centos vsftp mysql_[CentOS] CentOS for vsftpd with MySQL Virtual user

從ubuntu

12.04的安裝手法拿到CentOS來真的有些很大的不同

絕大部分的語法、概念都是差不多的，只是指令上有些差別，跟ubuntu

有不一樣的地方特別拿出來另外說明

要讓vsftpd與mysql溝通一定要有一個介值，mysql的插件是一定要裝的

在ubuntu

12.04需要 libpam-ldap

CentOS 6.3 需要

pam_mysql

vsftpd主配置檔

/etc/pam.d/vsftpd

crypt=0:

明文密碼

crypt=1:

使用crpyt()函數(對應SQL資料表的encrypt()，encrypt()隨機產生salt)

crypt=2:

使用MySQL中的password()函數加密

crypt=3：表示使用md5函數加密

使用系統與套件

system：CentOS

6.3

software：MySQL 5.1、vsftpd

2.2

一、安裝軟體

1)使用這兩個software就一定要安裝他們

# yum install vsftpd mysql-server

2)啟用mysqld後，會提式第一次使用mysql一定要執行

mysqladmin 設定密碼

# /etc/init.d/mysqld

start

# mysqladmin -u root password ‘you root sql

password‘

二、設定vsftpd

1)建立與mysql橋接的guest

user，這個帳號只用於跟mysql溝通

# useradd -G users -s /sbin/nologin

-d /home/vsftpd

vsftpd

2)備份vsftpd.conf避免設定失敗

# cp -v /etc/vsftpd/vsftpd.conf

/etc/vsftpd/vsftpd.conf-orig

3)清空設定檔

#

cat /dev/null >

/etc/vsftpd/vsftpd.conf

4)編輯設定檔

#vi

/etc/vsftpd/vsftpd.conf

5) 內容

#

No ANONYMOUS users allowed

anonymous_enable=NO

#

Allow ‘local‘ users with WRITE permissions

(0755)

local_enable=YES

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

#

if you want to LOG vsftpd activity then uncomment this

log_ftp_protocol

#

log_ftp_protocol=YES

connect_from_port_20=YES

#

uncomment xferlog_file and xferlog_std_format if you DIDN‘T use the line

above

# with log_ftp_protocol - it must be excluding each

other

# The name of log file when xferlog_enable=YES and

xferlog_std_format=YES

# WARNING - changing this filename

affects

/etc/logrotate.d/vsftpd.log

#xferlog_file=/var/log/xferlog

#

#

xferlog_std_format Switches between logging into vsftpd_log_file and

xferlog_file files.

# NO writes to vsftpd_log_file, YES to

xferlog_file

#

xferlog_std_format=YES

#

# You

may change the default value for timing out an idle session (in

seconds).

#idle_session_timeout=600

#

#

You may change the default value for timing out a data connection (in

seconds).

#data_connection_timeout=120

#

#

define a unique user on your system which the

# ftp server can

use as a totally isolated and unprivileged

user.

nopriv_user=vsftpd

chroot_local_user=YES

listen=YES

#

here we use the authentication module for vsftpd to check users name and

passw

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

#

If userlist_deny=YES (default), never allow users in this file

#

/etc/vsftpd/user_list , and do not even prompt for a password.

#

Note that the default vsftpd pam config also checks

/etc/vsftpd/ftpusers

# for users that are

denied.

userlist_deny=yes

#

here the vsftpd will allow the ‘vsftpd‘ user to login into ‘/home/vsftpd/$USER

directory

guest_enable=YES

guest_username=vsftpd

local_root=/home/vsftpd/$USER

user_sub_token=$USER

virtual_use_local_privs=YES

user_config_dir=/etc/vsftpd/vsftpd_user_conf

force_local_data_ssl=NO

force_local_logins_ssl=NO

#

PASV - passive ports for FTP (range 44000 - 44100 ; 100 PASV ports, OPEN

FIREWALL FOR ALLOWING

CONNECTIONS

pasv_enable=YES

pasv_min_port=44000

pasv_max_port=44100

6)建立vsftpd的virtual

user的個人設定檔目錄

# mkdir

/etc/vsftpd/vsftpd_user_conf

7)編輯個人設定檔

# vi

/etc/vsftpd/vsftpd_user_conf/user1

8)編輯內容

dirlist_enable=YES

download_enable=YES

#

full path to the directory where ‘user1‘ will have access, change to your

needs

local_root=/home/vsftpd/user1

write_enable=YES

11)備份於pam.d下的vsftpf設定檔

# cp /etc/pam.d/vsftpd

/etc/pam.d/vsftpd-orig

12)清空設定檔

# echo >

/etc/pam.d/vsftpd

13)編輯設定檔，寫入內容

#

vi /etc/pam.d/vsftpd

內容

#%PAM-1.0

session

optional     pam_keyinit.so     force

revoke

auth required pam_mysql.so user=vsftpd

passwd=vsftpdpasswd host=localhost db=vsftpd table=accounts usercolumn=username

passwdcolumn=pass crypt=3

account required pam_mysql.so

user=vsftpd passwd=vsftpdpasswd host=localhost db=vsftpd table=accounts

usercolumn=username passwdcolumn=pass

crypt=3

三、建立管理虛擬使用者db與table

1)設定資料庫名稱，這裡設定是vsftpd

mysql> CREATE DATABASE

vsftpd;

2)設定"使用者"與"密碼"能夠管理"vsftpd"這個資料庫，在本機端

mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO

‘username‘@‘localhost‘ IDENTIFIED BY

‘password‘;

3)更新資料庫資料

mysql> FLUSH PRIVILEGES;

4)建立資料表各欄位

mysql> USE vsftpd;

mysql> CREATE

TABLE `accounts` (

`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY

,

`username` VARCHAR( 30 ) NOT NULL ,

`pass`

VARCHAR( 50 ) NOT NULL ,

UNIQUE ( `username` )

)

ENGINE = MYISAM ;

5)建立virtual

user 與 password

mysql> INSERT INTO accounts (username,

pass) VALUES(‘user1‘, md5(‘123456‘));

mysql> INSERT

INTO accounts (username, pass) VALUES(‘testu‘,

PASSWORD(‘[email protected]‘));

6)查看目前的user

mysql> select * from accounts;

7)建立virtual

user 需要的目錄

# mkdir

/home/vsftpd/user1

# chown vsftpd:users

/home/vsftpd/user1

四、安裝插件

1)安裝與mysql連接的檔案

http://pkgs.org/centos-6-rhel-6/epel-x86_64/pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm.html

# wget

http://dl.fedoraproject.org/pub/epel/6/x86_64/pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm

用rpm安裝，U參數是沒安裝過的software直接安裝，有裝過舊版的自動更新為新版

# rpm -Uvh

pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm

一般安裝於/lib/security/

這目錄下，如果是x64就會在 /lib64/serurity/

下

2)安裝mysql需要插件

#

yum install

mysql-devel

重啟服務

service mysqld

vsftpd restart