vsftpd基于pam_mysql如何做虚拟用户认证
发表于:2025-02-04 作者:千家信息网编辑
千家信息网最后更新 2025年02月04日,这篇文章给大家介绍vsftpd基于pam_mysql如何做虚拟用户认证,内容非常详细,感兴趣的小伙伴们可以参考借鉴,希望对大家能有所帮助。(1)下载epel源[root@CentOS7-175 ~]#
千家信息网最后更新 2025年02月04日vsftpd基于pam_mysql如何做虚拟用户认证
这篇文章给大家介绍vsftpd基于pam_mysql如何做虚拟用户认证,内容非常详细,感兴趣的小伙伴们可以参考借鉴,希望对大家能有所帮助。
(1)下载epel源
[root@CentOS7-175 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo #下载阿里云的epel源[root@CentOS7-175 ~]# yum repolist
(2)安装所需要的包
[root@CentOS7-175 ~]# yum -y groupinstall "Development Tools" "Server Platform Development"[root@CentOS7-175 ~]# yum -y install vsftpd pam-devel mariadb-server mariadb-devel openssl-devel[root@CentOS7-175 ~]# systemctl start mariadb.service[root@CentOS7-175 ~]# systemctl enable mariadb.service
(3)编译安装pam_mysql模块
vsftpd通过pam_mysql进行用户验证,需要安装pam_mysql模块,但是默认系统yum源不提供,所以需要编译安装pam_mysql模块
[root@CentOS7-175 ~]# mkdir /home/tools/[root@CentOS7-175 ~]# cd /home/tools/[root@CentOS7-175 tools]# tar xf pam_mysql-0.7RC1.tar.gz[root@CentOS7-175 tools]# cd pam_mysql-0.7RC1/[root@CentOS7-175 pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr --with-pam-mods-dir=/lib64/security[root@CentOS7-175 pam_mysql-0.7RC1]# make && make install[root@CentOS7-175 pam_mysql-0.7RC1]# ls /lib64/security/pam_mysql.so #查询是否编译成功,ls是否有pam_mysql.so模块/lib64/security/pam_mysql.so
(4)备份vsftpd.conf配置文件
[root@CentOS7-175 pam_mysql-0.7RC1]# systemctl stop vsftpd[root@CentOS7-175 pam_mysql-0.7RC1]# cd /etc/vsftpd[root@CentOS7-175 vsftpd]# cp vsftpd.conf{,.bak}[root@CentOS7-175 vsftpd]# ls vsftpd.conf*vsftpd.conf vsftpd.conf.bak(5)配置mysql
[root@CentOS7-175 vsftpd]# mysql -uroot -p #登录mysqlEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 2Server version: 5.5.44-MariaDB MariaDB ServerCopyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE vsftpd; #创建vsftpd库Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> use vsftpd; #进入vsftpd库Database changedMariaDB [vsftpd]> CREATE TABLE users ( #创建users表 -> id int AUTO_INCREMENT NOT NULL PRIMARY KEY, -> name char(30) NOT NULL, -> password char(48)binary NOT NULL);Query OK, 0 rows affected (0.05 sec)MariaDB [vsftpd]> desc users; #查看users表+----------+----------+------+-----+---------+----------------+| Field | Type | Null | Key | Default | Extra |+----------+----------+------+-----+---------+----------------+| id | int(11) | NO | PRI | NULL | auto_increment || name | char(30) | NO | | NULL | || password | char(48) | NO | | NULL | |+----------+----------+------+-----+---------+----------------+3 rows in set (0.00 sec)MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('tom',password('zhucke')); #在表中插入数据用户Query OK, 1 row affected (0.00 sec)MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('jerry',password('zhucke.com'));Query OK, 1 row affected (0.00 sec)MariaDB [vsftpd]> SELECT * FROM users;+----+-------+-------------------------------------------+| id | name | password |+----+-------+-------------------------------------------+| 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 || 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A |+----+-------+-------------------------------------------+2 rows in set (0.00 sec)MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'zhucke'; #授权vsftpd用户登录mysqlQuery OK, 0 rows affected (0.04 sec)MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'zhucke'; #授权vsftpd用户登录mysqlQuery OK, 0 rows affected (0.00 sec)MariaDB [vsftpd]> FLUSH PRIVILEGES;Query OK, 0 rows affected (0.01 sec)MariaDB [vsftpd]> exitBye(6)测试用vsftpd用户登录mysql
