | char(30) | NO | | NULL | | | password | char(48) | NO | | NULL | | +----------+----------+------+-----+---------+----------------+ 3 rows in set (0.00 sec) MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('tom',password('zhucke')); #在表中插入数据用户 Query OK, 1 row affected (0.00 sec) MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('jerry',password('zhucke.com')); Query OK, 1 row affected (0.00 sec) MariaDB [vsftpd]> SELECT * FROM users; +----+-------+-------------------------------------------+ | id | name | password | +----+-------+-------------------------------------------+ | 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 | | 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A | +----+-------+-------------------------------------------+ 2 rows in set (0.00 sec) MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'zhucke'; #授权vsftpd用户登录mysql Query OK, 0 rows affected (0.04 sec) MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'zhucke'; #授权vsftpd用户登录mysql Query OK, 0 rows affected (0.00 sec) MariaDB [vsftpd]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.01 sec) MariaDB [vsftpd]> exit Bye
(6)测试用vsftpd用户登录mysql
[root@CentOS7-175 vsftpd]# mysql -uvsftpd -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 5.5.44-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | test | | vsftpd | +--------------------+ 3 rows in set (0.01 sec) MariaDB [(none)]> use vsftpd; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [vsftpd]> SELECT * FROM users; +----+-------+-------------------------------------------+ | id | name | password | +----+-------+-------------------------------------------+ | 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 | | 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A | +----+-------+-------------------------------------------+ 2 rows in set (0.01 sec)
(7)配置pam
[root@CentOS7-175 vsftpd]# cd /etc/pam.d/ [root@CentOS7-175 pam.d]# vim vsftpd.mysql [root@CentOS7-175 pam.d]# cat vsftpd.mysql auth required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd tablee=users usercolumn=name passwdcolumn=password crypt=2 [root@CentOS7-175 pam.d]# useradd -s /sbin/nologin -d /ftproot vuser [root@CentOS7-175 pam.d]# ls -ld /ftproot/ drwx------ 3 vuser vuser 74 Jun 11 11:30 /ftproot/ [root@CentOS7-175 pam.d]# chmod go+rx /ftproot/ [root@CentOS7-175 pam.d]# ls -ld /ftproot/ drwxr-xr-x 3 vuser vuser 74 Jun 11 11:30 /ftproot/ [root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf [root@CentOS7-175 pam.d]# tail -7 /etc/vsftpd/vsftpd.conf pam_service_name=vsftpd.mysql local_enable=YES write_enable=YES local_umask=022 guest_enable=YES guest_username=vuser #指明虚拟用户映射到的系统用户 [root@CentOS7-175 pam.d]# chmod -w /ftproot/ [root@CentOS7-175 pam.d]# systemctl restart vsftpd [root@CentOS7-175 pam.d]# mkdir /ftproot/{pub,upload}
(8)Client:192.168.5.171上分别用tom用户和jerry用户登录ftp服务器
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom #用tom用户登录 331 Please specify the password. Password: 230 Login successful. #登录成功 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls #查看ftp服务内的文件 227 Entering Passive Mode (192,168,5,175,58,188). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 0 0 6 Jun 11 03:34 upload 226 Directory send OK. ftp> exit 221 Goodbye. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry #用jerry用户登录 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,189,114). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 0 0 6 Jun 11 03:34 upload 226 Directory send OK.
(9)设置文件可以上传
[root@CentOS7-175 pam.d]# chown vuser /ftproot/upload/ #修改此目录属主为vuser用户 [root@CentOS7-175 pam.d]# ls -ld /ftproot/upload/ drwxr-xr-x 2 vuser root 6 Jun 11 11:34 /ftproot/upload/ [root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf #编译vsftpd.conf文件 anon_upload_enable=YES #将此行#号去掉,开启文件上传 [root@CentOS7-175 pam.d]# systemctl restart vsftpd
(10)测试文件上传
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom #用tom用户登录 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd upload #进入upload目录 250 Directory successfully changed. ftp> lcd /etc #进入本地的/etc目录 Local directory now /etc ftp> put fstab #上传fstab文件 local: fstab remote: fstab 227 Entering Passive Mode (192,168,5,175,72,65). 150 Ok to send data. 226 Transfer complete. 648 bytes sent in 0.000229 secs (2829.69 Kbytes/sec) ftp> ls #查看是否有fstab文件 227 Entering Passive Mode (192,168,5,175,187,100). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab #上传成功 226 Directory send OK. ftp> exit 221 Goodbye. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry #用jerry用户登录 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd upload #进入upload目录 250 Directory successfully changed. ftp> lcd /etc #进入本地的/etc/目录 Local directory now /etc ftp> put issue #上传issue文件 local: issue remote: issue 227 Entering Passive Mode (192,168,5,175,95,111). 150 Ok to send data. 226 Transfer complete. 23 bytes sent in 0.000659 secs (34.90 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,175,177,97). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab -rw------- 1 1001 1001 23 Jun 11 03:52 issue #上传issue文件成功 226 Directory send OK.
(11)配置用户拥有不同的权限,一个可以上传,一个不可以上传
[root@CentOS7-175 pam.d]# cd /etc/vsftpd [root@CentOS7-175 vsftpd]# mkdir vusers.conf.d [root@CentOS7-175 pam.d]# cd vusers.conf.d [root@CentOS7-175 vusers.conf.d]# vim tom anon_upload_enable=YES #tom用户可以上传 [root@CentOS7-175 vusers.conf.d]# vim jerry anon_upload_enable=NO #jerry用户不上传 [root@CentOS7-175 vsftpd]# vim /etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/vusers.conf.d [root@CentOS7-175 vsftpd]# systemctl restart vsftpd.service
(12)验证tom用户和jerry用户
[root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): tom 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,205,162). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 1001 0 30 Jun 11 03:52 upload 226 Directory send OK. ftp> cd upload 250 Directory successfully changed. ftp> lcd /etc Local directory now /etc ftp> put grub2.cfg local: grub2.cfg remote: grub2.cfg 227 Entering Passive Mode (192,168,5,175,211,51). 150 Ok to send data. #tom用户上传成功 226 Transfer complete. 4213 bytes sent in 0.0815 secs (51.69 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,175,111,189). 150 Here comes the directory listing. -rw------- 1 1001 1001 648 Jun 11 03:50 fstab -rw------- 1 1001 1001 4213 Jun 11 04:04 grub2.cfg -rw------- 1 1001 1001 23 Jun 11 03:52 issue 226 Directory send OK. [root@CentOS7-171 ~]# ftp 192.168.5.175 Connected to 192.168.5.175 (192.168.5.175). 220 (vsFTPd 3.0.2) Name (192.168.5.175:root): jerry 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,175,31,254). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jun 11 03:34 pub drwxr-xr-x 2 1001 0 62 Jun 11 04:06 upload 226 Directory send OK. ftp> lcd /etc Local directory now /etc ftp> cd upload 250 Directory successfully changed. ftp> put issue local: issue remote: issue 227 Entering Passive Mode (192,168,5,175,87,198). 550 Permission denied. #jerry测试结果是不能上传
关于vsftpd基于pam_mysql如何做虚拟用户认证就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。
分享题目:vsftpd基于pam_mysql如何做虚拟用户认证
转载来源:http://scyanting.com/article/gosjoo.html