程序包:vsftpd, mariadb-server, mariadb-devel, pam-devel
# yum -y install vsftpd mariadb-server mariadb-devel pam-devel
pam模块路径:/usr/lib64/security/
pam是认证服务:调用pam即可认证,具体是什么认证方式由pam配置文件决定;
pam认证方式:文件、mysql、ldap
在CentOS 7中要使用pam_mysql要手动编译,CentOS 6中EPEL已经提供;
编译pam_mysql步骤:
一、开发环境
# yum -y groupinstall “Development Tools” “Server Platform Development”
(安装过程中:
vim 特性回顾:
set ai 自动换行
set ic ignore case
set hls high light search
set is 跟踪查找
set nu 行号显示
set tabstop=# TAB几个空格
set sm 括号匹配
syntax on 语法高亮
)
二、编译
# tar xf pam_mysql-0.7RC1.tar.gz
# cd pam_mysql-0.7RC1/
# ./configure –with-mysql=/usr –with-pam=/usr –with-pam-mods-dir=/usr/lib64/security
–with-mysql 针对mysql编译;
–with-pam-mods-dir 编译生成的pam模块存放路径;
# make -j 4 && make install
查看:# ls /usr/lib64/security/
pam_mysql.so
配置mysql:
~]# vim /etc/my.cnf.d/server.cnf
[mysqld]
skip_name_resolve=ON
innodb_file_per_table=ON
log_bin=mysql-bin
~]# systemctl start mariadb.service
~]# ss -tnl
~]# mysql_secure_installation
~]# mysql -uroot -hlocalhost -pmagedu
> GRANT ALL ON vsftpd.* TO ‘vsftpd’@’127.0.0.1’ IDENTIFIED BY ‘vsftpd’;
~]# mysql -uvsftpd -h127.0.0.1 -pvsftpd
> CREATE TABLE users(id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(60) NOT NULL, password CHAR(48) NOT NULL, UNIQUE KEY(name));
> INSERT INTO users(name,password) VALUES (‘tom’,PASSWORD(‘magedu’)),(‘jerry’,PASSWORD(‘jerry’));
配置vsftpd:
pam提供给vsftpd的配置文件:/etc/pam.d/vsftpd
vsftpd的配置文件:/etc/vsftpd.conf
# vim /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
# vim /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.vusers <– 认证配置文件;
guest_enable=YES <– 启用虚拟账号
guest_username=vuser <– 将虚拟账号映射至vuser用户
# mkdir -v /ftproot
# useradd -d /ftproot/vuser vuser
# systemctl restart vsftpd.service
# ss -tnl ( :21 )
在非本机测试连接ftp
~]# lftp -u tom 172.16.0.67
Password:
lftp tom@172.16.0.67:~> ls
ls: Login failed: 530 Login incorrect.
# chmod -w /ftproot/vuser/
# ls -ld /ftproot/vuser/
dr-x——. 1 vuser vuser 80 Dec 7 13:37 /ftproot/vuser/
# chmod +rx /ftproot/vuser/
在远程登陆ftp
~]# install -dv /ftproot/vuser/pub
~]# install -dv -o vuser -g vuser /ftproot/vuser/upload
~]# lftp -u jerry 172.16.0.67
Password:
lftp jerry@172.16.0.67:~> ls
drwxr-xr-x 1 0 0 0 Dec 07 05:40 pub
drwxr-xr-x 1 1001 1001 18 Dec 08 00:47 upload
注意:upload目录有vuser权限,但不能上传;
给予共享权限:
# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/vusers_config/
# mkdir /etc/vsftpd/vusers_config/
# vim /etc/vsftpd/vusers_config/tom
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
# systemctl restart vsftpd.service
anon_umask必须设置其它用户可读;
否则创建的目录下的所有文件不可见;
本文来自投稿,不代表Linux运维部落立场,如若转载,请注明出处:http://www.178linux.com/90441
评论列表(1条)
拓扑和实验目的能清晰的给出来,会更好~