Chinaunix首页 | 论坛 | 博客
  • 博客访问: 311481
  • 博文数量: 106
  • 博客积分: 1948
  • 博客等级: 上尉
  • 技术积分: 947
  • 用 户 组: 普通用户
  • 注册时间: 2010-11-27 00:11
文章分类

全部博文(106)

文章存档

2014年(1)

2013年(14)

2012年(61)

2011年(30)

分类: LINUX

2012-02-17 11:40:28

系统环境CentOS6.2 64位 vsftpd mysql都是系统自动装好的,估计是yum方式装的

前提:vsftpd用mysql验证需要pam_mysql.so模块,下源码安装
wget
安装成功后可能在这个位置
/lib/security/pam_mysql.la
/lib/security/pam_mysql.so

我是64位系统,看到的所有pam模块都在
/lib64/security/
所以做成了硬链接
ln /lib/security/pam_mysql.* /lib64/security/


vsftpd:
配置文件路径/etc/vsftpd/vsftpd.conf
  1. 我的配置如下:
  2. # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
  3. # 是否允许匿名登录
  4. anonymous_enable=NO
  5. #
  6. # Uncomment this to allow local users to log in.
  7. # 是否允许本地用户登录,虚拟用户开启
  8. local_enable=YES
  9. # 是否所有用户都当成匿名登录,虚拟用户开启
  10. guest_enable=YES
  11. # 上传文件的用户属性
  12. guest_username=apache
  13. #不知道这是什么意思
  14. #hide_ids=YES
  15. #
  16. # Uncomment this to enable any form of FTP write command.
  17. # 写权限,放在用户配置里了
  18. #write_enable=YES
  19. #
  20. # Default umask for local users is 077. You may wish to change this to 022,
  21. # if your users expect that (022 is used by most other ftpd's)
  22. local_umask=022
  23. #
  24. # Uncomment this to allow the anonymous FTP user to upload files. This only
  25. # has an effect if the above global write enable is activated. Also, you will
  26. # obviously need to create a directory writable by the FTP user.
  27. #anon_upload_enable=YES
  28. #
  29. # Uncomment this if you want the anonymous FTP user to be able to create
  30. # new directories.
  31. #anon_mkdir_write_enable=YES
  32. #
  33. # Activate directory messages - messages given to remote users when they
  34. # go into a certain directory.
  35. #可以给目录定义欢迎信息/.message
  36. dirmessage_enable=YES
  37. #
  38. # Activate logging of uploads/downloads.
  39. xferlog_enable=YES
  40. #
  41. # Make sure PORT transfer connections originate from port 20 (ftp-data).
  42. connect_from_port_20=YES
  43. #
  44. # If you want, you can arrange for uploaded anonymous files to be owned by
  45. # a different user. Note! Using "root" for uploaded files is not
  46. # recommended!
  47. #chown_uploads=YES
  48. #chown_username=whoever
  49. #
  50. # You may override where the log file goes if you like. The default is shown
  51. # below.
  52. xferlog_file=/var/log/vsftpd.log
  53. #
  54. # If you want, you can have your log file in standard ftpd xferlog format.
  55. # Note that the default log file location is /var/log/xferlog in this case.
  56. xferlog_std_format=YES
  57. #
  58. # You may change the default value for timing out an idle session.
  59. idle_session_timeout=300
  60. #
  61. # You may change the default value for timing out a data connection.
  62. data_connection_timeout=120
  63. #
  64. # It is recommended that you define on your system a unique user which the
  65. # ftp server can use as a totally isolated and unprivileged user.
  66. #nopriv_user=ftpsecure
  67. #
  68. # Enable this and the server will recognise asynchronous ABOR requests. Not
  69. # recommended for security (the code is non-trivial). Not enabling it,
  70. # however, may confuse older FTP clients.
  71. #async_abor_enable=YES
  72. #
  73. # By default the server will pretend to allow ASCII mode but in fact ignore
  74. # the request. Turn on the below options to have the server actually do ASCII
  75. # mangling on files when in ASCII mode.
  76. # Beware that on some FTP servers, ASCII support allows a denial of service
  77. # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
  78. # predicted this attack and has always been safe, reporting the size of the
  79. # raw file.
  80. # ASCII mangling is a horrible feature of the protocol.
  81. #ascii_upload_enable=YES
  82. #ascii_download_enable=YES
  83. #
  84. # You may fully customise the login banner string:
  85. ftpd_banner=********** Welcome to tbq FTP service. **********
  86. #
  87. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
  88. # useful for combatting certain DoS attacks.
  89. #deny_email_enable=YES
  90. # (default follows)
  91. #banned_email_file=/etc/vsftpd/banned_emails
  92. #
  93. # You may specify an explicit list of local users to chroot() to their home
  94. # directory. If chroot_local_user is YES, then this list becomes a list of
  95. # users to NOT chroot().
  96. # 限制用户在本地目录
  97. chroot_local_user=YES
  98. #chroot_list_enable=YES
  99. # (default follows)
  100. #chroot_list_file=/etc/vsftpd/chroot_list
  101. #
  102. # You may activate the "-R" option to the builtin ls. This is disabled by
  103. # default to avoid remote users being able to cause excessive I/O on large
  104. # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
  105. # the presence of the "-R" option, so there is a strong case for enabling it.
  106. #ls_recurse_enable=YES
  107. #
  108. # When "listen" directive is enabled, vsftpd runs in standalone mode and
  109. # listens on IPv4 sockets. This directive cannot be used in conjunction
  110. # with the listen_ipv6 directive.
  111. listen=YES
  112. #
  113. # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
  114. # sockets, you must run two copies of vsftpd with two configuration files.
  115. # Make sure, that one of the listen options is commented !!
  116. #listen_ipv6=YES
  117. #pam验证文件名/etc/pam.d/vsftpd
  118. pam_service_name=vsftpd
  119. userlist_enable=YES
  120. tcp_wrappers=YES
  121. #本地最大速度500k
  122. #local_max_rate=500000
  123. #匿名用户速度30k
  124. #anon_max_rate=30000
  125. #客户端最大连接数
  126. max_clients=5
  127. #每个ip最大连接数(这个如果设置成1上传下载都会失败,不知道为啥)
  128. max_per_ip=5
  129. #用户配置
  130. user_config_dir=/etc/vsftpd/user_conf

