"/etc/pam.d/vsftpd文件配置如下:
#%PAM-1.0
auth sufficient /lib/security/pam_mysql.so user=vuser passwd=123 host=localhost db=ftpvuser table=users usercolumn=name passwdcolumn=passwd crypt=2
account sufficient /lib/security/pam_mysql.so user=vuser passwd=123 host=localhost db=ftpvuser table=users usercolumn=name passwdcolumn=passwd crypt=2
#auth sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser
#account sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
session include system-auth
session required pam_loginuid.so
/etc/vsftpd/vsftpd.conf文件配置如下:
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
download_enable=YES
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vuserconf
mysql创建的数据库及登录情况:
[root@server ~]# mysql -u vuser -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.0.45 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> use ftpvuser
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from users
-> ;
+-----------+------------------+
| name | passwd |
+-----------+------------------+
| qiaojiayi | 446a12100c856ce9 |
| qiaozelin | 446a12100c856ce9 |
| test | 446a12100c856ce9 |
+-----------+------------------+
3 rows in set (0.00 sec)
ftp登录情况及错误提示如下:
[root@server ~]# ftp 125.96.214.208
Connected to 125.96.214.208.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (125.96.214.208:root): qiaojiayi
331 Please specify the password.
Password:
530 Login incorrect.
Login failed."
匿名和本地用户可以登录如下:
[root@localhost ~]# ftp 125.96.214.208
Connected to 125.96.214.208.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (125.96.214.208:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
[root@localhost ~]# ftp 125.96.214.208
Connected to 125.96.214.208.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (125.96.214.208:root): qiaoxj
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.
mysql虚拟用户无法登录如下:
[root@localhost ~]# ftp 125.96.214.208
Connected to 125.96.214.208.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (125.96.214.208:root): qiaojiayi
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
[root@localhost ~]# ftp 125.96.214.208
Connected to 125.96.214.208.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (125.96.214.208:root): qiaozelin
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.