[root@CentOS7-175 vsftpd]# mysql -uvsftpd -pEnter password:Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 4Server version: 5.5.44-MariaDB MariaDB Server Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW DATABASES;+--------------------+| Database |+--------------------+| information_schema || test || vsftpd |+--------------------+3 rows in set (0.01 sec) MariaDB [(none)]> use vsftpd;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -A Database changedMariaDB [vsftpd]> SELECT * FROM users;+----+-------+-------------------------------------------+| id | name | password |+----+-------+-------------------------------------------+| 1 | tom | *9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38 || 2 | jerry | *3E27BE6A3667961ABCCFCA4832F06B151F81185A |+----+-------+-------------------------------------------+2 rows in set (0.01 sec)
(7)配置pam
[root@CentOS7-175 vsftpd]# cd /etc/pam.d/[root@CentOS7-175 pam.d]# vim vsftpd.mysql[root@CentOS7-175 pam.d]# cat vsftpd.mysqlauth required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd tablee=users usercolumn=name passwdcolumn=password crypt=2[root@CentOS7-175 pam.d]# useradd -s /sbin/nologin -d /ftproot vuser[root@CentOS7-175 pam.d]# ls -ld /ftproot/drwx------ 3 vuser vuser 74 Jun 11 11:30 /ftproot/[root@CentOS7-175 pam.d]# chmod go+rx /ftproot/[root@CentOS7-175 pam.d]# ls -ld /ftproot/drwxr-xr-x 3 vuser vuser 74 Jun 11 11:30 /ftproot/[root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf[root@CentOS7-175 pam.d]# tail -7 /etc/vsftpd/vsftpd.confpam_service_name=vsftpd.mysqllocal_enable=YESwrite_enable=YESlocal_umask=022guest_enable=YESguest_username=vuser #指明虚拟用户映射到的系统用户[root@CentOS7-175 pam.d]# chmod -w /ftproot/[root@CentOS7-175 pam.d]# systemctl restart vsftpd[root@CentOS7-175 pam.d]# mkdir /ftproot/{pub,upload}(8)Client:192.168.5.171上分别用tom用户和jerry用户登录ftp服务器
[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): tom #用tom用户登录 331 Please specify the password.Password:230 Login successful. #登录成功Remote system type is UNIX.Using binary mode to transfer files.ftp> ls #查看ftp服务内的文件227 Entering Passive Mode (192,168,5,175,58,188).150 Here comes the directory listing.drwxr-xr-x 2 0 0 6 Jun 11 03:34 pubdrwxr-xr-x 2 0 0 6 Jun 11 03:34 upload226 Directory send OK.ftp> exit221 Goodbye.[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): jerry #用jerry用户登录331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,5,175,189,114).150 Here comes the directory listing.drwxr-xr-x 2 0 0 6 Jun 11 03:34 pubdrwxr-xr-x 2 0 0 6 Jun 11 03:34 upload226 Directory send OK.
(9)设置文件可以上传
[root@CentOS7-175 pam.d]# chown vuser /ftproot/upload/ #修改此目录属主为vuser用户[root@CentOS7-175 pam.d]# ls -ld /ftproot/upload/drwxr-xr-x 2 vuser root 6 Jun 11 11:34 /ftproot/upload/[root@CentOS7-175 pam.d]# vim /etc/vsftpd/vsftpd.conf #编译vsftpd.conf文件anon_upload_enable=YES #将此行#号去掉,开启文件上传[root@CentOS7-175 pam.d]# systemctl restart vsftpd
(10)测试文件上传
[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): tom #用tom用户登录331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> cd upload #进入upload目录250 Directory successfully changed.ftp> lcd /etc #进入本地的/etc目录Local directory now /etcftp> put fstab #上传fstab文件local: fstab remote: fstab227 Entering Passive Mode (192,168,5,175,72,65).150 Ok to send data.226 Transfer complete.648 bytes sent in 0.000229 secs (2829.69 Kbytes/sec)ftp> ls #查看是否有fstab文件227 Entering Passive Mode (192,168,5,175,187,100).150 Here comes the directory listing.-rw------- 1 1001 1001 648 Jun 11 03:50 fstab #上传成功226 Directory send OK.ftp> exit221 Goodbye.[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): jerry #用jerry用户登录331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> cd upload #进入upload目录250 Directory successfully changed.ftp> lcd /etc #进入本地的/etc/目录Local directory now /etcftp> put issue #上传issue文件local: issue remote: issue227 Entering Passive Mode (192,168,5,175,95,111).150 Ok to send data.226 Transfer complete.23 bytes sent in 0.000659 secs (34.90 Kbytes/sec)ftp> ls227 Entering Passive Mode (192,168,5,175,177,97).150 Here comes the directory listing.-rw------- 1 1001 1001 648 Jun 11 03:50 fstab-rw------- 1 1001 1001 23 Jun 11 03:52 issue #上传issue文件成功226 Directory send OK.