接下来看一下虚拟用户的配置文件:路径在上面定义了
/etc/vsftpd/user_conf/虚拟用户同名文件
比如/etc/vsftpd/user_conf/tbq
  1. #user root path
  2. local_root=/tmp
  3. #必须设置否则不可以进行任何写入修改操作
  4. write_enable=YES
  5. #允许下载,不设置的时候文件权属a+r才能被下载
  6. anon_world_readable_only=NO
  7. #允许创建目录
  8. anon_mkdir_write_enable=YES
  9. #允许删除,重命名
  10. anon_other_write_enable=YES
  11. #上传
  12. anon_upload_enable=YES
  13. #虚拟用户与本地用户相同的权限(修改文件属性必备)
  14. virtual_use_local_privs=YES
  15. #允许修改文件属性
  16. chmod_enable=YES


接下来mysql部分:
create database vsftpd;
  1. -- Table "accounts" DDL

  2. CREATE TABLE `accounts` (
  3.   `username` varchar(30) NOT NULL,
  4.   `password` varchar(50) NOT NULL,
  5.   PRIMARY KEY (`username`)
  6. ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
插入测试用户:
  1. insert into accounts(username,password) values('tbq',password('123456'));
  2. insert into accounts(username,password) values('tbq1',md5('123456'));
  3. insert into accounts(username,password) values('tbq2','123456');
备注:这里插入三种不同的密码原因是pam验证模块的几种方式

配置vsftpd成pam_mysql验证:
/etc/pam.d/vsftpd
  1. auth required pam_mysql.so user=root passwd=123456    host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=2
  2. account required pam_mysql.so user=root passwd=123456    host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=password crypt=2
  3. #crypt的加密方式0明文,1unix加密,2表示password()函数加密,3表示md5加密
其中我用0、2都成功了3不成功1不明白

user=mysql用户名
passwd=myqsl密码
host=mysql连接主机
db=数据库
table=表
usercolumn=用户名字段
passwdcolumn=密码字段
crypt=验证方式


更具体的vsftpd.conf配置,请自己baidu把


感谢
pam验证来源参考:
基本配置来源参考:
其他参考:

阅读(2601) | 评论(0) | 转发(0) |
0

上一篇:【转】rsync深入研究

下一篇:http状态码

给主人留下些什么吧!~~