上篇中通过文本文件用户列表方式对FTP用户进行用户管理很不方便,接下来我们用上数据库存方式,实现用户管理。
一、安装Mysql[root@localhost vsftpd]# yum install wget -y
[root@localhost local]# cd /usr/local/src
[root@localhost src]# wget http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm
[root@localhost src]# rpm -ivh mysql-community-release-el7-5.noarch.rpm
[root@localhost src]# yum install mysql-community-server
[root@localhost src]# yum install -y mysql
[root@localhost src]# rpm -qa |grep mysql
mysql-community-release-el7-5.noarch
mysql-community-common-5.6.37-2.el7.x86_64
mysql-community-client-5.6.37-2.el7.x86_64
mysql-community-libs-5.6.37-2.el7.x86_64
mysql-community-devel-5.6.37-2.el7.x86_64
mysql-community-server-5.6.37-2.el7.x86_64
[root@localhost src]# find / -name "mysql"
/etc/logrotate.d/mysql
/etc/selinux/targeted/active/modules/100/mysql
/var/lib/mysql
/usr/bin/mysql
/usr/lib64/mysql
/usr/share/mysql
/usr/include/mysql
/usr/include/mysql/mysql
[root@localhost src]# systemctl start mysqld
二、设置mysql与创建用户数据库[root@localhost src]# mysql -uroot -p
#新装没有密码,直接回车
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
mysql> set password for 'root'@'localhost' =password('1234Test.,');
mysql> create database vftpuser;
Query OK, 1 row affected (0.00 sec)
mysql> use vftpuser;
Database changed
mysql> create table users (
-> id int AUTO_INCREMENT NOT NULL,
-> name char(20) binary NOT NULL,
-> password char(48) binary NOT NULL,
-> primary key(id)
-> );
Query OK, 0 rows affected (0.34 sec)
mysql> insert into users (name,password ) values ('showmuftp',password('111111'));
Query OK, 1 row affected (0.00 sec)
mysql> insert into users (name,password ) values ('showmuweb',password('222222'));
Query OK, 1 row affected (0.01 sec)
mysql> insert into users (name,password ) values ('showmuguest',password('333333'));
Query OK, 1 row affected (0.01 sec)
mysql> \q
Bye
[root@localhost src]# mysql -uroot -p
mysql> use vftpuser;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SELECT id,name,password FROM users;
+----+-------------+-------------------------------------------+
| id | name | password |
+----+-------------+-------------------------------------------+
| 1 | showmuftp | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
| 2 | showmuweb | *A0C1808B1A47CECD5C161FEE647F5427F4EB6F98 |
| 3 | showmuguest | *DF2FAF9AD979B357C54A6723638197DDB913E1C8 |
+----+-------------+-------------------------------------------+
3 rows in set (0.00 sec)
mysql> \q
Bye
三、安装pam_mysql-0.7RC1[root@localhost src]# yum install pam-devel
[root@localhost src]# wget https://nchc.dl.sourceforge.net/project/pam-mysql/pam-mysql/0.7RC1/pam_mysql-0.7RC1.tar.gz
[root@localhost src]# tar -zxvf pam_mysql-0.7RC1.tar.gz
[root@localhost src]# cd pam_mysql-0.7RC1
[root@localhost src]# yum install -y make gcc-c++ cmake bison-devel ncurses-devel gcc autoconf automake zlib* fiex* libxml*
[root@localhost pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-pam-mods-dir=/lib64/security/
[root@localhost pam_mysql-0.7RC1]# make&&make install
四、设置vsftpd[root@localhost security]# vim /etc/pam.d/vsftpd.mysqldb
auth required /lib64/security/pam_mysql.so user=root passwd=1234Test., host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=root passwd=1234Test., host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@localhost pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.conf
[root@localhost pam_mysql-0.7RC1]# cd /etc/vsftpd
[root@localhost vsftpd]# ls
ftpusers vftpuser_conf vftpusers.txt vsftpd.conf_2017-10-05 vsftpd.conf.rpmsave
user_list vftpusers.db vsftpd.conf vsftpd_conf_migrate.sh
[root@localhost vsftpd]# grep -Ev '(^#\s.*|^#|^$)' vsftpd.conf
anonymous_enable=YES
anon_mkdir_write_enable=YES
anon_root=/www/ftp/pub
local_root=/www/ftp/pub
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd.mysqldb
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vftpuser
user_config_dir=/etc/vsftpd/vftpuser_conf
allow_writeable_chroot=YES
[root@localhost vsftpd]# systemctl restart vsftpd
[root@localhost vsftpd]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2017-10-06 09:58:26 EDT; 5min ago
Process: 8526 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 8527 (vsftpd)
CGroup: /system.slice/vsftpd.service
├─8527 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
├─8548 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
├─8550 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
├─8552 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
└─8555 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
10月 06 09:58:26 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
10月 06 09:58:26 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.