(11)配置用户拥有不同的权限,一个可以上传,一个不可以上传
[root@CentOS7-175 pam.d]# cd /etc/vsftpd[root@CentOS7-175 vsftpd]# mkdir vusers.conf.d[root@CentOS7-175 pam.d]# cd vusers.conf.d[root@CentOS7-175 vusers.conf.d]# vim tomanon_upload_enable=YES #tom用户可以上传[root@CentOS7-175 vusers.conf.d]# vim jerryanon_upload_enable=NO #jerry用户不上传[root@CentOS7-175 vsftpd]# vim /etc/vsftpd/vsftpd.confuser_config_dir=/etc/vsftpd/vusers.conf.d[root@CentOS7-175 vsftpd]# systemctl restart vsftpd.service
(12)验证tom用户和jerry用户
[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): tom331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,5,175,205,162).150 Here comes the directory listing.drwxr-xr-x 2 0 0 6 Jun 11 03:34 pubdrwxr-xr-x 2 1001 0 30 Jun 11 03:52 upload226 Directory send OK.ftp> cd upload250 Directory successfully changed.ftp> lcd /etcLocal directory now /etcftp> put grub2.cfglocal: grub2.cfg remote: grub2.cfg227 Entering Passive Mode (192,168,5,175,211,51).150 Ok to send data. #tom用户上传成功226 Transfer complete.4213 bytes sent in 0.0815 secs (51.69 Kbytes/sec)ftp> ls227 Entering Passive Mode (192,168,5,175,111,189).150 Here comes the directory listing.-rw------- 1 1001 1001 648 Jun 11 03:50 fstab-rw------- 1 1001 1001 4213 Jun 11 04:04 grub2.cfg-rw------- 1 1001 1001 23 Jun 11 03:52 issue226 Directory send OK.[root@CentOS7-171 ~]# ftp 192.168.5.175Connected to 192.168.5.175 (192.168.5.175).220 (vsFTPd 3.0.2)Name (192.168.5.175:root): jerry 331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,5,175,31,254).150 Here comes the directory listing.drwxr-xr-x 2 0 0 6 Jun 11 03:34 pubdrwxr-xr-x 2 1001 0 62 Jun 11 04:06 upload226 Directory send OK.ftp> lcd /etcLocal directory now /etcftp> cd upload250 Directory successfully changed.ftp> put issuelocal: issue remote: issue227 Entering Passive Mode (192,168,5,175,87,198).550 Permission denied. #jerry测试结果是不能上传
关于vsftpd基于pam_mysql如何做虚拟用户认证就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果觉得文章不错,可以把它分享出去让更多的人看到。
用户
文件
登录
成功
目录
模块
编译
配置
测试
认证
内容
更多
系统
帮助
服务
验证
不同
不错
兴趣
备份
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
网络安全 安全技巧
网络安全专业本科难度大吗
无锡专业网络安全准入控制系统
三诺生物软件开发
软件开发职业对人员的要求
mapgis 数据库管理
数据库2005重启不
崩坏三注册失败网络安全隐患
网络安全人员学习清单
7c服务器
网络技术服务业务流程
文件服务器方案
软件开发 项目人员架构
武昌定制软件开发价格
大唐服务器机柜
夺旗战网络安全
教师网络安全培训ppt
oracle数据库连接语句
什么是数据库恢复简述
徐州idc服务器哪个厂家质量好
网络安全中南大学
网络技术有限公司缴税
腾讯云网站部署到服务器上并解析
后端如何设计数据库
苹果手机软件开发难吗
在数据库服务器查日志
用计算机网络技术设计流程
玖壹购商城软件开发
ce怎样修改加密数据库
德瑞软件开发有限责任公司
