https://www.dwhd.org/20150603_144841.html
一、配置基于MySQL认证的的vsftpd
1、安装vsftpd、启动vsftpd、配置vsftpd开机启动
|
1
2
3
4
5
6
7
8
9
|
[root@Legion100 ~]
# yum install vsftpd pam_mysql -y
[root@Legion100 ~]
# service vsftpd start
为 vsftpd 启动 vsftpd: [确定]
[root@Legion100 ~]
# netstat -tnlp | grep 21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 7574
/vsftpd
[root@Legion100 ~]
# chkconfig vsftpd on
[root@Legion100 ~]
# chkconfig --list vsftpd
vsftpd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@Legion100 ~]
#
|
2、安装MySQL/MariaDB
1)、编译安装MariaDB、设置开机启动
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
[root@Legion100 ~]
# cd /tmp/
[root@Legion100
/tmp
]
# groupadd -g 1500 mysql && useradd -g mysql -u 1500 -s /sbin/nologin -M mysql
[root@Legion100
/tmp
]
# yum install cmake -y
[root@Legion100
/tmp
]
# wget "https://downloads.mariadb.org/interstitial/mariadb-10.0.19/source/mariadb-10.0.19.tar.gz/from/http%3A//mirrors.opencas.cn/mariadb" -O mariadb-10.0.19.tar.gz
[root@Legion100
/tmp
]
# tar xf mariadb-10.0.19.tar.gz
[root@Legion100
/tmp
]
# cd mariadb-10.0.19
[root@Legion100
/tmp/mariadb-10
.0.19]
# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=
/data/mysql
\
-DWITH_SSL=system \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_SPHINX_STORAGE_ENGINE=1 \
-DWITH_ARIA_STORAGE_ENGINE=1 \
-DWITH_XTRADB_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATEDX_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_EMBEDDED_SERVER=1 \
-DWITH_READLINE=1 \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=
/tmp/mysql
.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@Legion100
/tmp/mariadb-10
.0.19]
# make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install && echo $?
[root@Legion100
/tmp/mariadb-10
.0.19]
# cd /usr/local/mysql/
[root@Legion100
/usr/local/mysql
]
# echo "export PATH=/usr/local/mysql/bin:\$PATH" > /etc/profile.d/mariadb10.0.19.sh
[root@Legion100
/usr/local/mysql
]
# . /etc/profile.d/mariadb10.0.19.sh
[root@Legion100
/usr/local/mysql
]
# sed -i "$(awk '$1=="MANPATH"{a=NR}END{print a}' /etc/man.config)a MANPATH\t/usr/local/mysql/man" /etc/man.config
[root@Legion100
/usr/local/mysql
]
# cp -a support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@Legion100
/usr/local/mysql
]
# \cp support-files/my-large.cnf /etc/my.cnf
[root@Legion100
/usr/local/mysql
]
# sed -i '/query_cache_size/a datadir = /data/mysql' /etc/my.cnf
[root@Legion100
/usr/local/mysql
]
# mkdir -p /data/mysql
[root@Legion100
/usr/local/mysql
]
# chown -R mysql.mysql /data/mysql
[root@Legion100
/usr/local/mysql
]
# /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql/ --basedir=/usr/local/mysql
[root@Legion100
/usr/local/mysql
]
# chkconfig mysqld on
[root@Legion100
/usr/local/mysql
]
# chkconfig --list mysqld
mysqld 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
[root@Legion100
/usr/local/mysql
]
# service mysqld start
Starting MySQL. [确定]
[root@Legion100
/usr/local/mysql
]
# ss -tnlp | grep 3306
LISTEN 0 150 :::3306 :::*
users
:((
"mysqld"
,33450,21))
[root@Legion100
/usr/local/mysql
]
#
|
2)、做vsftpd用户认证的授权
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
[root@Legion100 ~]
# mysql #登录数据库
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 4
Server version: 10.0.19-MariaDB-log Source distribution
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]> USE mysql;
#进入mysql库
Database changed
MariaDB [mysql]> UPDATE user
set
password=PASSWORD(
'lookback'
) WHERE USER=
'root'
;
#给所有的root帐户设置密码为lookback
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4 Changed: 4 Warnings: 0
MariaDB [mysql]> DELETE FROM user WHERE User=
''
;
#删除MariaDB所有的匿名帐号
Query OK, 2 rows affected (0.00 sec)
MariaDB [mysql]> create database vsftpd;
#新建vsftpd库
Query OK, 1 row affected (0.01 sec)
MariaDB [mysql]> grant
select
on vsftpd.* to vsftpd@localhost identified by
'lookback'
;
#新建一个vsftpd的用户密码是lookback权限是查询select,本地访问
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> grant
select
on vsftpd.* to [email protected] identified by
'lookback'
;
#新建一个vsftpd的用户密码是lookback权限是select,本地访问
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> grant
select
on vsftpd.* to vsftpd@
'172.16.%.%'
identified by
'lookback'
;
#新建一个vsftpd的用户密码是lookback权限是select,可以在172.16.0.0/8网段内访问
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> SELECT USER,PASSWORD,HOST FROM user;
#查看下MariaDB上的用户用户名和host
+--------+-------------------------------------------+--------------------+
