一、配置基于MySQL认证的的vsftpd
1、安装vsftpd、启动vsftpd、配置vsftpd开机启动
[[email protected] ~]# yum install vsftpd pam_mysql -y [[email protected] ~]# service vsftpd start 为 vsftpd 启动 vsftpd: [确定] [[email protected] ~]# netstat -tnlp | grep 21 tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7574/vsftpd [[email protected] ~]# chkconfig vsftpd on [[email protected] ~]# chkconfig --list vsftpd vsftpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [[email protected] ~]#
2、安装MySQL/MariaDB
1)、编译安装MariaDB、设置开机启动
[[email protected] ~]# cd /tmp/ [[email protected] /tmp]# groupadd -g 1500 mysql && useradd -g mysql -u 1500 -s /sbin/nologin -M mysql [[email protected] /tmp]# yum install cmake -y [[email protected] /tmp]# wget "https://downloads.mariadb.org/interstitial/mariadb-10.0.19/source/mariadb-10.0.19.tar.gz/from/http%3A//mirrors.opencas.cn/mariadb" -O mariadb-10.0.19.tar.gz [[email protected] /tmp]# tar xf mariadb-10.0.19.tar.gz [[email protected] /tmp]# cd mariadb-10.0.19 [[email protected] /tmp/mariadb-10.0.19]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \ -DMYSQL_DATADIR=/data/mysql \ -DWITH_SSL=system \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_ARCHIVE_STORAGE_ENGINE=1 \ -DWITH_BLACKHOLE_STORAGE_ENGINE=1 \ -DWITH_SPHINX_STORAGE_ENGINE=1 \ -DWITH_ARIA_STORAGE_ENGINE=1 \ -DWITH_XTRADB_STORAGE_ENGINE=1 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DWITH_FEDERATEDX_STORAGE_ENGINE=1 \ -DWITH_MYISAM_STORAGE_ENGINE=1 \ -DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \ -DWITH_EXTRA_CHARSETS=all \ -DWITH_EMBEDDED_SERVER=1 \ -DWITH_READLINE=1 \ -DWITH_ZLIB=system \ -DWITH_LIBWRAP=0 \ -DEXTRA_CHARSETS=all \ -DENABLED_LOCAL_INFILE=1 \ -DMYSQL_UNIX_ADDR=/tmp/mysql.sock \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci [[email protected] /tmp/mariadb-10.0.19]# make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && echo $? [[email protected] /tmp/mariadb-10.0.19]# cd /usr/local/mysql/ [[email protected] /usr/local/mysql]# echo "export PATH=/usr/local/mysql/bin:\$PATH" > /etc/profile.d/mariadb10.0.19.sh [[email protected] /usr/local/mysql]# . /etc/profile.d/mariadb10.0.19.sh [[email protected] /usr/local/mysql]# sed -i "$(awk '$1=="MANPATH"{a=NR}END{print a}' /etc/man.config)a MANPATH\t/usr/local/mysql/man" /etc/man.config [[email protected] /usr/local/mysql]# cp -a support-files/mysql.server /etc/rc.d/init.d/mysqld [[email protected] /usr/local/mysql]# \cp support-files/my-large.cnf /etc/my.cnf [[email protected] /usr/local/mysql]# sed -i '/query_cache_size/a datadir = /data/mysql' /etc/my.cnf [[email protected] /usr/local/mysql]# mkdir -p /data/mysql [[email protected] /usr/local/mysql]# chown -R mysql.mysql /data/mysql [[email protected] /usr/local/mysql]# /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql/ --basedir=/usr/local/mysql [[email protected] /usr/local/mysql]# chkconfig mysqld on [[email protected] /usr/local/mysql]# chkconfig --list mysqld mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [[email protected] /usr/local/mysql]# service mysqld start Starting MySQL. [确定] [[email protected] /usr/local/mysql]# ss -tnlp | grep 3306 LISTEN 0 150 :::3306 :::* users:(("mysqld",33450,21)) [[email protected] /usr/local/mysql]#
2)、做vsftpd用户认证的授权
[[email protected] ~]# mysql #登录数据库 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.0.19-MariaDB-log Source distribution Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> USE mysql; #进入mysql库 Database changed MariaDB [mysql]> UPDATE user set password=PASSWORD('lookback') WHERE USER='root'; #给所有的root帐户设置密码为lookback Query OK, 4 rows affected (0.01 sec) Rows matched: 4 Changed: 4 Warnings: 0 MariaDB [mysql]> DELETE FROM user WHERE User=''; #删除MariaDB所有的匿名帐号 Query OK, 2 rows affected (0.00 sec) MariaDB [mysql]> create database vsftpd; #新建vsftpd库 Query OK, 1 row affected (0.01 sec) MariaDB [mysql]> grant select on vsftpd.* to [email protected] identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是查询select,本地访问 Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> grant select on vsftpd.* to [email protected] identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是select,本地访问 Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> grant select on vsftpd.