vsftpd基於mysql的認證方式

安裝epel源：

cd /etc/yum.repos.d

wget http://mirrors.neusoft.edu.cn/epel/epel-release-latest-6.noarch.rpm

rpm -ivh epel-release-latest-6.noarch.rpm

 

然後安裝pam_mysql這個包：

yum -y install pam_mysql

[root@wadeson yum.repos.d]# ll /lib64/security/pam_mysql.so 

-rwxr-xr-x 1 root root 42424 Aug 14 2011 /lib64/security/pam_mysql.so

 

配置資料庫：

MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'localhost' identified by 'redhat';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> grant select on vsftpd.* to 'vsftpd'@'127.0.0.1' identified by 'redhat';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

然後在該資料庫建立表：

MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(id int auto_increment not null,name char(20) binary not null,password char(48) binary not null,primary key(id));
Query OK, 0 rows affected (0.05 sec)

MariaDB [vsftpd]> insert into users(name,password) values ('admin',password('redhat'));
Query OK, 1 row affected (0.05 sec)

由於vsftpd和mysql服務都是在同一臺主機上，所以相對來說授權的host範圍小，當mysql和vsftpd不在同一臺主機上時，

pam_mysql這個包還是和vsftpd上安裝，這個時候該主機還得安裝mysql客戶端，遠端的mysql伺服器應該給予vsftpd這

臺主機host訪問的許可權

 

配置完成mysql後然後配置pam認證資訊：

[root@wadeson ~]# vim /etc/pam.d/vsftpd.mysql

auth required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

然後修改vsftpd.conf配置檔案的相關資訊：

整個vsftpd.conf的配置內容：

anonymous_enable=NO
local_enable=YES
#write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_port=21
userlist_enable=YES
chroot_local_user=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=ftpuser            （如果設定了這個，需要在系統上建立該使用者）
pam_service_name=vsftpd.mysql
user_config_dir=/etc/vsftpd/vsftpd_user_conf
virtual_use_local_privs=YES
pasv_min_port=50000
pasv_max_port=60000
pasv_enable=yes
max_clients=200
max_per_ip=4
idle_session_timeout=600
ftpd_banner=Welcome to opendoc FTP service.

然後修改/etc/vsftpd/vsftpd_user_conf該目錄下面虛擬賬戶的各自配置：（該目錄如果沒有需要進行建立）

[root@wadeson vsftpd_user_conf]# cat admin
write_enable=YES
anonymous_enable=NO
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_umask=022
download_enable=Yes
local_root=/var/ftproot

然後進行訪問：

[root@wadeson vsftpd_user_conf]# ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 Welcome to opendoc FTP service.
Name (127.0.0.1:root): admin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,209,50).
150 Here comes the directory listing.
-rw-r--r-- 1 501 501 423612 Jun 23 07:06 2015_12.7z
drwxr-xr-x 2 501 501 4096 Jul 12 07:25 test
drwxr-xr-x 2 501 501 4096 Jul 12 12:38 test02
226 Directory send OK.
ftp> mkdir test03
257 "/test03" created