| USER | PASSWORD | HOST |
+--------+-------------------------------------------+--------------------+
| root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost |
| root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | legion100.dwhd.org |
| root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1 |
| root | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | ::1 |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1 |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 172.16.%.% |
+--------+-------------------------------------------+--------------------+
7 rows
in
set
(0.00 sec)
MariaDB [mysql]> use vsftpd;
#进入vsftpd库
Database changed
MariaDB [vsftpd]> create table
users
(
->
id
int AUTO_INCREMENT NOT NULL,
-> name char(20) binary NOT NULL,
-> password char(48) binary NOT NULL,
-> primary key(
id
)
-> );
#新建一个名为users的表,表中有id、name、password字段,id是自动增长,name是20个字符长度二进制存放区分大小写,password最大48字符二进制存放区分大小写,
Query OK, 0 rows affected (0.12 sec)
MariaDB [vsftpd]> insert into
users
(name,password) values(
'Legion'
,password(
'lookback'
));
#在users表中新建个Legion的用户密码是lookback
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert into
users
(name,password) values(
'LookBack'
,password(
'lookback'
));
#在users表中新建个LookBack的用户密码是lookback
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> SELECT
id
,name,password FROM
users
;
#查看下users表
+----+----------+-------------------------------------------+
|
id
| name | password |
+----+----------+-------------------------------------------+
| 1 | Legion | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
| 2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows
in
set
(0.00 sec)
MariaDB [vsftpd]> FLUSH PRIVILEGES;
#刷新生效上面的配置
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~]
#
|
3)、测试MariaDB的连接
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@Legion100 ~]
# mysql -uvsftpd -plookback -h172.16.6.100 -P3306
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection
id
is 10
Server version: 10.0.19-MariaDB-log Source distribution
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type
'help;'
or
'\h'
for
help. Type
'\c'
to
clear
the current input statement.
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
|
test
|
| vsftpd |
+--------------------+
3 rows
in
set
(0.00 sec)
MariaDB [(none)]> USE vsftpd
Database changed
MariaDB [vsftpd]> SHOW tables;
+------------------+
| Tables_in_vsftpd |
+------------------+
|
users
|
+------------------+
1 row
in
set
(0.00 sec)
MariaDB [vsftpd]> SELECT
id
,name,password FROM
users
;
+----+----------+-------------------------------------------+
|
id
| name | password |
+----+----------+-------------------------------------------+
| 1 | Legion | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
| 2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows
in
set
(0.00 sec)
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~]
#
|
3、配置vsFTPD
1)、建立pam认证所需的文件
新建个/etc/pam.d/vsftpd.mariadb文件
|
1
|
[root@Legion100 ~]
# touch /etc/pam.d/vsftpd.mariadb
|
2)、64位系统写入下面的内容
|
1
2
|
auth required
/lib64/security/pam_mysql
.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
account required
/lib64/security/pam_mysql
.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
|
32位系统写入下面的内容
|
1
2
|
auth required
/lib/security/pam_mysql
.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
account required
/lib/security/pam_mysql
.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
|
32位和64位通用写法
|
1
2
|
auth required pam_mysql.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
account required pam_mysql.so user=vsftpd
passwd
=lookback host=172.16.6.100 db=vsftpd table=
users
usercolumn=name passwdcolumn=password
crypt
=2
|
3)、修改vsftpd配置文件
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
|
[root@Legion100 ~]
# cd /etc/vsftpd/
[root@Legion100
/etc/vsftpd
]
# cp vsftpd.conf vsftpd.conf_`date +%F`
[root@Legion100
/etc/vsftpd
]
# ls
ftpusers user_list vsftpd.conf vsftpd.conf_2015-06-03 vsftpd_conf_migrate.sh
[root@Legion100
/etc/vsftpd
]
# groupadd -g 1501 vftpuser && useradd -g vftpuser -u 1501 -s /sbin/nologin -d /home/vftpuser vftpuser
[root@Legion100
/etc/vsftpd
]
# id vftpuser
uid=1501(vftpuser) gid=1501(vftpuser) 组=1501(vftpuser)
[root@Legion100
/etc/vsftpd
]
# finger vftpuser
Login: vftpuser Name:
Directory:
/home/vftpuser
Shell:
/sbin/nologin
Never logged
in
.
No mail.
No Plan.