* to vsftpd@'172.16.%.%' identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是select,可以在172.16.0.0/8网段内访问 Query OK, 0 rows affected (0.00 sec) MariaDB [mysql]> SELECT USER,PASSWORD,HOST FROM user; #查看下MariaDB上的用户用户名和host +--------+-------------------------------------------+--------------------+ | USER | PASSWORD | HOST | +--------+-------------------------------------------+--------------------+ | root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost | | root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | legion100.dwhd.org | | root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1 | | root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | ::1 | | vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost | | vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1 | | vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 172.16.%.% | +--------+-------------------------------------------+--------------------+ 7 rows in set (0.00 sec) MariaDB [mysql]> use vsftpd; #进入vsftpd库 Database changed MariaDB [vsftpd]> create table users ( -> id int AUTO_INCREMENT NOT NULL, -> name char(20) binary NOT NULL, -> password char(48) binary NOT NULL, -> primary key(id) -> ); #新建一个名为users的表,表中有id、name、password字段,id是自动增长,name是20个字符长度二进制存放区分大小写,password最大48字符二进制存放区分大小写, Query OK, 0 rows affected (0.12 sec) MariaDB [vsftpd]> insert into users(name,password) values('Legion',password('lookback')); #在users表中新建个Legion的用户密码是lookback Query OK, 1 row affected (0.00 sec) MariaDB [vsftpd]> insert into users(name,password) values('LookBack',password('lookback')); #在users表中新建个LookBack的用户密码是lookback Query OK, 1 row affected (0.01 sec) MariaDB [vsftpd]> SELECT id,name,password FROM users; #查看下users表 +----+----------+-------------------------------------------+ | id | name | password | +----+----------+-------------------------------------------+ | 1 | Legion | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | | 2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | +----+----------+-------------------------------------------+ 2 rows in set (0.00 sec) MariaDB [vsftpd]> FLUSH PRIVILEGES; #刷新生效上面的配置 Query OK, 0 rows affected (0.00 sec) MariaDB [vsftpd]> \q Bye [[email protected] ~]#
3)、测试MariaDB的连接
[[email protected] ~]# mysql -uvsftpd -plookback -h172.16.6.100 -P3306 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.0.19-MariaDB-log Source distribution Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | test | | vsftpd | +--------------------+ 3 rows in set (0.00 sec) MariaDB [(none)]> USE vsftpd Database changed MariaDB [vsftpd]> SHOW tables; +------------------+ | Tables_in_vsftpd | +------------------+ | users | +------------------+ 1 row in set (0.00 sec) MariaDB [vsftpd]> SELECT id,name,password FROM users; +----+----------+-------------------------------------------+ | id | name | password | +----+----------+-------------------------------------------+ | 1 | Legion | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | | 2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | +----+----------+-------------------------------------------+ 2 rows in set (0.00 sec) MariaDB [vsftpd]> \q Bye [[email protected] ~]#
3、配置vsFTPD
1)、建立pam认证所需的文件
新建个/etc/pam.d/vsftpd.mariadb文件
[[email protected] ~]# touch /etc/pam.d/vsftpd.mariadb
2)、64位系统写入下面的内容
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required /lib64/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
32位系统写入下面的内容
auth required /lib/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required /lib/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
32位和64位通用写法
auth required pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
3)、修改vsftpd配置文件
[[email protected] ~]# cd /etc/vsftpd/ [[email protected] /etc/vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F` [[email protected] /etc/vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd.conf_2015-06-03 vsftpd_conf_migrate.sh [[email protected] /etc/vsftpd]# groupadd -g 1501 vftpuser && useradd -g vftpuser -u 1501 -s /sbin/nologin -d /home/vftpuser vftpuser [[email protected] /etc/vsftpd]# id vftpuser uid=1501(vftpuser) gid=1501(vftpuser) 组=1501(vftpuser) [[email protected] /etc/vsftpd]# finger vftpuser Login: vftpuser Name: Directory: /home/vftpuser Shell: /sbin/nologin Never logged in. No mail. No Plan. [[email protected] /etc/vsftpd]# mkdir -p /home/vftpuser [[email protected] /etc/vsftpd]# chown -R vftpuser.vftpuser /home/vftpuser [[email protected] /etc/vsftpd]# chmod go+rx /home/vftpuser [[email protected] /etc/vsftpd]# ls -ld /home/vftpuser/ drwxr-xr-x 4 vftpuser vftpuser 4096 6月 3 16:14 /home/vftpuser/
