实现基于MYSQL验证的vsftpd虚拟用户访问
1.实验结构
![](https://img-blog.csdnimg.cn/1c6a9f9b002f4c5e8067500eef778cff.png)
本实验在两台主机上实现
一台做为FTP服务器CentOS 7(必须用7,8不支持)
一台做 Mariadb 数据库服务器或mysql(不能使用8.0 5.7可以)
2.具体步骤
1.mariadb主机
1.mysql服务器安装mariadb
[root@centos8:~]
yum -y install mariadb-server
[root@centos8:~]
systemctl enable --now mariadb
2.创建数据库和表
MariaDB [(none)]> create database vsftpd;
MariaDB [(none)]> use vsftpd
MariaDB [vsftpd]> create table users (
id int auto_increment not null primary key,
name char(50) binary not null,
password char(48) binary not null
);
MariaDB [vsftpd]> insert users (name,password) values('alice',password('123456'));
MariaDB [vsftpd]> insert users (name,password) values('bob',password('654321'));
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | alice | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | bob | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+----+-------+-------------------------------------------+
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'10.0.0.%' identified by '123456';
2.ftp-server主机
1.安装vsftpd
[root@centos7:~]
yum -y install vsftpd
[root@centos7:~]
systemctl enable --now vsftpd
2.把pam模块上传并解压
[root@centos7:~]
wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-
0.7RC1.tar.gz
[root@centos7:~]
tar xvf pam_mysql-0.7RC1.tar.gz -C /usr/local/src
[root@centos7:~]
cd /usr/local/src/pam_mysql-0.7RC1/
3.安装依赖包
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
./configure --with-pam-mods-dir=/lib64/security
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
make -j 2 && make install
4.新建pam_mysql配置文件,添加一下内容
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
5.创建连接的映射账号。
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
mkdir -pv /data/ftproot/upload
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
setfacl -m u:vuser:rwx /data/ftproot/upload
6.修改VSftpd的配置文件
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
vim /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.mysql
guest_enable=YES
guest_username=vuser
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
systemctl restart vsftpd
7.针对于不同用户单独创建配置文件,实现各自有自己的家目录
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
mkdir /etc/vsftpd/conf.d
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
vim /etc/vsftpd/conf.d/alice
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot1
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
mkdir /data/ftproot1/upload -p
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
setfacl -m u:vuser:rwx /data/ftproot1/upload
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
vim /etc/vsftpd/conf.d/bob
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot2
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
mkdir /data/ftproot2/upload -p
[root@centos7:/usr/local/src/pam_mysql-0.7RC1]
setfacl -m u:vuser:rwx /data/ftproot2/upload
8.测试
[root@ubuntu18 ~]
Connected to 10.0.0.7.
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jun 16 09:46 alice.txt
226 Directory send OK.
ftp> lcd /etc/
Local directory now /etc
ftp> put hosts
local: hosts remote: hosts
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
214 bytes sent in 0.00 secs (457.2962 kB/s)
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jun 16 09:46 alice.txt
-rw------- 1 997 995 214 Jun 16 09:48 hosts
226 Directory send OK.
ftp>
3.新增账号实现
MariaDB [vsftpd]> insert users (name,password) values('jack',password('magedu'));
此时jack就可以登录使用了,只不过使用的目录是公共目录,可以继续设置新的目录的权限,从而实现账户分类管理。