[root@Legion100
/etc/vsftpd
]
# mkdir -p /home/vftpuser
[root@Legion100
/etc/vsftpd
]
# chown -R vftpuser.vftpuser /home/vftpuser
[root@Legion100
/etc/vsftpd
]
# chmod go+rx /home/vftpuser
[root@Legion100
/etc/vsftpd
]
# ls -ld /home/vftpuser/
drwxr-xr-x 4 vftpuser vftpuser 4096 6月 3 16:14
/home/vftpuser/
|
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
|
[root@Legion100
/etc/vsftpd
]
# grep -Ev '(^#\s.*|^#|^$)' vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd.mariadb
#这里直接把pam的认证文件换成了vsftpd.mariadb后系统用户就不能登录ftp了
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vftpuser
|
reload下vsftpd使刚才上面的配置文件修改生效
|
1
2
3
4
|
[root@Legion100
/etc/vsftpd
]
# service vsftpd reload
关闭 vsftpd: [确定]
为 vsftpd 启动 vsftpd: [确定]
[root@Legion100
/etc/vsftpd
]
#
|
4、测试登录
1)、Linux下
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[root@Legion101 ~]
# ifconfig | sed -rn '/^[^ \t]/{N;s/(^[^ ]*).*addr:([^ ]*).*/\1 \2/p}' | \
>
awk
'$2!~/^192\.168|^10\.|^127|^0|^$/{print $1"="$2}'
eth0=172.16.6.101
[root@Legion101 ~]
# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system
type
is UNIX.
Using binary mode to transfer files.
ftp
> bye
221 Goodbye.
[root@Legion101 ~]
# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): LookBack
331 Please specify the password.
Password:
230 Login successful.
Remote system
type
is UNIX.
Using binary mode to transfer files.
ftp
> bye
221 Goodbye.
[root@Legion101 ~]
#
|
2)、Windows下
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation。保留所有权利。
C:\Users\Administrator>ftp 172.16.6.100
连接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用户(172.16.6.100:(none)): Legion
331 Please specify the password.
密码:
230 Login successful.
ftp> pwd
257
"/"
ftp> bye
221 Goodbye.
C:\Users\Administrator>ftp 172.16.6.100
连接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用户(172.16.6.100:(none)): LookBack
331 Please specify the password.
密码:
230 Login successful.
ftp> pwd
257
"/"
ftp> bye
221 Goodbye.
C:\Users\Administrator>
|
3)、客户端
5、配置基于单个虚拟用的权限
从上面可以看出我们创建的两个虚拟用户只能登录 但是不上传文件。下面将说说具体的虚拟用户权限配置
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
|
[root@Legion100
/etc/vsftpd
]
# echo "user_config_dir=/etc/vsftpd/vftpusers" >> /etc/vsftpd/vsftpd.conf
[root@Legion100
/etc/vsftpd
]
# mkdir -p /etc/vsftpd/vftpusers
[root@Legion100
/etc/vsftpd
]
# cd /etc/vsftpd/vftpusers
[root@Legion100
/etc/vsftpd/vftpusers
]
# touch /etc/vsftpd/vftpusers/{Legion,LookBack}
[root@Legion100
/etc/vsftpd/vftpusers
]
# cat > /etc/vsftpd/vftpusers/Legion <<EOF
anon_upload_enable=YES
#允许Legion用户可以上传文件
anon_mkdir_write_enable=YES
#允许Legion用可以创建文件
anon_other_write_enable=YES
#允许Legion可以删除文件
EOF
[root@Legion100
/etc/vsftpd/vftpusers
]
# cat /etc/vsftpd/vftpusers/Legion > /etc/vsftpd/vftpusers/LookBack
[root@Legion100
/etc/vsftpd/vftpusers
]
# sed -i 's/NO/YES/' /etc/vsftpd/vftpusers/LookBack #修改LookBack没有上传 创建 删除权限
[root@Legion100
/etc/vsftpd/vftpusers
]
# service vsftpd restart
关闭 vsftpd: [确定]
为 vsftpd 启动 vsftpd: [确定]
[root@Legion100
/etc/vsftpd/vftpusers
]
#
|
2)、测试
|
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[root@Legion101 ~]
# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system
type
is UNIX.
Using binary mode to transfer files.
ftp
> lcd
/etc/
Local directory now
/etc
ftp
> put inittab
local
: inittab remote: inittab
227 Entering Passive Mode (172,16,6,100,253,120).
150 Ok to send data.
226 Transfer complete.
884 bytes sent
in
7.4e-05 secs (11945.94 Kbytes
/sec
)
ftp
>
ls
-l
227 Entering Passive Mode (172,16,6,100,244,244).
150 Here comes the directory listing.
-rw------- 1 1501 1501 884 Jun 03 09:02 inittab
226 Directory send OK.
ftp
> bye
221 Goodbye.
[root@Legion101 ~]
# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Lookback
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp
> lcd
/etc/
Local directory now
/etc
ftp
> put fstab
local
: fstab remote: fstab
530 Please login with USER and PASS.
Passive mode refused.
ftp
> bye
221 Goodbye.
[root@Legion101 ~]
#
|