[[email protected] /etc/vsftpd]# grep -Ev '(^#\s.*|^#|^$)' vsftpd.conf anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=NO anon_mkdir_write_enable=NO dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES chroot_local_user=YES listen=YES pam_service_name=vsftpd.mariadb #这里直接把pam的认证文件换成了vsftpd.mariadb后系统用户就不能登录ftp了 userlist_enable=YES tcp_wrappers=YES guest_enable=YES guest_username=vftpuser
reload下vsftpd使刚才上面的配置文件修改生效
[[email protected] /etc/vsftpd]# service vsftpd reload 关闭 vsftpd: [确定] 为 vsftpd 启动 vsftpd: [确定] [[email protected] /etc/vsftpd]#
4、测试登录
1)、Linux下
[[email protected] ~]# ifconfig | sed -rn '/^[^ \t]/{N;s/(^[^ ]*).*addr:([^ ]*).*/\1 \2/p}' | \ > awk '$2!~/^192\.168|^10\.|^127|^0|^$/{print $1"="$2}' eth0=172.16.6.101 [[email protected] ~]# ftp 172.16.6.100 Connected to 172.16.6.100 (172.16.6.100). 220 (vsFTPd 2.2.2) Name (172.16.6.100:root): Legion 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye. [[email protected] ~]# ftp 172.16.6.100 Connected to 172.16.6.100 (172.16.6.100). 220 (vsFTPd 2.2.2) Name (172.16.6.100:root): LookBack 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> bye 221 Goodbye. [[email protected] ~]#
2)、Windows下
Microsoft Windows [版本 6.3.9600] (c) 2013 Microsoft Corporation。保留所有权利。 C:\Users\Administrator>ftp 172.16.6.100 连接到 172.16.6.100。 220 (vsFTPd 2.2.2) 用户(172.16.6.100:(none)): Legion 331 Please specify the password. 密码: 230 Login successful. ftp> pwd 257 "/" ftp> bye 221 Goodbye. C:\Users\Administrator>ftp 172.16.6.100 连接到 172.16.6.100。 220 (vsFTPd 2.2.2) 用户(172.16.6.100:(none)): LookBack 331 Please specify the password. 密码: 230 Login successful. ftp> pwd 257 "/" ftp> bye 221 Goodbye. C:\Users\Administrator>
3)、客户端
5、配置基于单个虚拟用的权限
从上面可以看出我们创建的两个虚拟用户只能登录 但是不上传文件。下面将说说具体的虚拟用户权限配置
[[email protected] /etc/vsftpd]# echo "user_config_dir=/etc/vsftpd/vftpusers" >> /etc/vsftpd/vsftpd.conf [[email protected] /etc/vsftpd]# mkdir -p /etc/vsftpd/vftpusers [[email protected] /etc/vsftpd]# cd /etc/vsftpd/vftpusers [[email protected] /etc/vsftpd/vftpusers]# touch /etc/vsftpd/vftpusers/{Legion,LookBack} [[email protected] /etc/vsftpd/vftpusers]# cat > /etc/vsftpd/vftpusers/Legion <<EOF anon_upload_enable=YES #允许Legion用户可以上传文件 anon_mkdir_write_enable=YES #允许Legion用可以创建文件 anon_other_write_enable=YES #允许Legion可以删除文件 EOF [[email protected] /etc/vsftpd/vftpusers]# cat /etc/vsftpd/vftpusers/Legion > /etc/vsftpd/vftpusers/LookBack [[email protected] /etc/vsftpd/vftpusers]# sed -i 's/NO/YES/' /etc/vsftpd/vftpusers/LookBack #修改LookBack没有上传 创建 删除权限 [[email protected] /etc/vsftpd/vftpusers]# service vsftpd restart 关闭 vsftpd: [确定] 为 vsftpd 启动 vsftpd: [确定] [[email protected] /etc/vsftpd/vftpusers]#
2)、测试
[[email protected] ~]# ftp 172.16.6.100 Connected to 172.16.6.100 (172.16.6.100). 220 (vsFTPd 2.2.2) Name (172.16.6.100:root): Legion 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> lcd /etc/ Local directory now /etc ftp> put inittab local: inittab remote: inittab 227 Entering Passive Mode (172,16,6,100,253,120). 150 Ok to send data. 226 Transfer complete. 884 bytes sent in 7.4e-05 secs (11945.94 Kbytes/sec) ftp> ls -l 227 Entering Passive Mode (172,16,6,100,244,244). 150 Here comes the directory listing. -rw------- 1 1501 1501 884 Jun 03 09:02 inittab 226 Directory send OK. ftp> bye 221 Goodbye. [[email protected] ~]# ftp 172.16.6.100 Connected to 172.16.6.100 (172.16.6.100). 220 (vsFTPd 2.2.2) Name (172.16.6.100:root): Lookback 331 Please specify the password. Password: 530 Login incorrect. Login failed. ftp> lcd /etc/ Local directory now /etc ftp> put fstab local: fstab remote: fstab 530 Please login with USER and PASS. Passive mode refused. ftp> bye 221 Goodbye. [[email protected] ~]#
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