Chinaunix首页 | 论坛 | 博客
  • 博客访问: 637301
  • 博文数量: 244
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 130
  • 用 户 组: 普通用户
  • 注册时间: 2016-06-27 09:53
个人简介

记录学习,记录成长

文章分类

全部博文(244)

我的朋友

分类: LINUX

2015-09-10 21:58:20

1.  安装mysql(最好安装开发环境组)和pam_mysql
[root@www ~]# yum install mysql-devel.i686 mysql-server.i686
[root@www ~]# tar xf pam_mysql-0.7RC1.tar.gz 
[root@www ~]# cd pam_mysql-0.7RC1
[root@www pam_mysql-0.7RC1]# ./configure --with-mysq --with-openssl
[root@www pam_mysql-0.7RC1]# make 
[root@www pam_mysql-0.7RC1]# make install
[root@www pam_mysql-0.7RC1]# ll /usr/lib/security/ | grep mysql
-rwxr-xr-x 1 root root    873 Sep 10 01:23 pam_mysql.la
-rwxr-xr-x 1 root root 106671 Sep 10 01:23 pam_mysql.so
2.  创建虚拟和帐号
2.1  创建相关数据库和相关表
[root@www ~]# mysql
创建数据库:
mysql> create database vsftpd;
Query OK, 1 row affected (0.01 sec)
mysql> use vsftpd
Database changed
mysql> create table user (
    -> id int auto_increment not null,
    -> name char(20) binary not null,
    -> passwd char(48) binary not null,
    -> primary key(id))
    -> ;
Query OK, 0 rows affected (0.07 sec)
对这些表为vsftpd用户赋予权限:
mysql> grant select on vsftpd.* to vsftpd@localhost identified by 'vsftpd';
Query OK, 0 rows affected (0.01 sec)
mysql> grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'vsftpd';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
添加测试所用的虚拟用户:
mysql> insert into user (name,passwd) value ('tom',password('redhat')),('jerry',password('redhat'));
Query OK, 2 rows affected (0.01 sec)
Records: 2  Duplicates: 0  Warnings: 0
测试vsftpd用户能否连接数据库:
[root@www ~]# mysql -u vsftpd -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> 
3.  创建pam认证需要的文件:
[root@www ~]# vim /etc/pam.d/vsftpd.mysql
auth required /usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=passwd crypt=2
account required /usr/lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=passwd crypt=2
4.  创建虚拟用户映射的系统用户和对应目录
[root@www ~]# useradd -s /sbin/nologin -d /var/virtualftp vuser
[root@www ~]# ll /var | grep virtualftp
drwx------   4 vuser vuser 4096 Sep 10 05:20 virtualftp
[root@www ~]# chmod g+rx /var/virtualftp/
[root@www ~]# chmod o+rx /var/virtualftp/
[root@www ~]# ll /var | grep virtualftp
drwxr-xr-x   4 vuser vuser 4096 Sep 10 05:20 virtualftp
5.  编辑vsftpd.conf文件添加:
guest_enable=YES #启用虚拟用户访问
guest_username=vuser #虚拟用户映射为系统用户vuser
修改
pam_service_name=vsftpd为pam_service_name=vsftpd.mysql
启用:
anonymous_enable=YES
local_enable=YES(可以测试系统用户vuser能否登录)
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
6.  重启服务测试:
[root@www ~]# service vsftpd restart
Shutting down vsftpd: [  OK  ]
Starting vsftpd for vsftpd: [  OK  ]
[root@www ~]# service mysqld restart
Stopping mysqld:  [  OK  ]
Starting mysqld:  [  OK  ]
[root@www ~]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put yum.conf 
local: yum.conf remote: yum.conf
227 Entering Passive Mode (192,168,85,128,79,62).
150 Ok to send data.
226 Transfer complete.
969 bytes sent in 0.00163 secs (594.48 Kbytes/sec)
[root@www ~]# cp install.log /var/virtualftp/(验证下载功能)
ftp> lcd /tmp/
Local directory now /tmp
ftp> get install.log
local: install.log remote: install.log
227 Entering Passive Mode (192,168,85,128,162,62).
150 Opening BINARY mode data connection for install.log (39935 bytes).
226 Transfer complete.
39935 bytes received in 0.0514 secs (777.66 Kbytes/sec)
[root@www virtualftp]# pwd
/var/virtualftp
[root@www virtualftp]# ll
-rw-r--r-- 1 root  root  39935 Sep 10 06:00 install.log
-rw------- 1 vuser vuser   969 Sep 10 05:55 yum.conf
7.  配置不同的虚拟用户具有不同的权限
用户tom只能下载
用户jerry能上传下载创建和删除
7.1  编辑vsftpd.conf文件添加:
user_config_dir=/etc/vsftpd/virtual.users
7.2  创建对应目录并且为每个虚拟用户创建对应的权限文件(必须与用户名相同)
[root@www ~]# mkdir /etc/vsftpd/virtual.users
[root@www ~]# cd /etc/vsftpd/virtual.users/
[root@www virtual.users]# touch tom
[root@www virtual.users]# touch jerry
7.3  编辑用户的权限文件
[root@www virtual.users]# vim tom 
anon_upload_enable=NO
[root@www virtual.users]# vim jerry 
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
7.4  重启服务测试:
[root@www virtual.users]# service vsftpd restart
Shutting down vsftpd: [  OK  ]
Starting vsftpd for vsftpd: [  OK  ]
tom用户只能下载不能上传:
[root@www ~]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put inittab
local: inittab remote: inittab
227 Entering Passive Mode (192,168,85,128,168,179).
550 Permission denied.
ftp> ls
227 Entering Passive Mode (192,168,85,128,155,153).
150 Here comes the directory listing.
-rw-r--r--    1 0        0           39935 Sep 10 13:00 install.log
-rw-------    1 502      502           969 Sep 10 12:55 yum.conf
226 Directory send OK.
ftp> get install.log
local: install.log remote: install.log
227 Entering Passive Mode (192,168,85,128,129,215).
150 Opening BINARY mode data connection for install.log (39935 bytes).
226 Transfer complete.
39935 bytes received in 0.00464 secs (8604.83 Kbytes/sec)
jerry用户可以上传下载创建删除:
[root@www ~]# ftp 192.168.85.128
Connected to 192.168.85.128 (192.168.85.128).
220 Welcome to the FTP service!!!
Name (192.168.85.128:root): jerry
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put inittab
local: inittab remote: inittab
227 Entering Passive Mode (192,168,85,128,222,55).
150 Ok to send data.
226 Transfer complete.
884 bytes sent in 0.0264 secs (33.52 Kbytes/sec)
ftp> ls
227 Entering Passive Mode (192,168,85,128,117,8).
150 Here comes the directory listing.
-rw-------    1 502      502           884 Sep 10 13:44 inittab
-rw-r--r--    1 0        0           39935 Sep 10 13:00 install.log
-rw-------    1 502      502           969 Sep 10 12:55 yum.conf
226 Directory send OK.
ftp> get install.log 
local: install.log remote: install.log
227 Entering Passive Mode (192,168,85,128,106,143).
150 Opening BINARY mode data connection for install.log (39935 bytes).
226 Transfer complete.
39935 bytes received in 0.00325 secs (12276.36 Kbytes/sec)
ftp> mkdir test
257 "/test" created
ftp> delete inittab 
250 Delete operation successful.
阅读(695) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~