2015年(68)
分类: 系统运维
2015-08-31 18:43:53
将VSFTP的用户名和密码由hash数据文件的存储方式转为由mysql来存储,以提高安全性和使用户的管理更方便
2.调整过程
Vsftp之前已经安装且配置完,要调整的只是用户名和密码存储这一块,其他如配置文件、用户权限等保持原有配置,不作改动。
2.1安装/配置mysql2.1.1安装mysql-5.0.45
#useradd -s /bin/false -M mysql
#tar zxvf mysql-5.0.45.tar.gz –C /opt
#cd mysql-5.0.45
#./configure --prefix=/usr/local/mysql
-#make
#make install
#cp support-files/my-medium.cnf /etc/my.cnf
#cd /usr/local/mysql
#chown -R mysql:mysql .
#bin/mysql_install_db --user=mysql
#chown -R root .
#chown -R mysql var
#bin/mysqld_safe --log --user=mysql &
#cd /opt/mysql-5.0.45
#cp support-files/mysql.server /etc/rc.d/init.d/mysqld
#chmod 700 /etc/rc.d/init.d/mysqld
2.1.2将mysql加入自动启动服务队列
#chkconfig --add mysqld
#chkconfig --level 345 mysqld on
2.1.3配置库文件搜索路径
# echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
# ldconfig -v
数据库:vsftp
表 :users
字段 :name #用于保存虚拟用户的用户名
字段 :passwd #用于保存虚拟用户的口令;
(为了安全,新建一个mysql用户virtual_use,并只授权virtual_user读vsftp数据库的users)
2.2.1创建数据库并插入原来的虚拟用户
#mysql
mysql>create database vsftp;
mysql>use vsftp;
mysql>create table users(name char(16) binary,passwd char(128) binary);
(将原来的VSFTP虚拟用户名和密码全部导入)
mysql>insert into users (name,passwd) values ('username',password('password'));
mysql>insert -------------------;
mysql>grant select on vsftpdvu.users to vsftpdguest@localhost identified by '1qa@WS';
mysql>flush privileges;
mysql>quit
如果要验证刚才的操作是否成功可以执行下面命令:
#mysql -u virtual_user –p1qa@WS vsftp
mysql>select * from users;
如果成功,将会列出用户名和加密后的密码。
2.3设置PAM认证
2.3.1 下载、安装pam_mysql
Wget />
#tar xvzf pam_mysql-0.7RC1.tar.gz
#cd pam_mysql
#./configure –with-mysql=/usr/local/mysql
#make install
#cp /usr/lib/security/pam_msyql.so /lib/security/
2.3.2设置vsftpd的PAM验证文件
备份后打开原来VSFTP的pam验证文件/etc/pam.d/vsftpd.vu,更改为内容:
#cp /etc/pam.d/vsftp.{vu,vu.bak}
#vi /etc/pam.d/vsftp.vu
auth required /lib/security/pam_mysql.so user=virtual_user passwd=1qa@WS host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=2
account required /lib/security/pam_mysql.so user=virtual_user passwd=1qa@WS host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=2
(注:crypt=0,口令以明文方式(不加密)保存在数据库中;crypt=1,口令使用UNIX系统的DES加密方式加密后保存在数据库中;crypt=2,口令经过MySQL的password()函数加密后保存)
至此,调整过程完毕,重启vsftp后生效
2.4用户管理脚本列出所有用户,并使ftp用户的增加/删除及密码的修改更为方便,脚本位于/etc/vsftpd目录下,名为ftp_user_management.sh。如下:
#!/bin/bash
export PATH=$PATH:/usr/local/mysql/bin
list_user(){
echo ""
mysql -e "SELECT name FROM vsftp.users"
echo ""
}
add_user(){
echo ""
echo -n "User name:"
read u_name
if [ -z "$u_name" ];then
echo "No username supplied"
return
echo ""
else
echo -n "Password:"
read passwd
if [ -z "$passwd" ];then
echo ""
echo "No password supplied"
return
else
mysql -e "INSERT INTO vsftp.users (name,passwd) values (\"$u_name\",password(\"$passwd\"))"
echo ""
echo "User \"$u_name\" already added."
echo ""
fi
fi
}
del_user(){
echo ""
echo -n "User name:"
read u_name
if [ -z "$u_name" ];then
echo "No username supplied"
return
echo ""
else
mysql -e "DELETE FROM vsftp.users WHERE NAME=\"$u_name\""
echo ""
echo "User \"$u_name\" already deleted"
echo ""
fi
}
update(){
echo ""
echo -n "User name:"
read u_name
if [ -z "$u_name" ];then
echo "No username supplied"
return
echo ""
else
echo "Changing password for user \"$u_name\""
echo -n "New password:"
read passwd
if [ -z "$passwd" ];then
echo ""
echo "No password supplied"
return
else
mysql -e "UPDATE vsftp.users SET passwd=password(\"$passwd\") WHERE name=\"$u_name\""
echo ""
echo "$u_name's password updated successfully."
echo ""
fi
fi
}
while :
do
cat << EOF
(1)User list
(2)Add user
(3)Del use
(4)Change password
(5)Exit
EOF
read -p " Enter the selection:" NUM
echo ""
case $NUM in
1) list_user
;;
2) add_user
;;
3) del_user
;;
4) update
;;
5) break
;;
*) echo "usage:Please select 1~5."
esac
