Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1761660
  • 博文数量: 234
  • 博客积分: 4966
  • 博客等级: 上校
  • 技术积分: 3322
  • 用 户 组: 普通用户
  • 注册时间: 2006-11-13 01:03
文章分类

全部博文(234)

文章存档

2017年(2)

2016年(1)

2015年(8)

2014年(11)

2013年(44)

2012年(27)

2011年(22)

2010年(30)

2009年(37)

2008年(6)

2007年(45)

2006年(1)

分类: LINUX

2009-01-14 17:33:22

系统环境:
RedHat AS 5.1
mysql-5.0.22-2.1.0.1
pam_mysql-0.7RC1
vsftpd-2.0.5-10.el5

安装:
其中mysql及vsftpd直接用yum install mysql* vsftpd*即可!
另外pam_mysql-0.7RC1.tar.gz,
下载地址:


[root@mail ~]# cp pam_mysql-0.7RC1.tar.gz /tmp/
[root@mail ~]# cd /tmp/
[root@mail tmp]# tar -zxvf pam_mysql-0.7RC1.tar.gz
[root@mail tmp]# cd pam_mysql-0.7RC1
[root@mail pam_mysql-0.7RC1]# ./configure ;make;make install
安装完成之后,其中pam_mysql.la及pam_mysql.so两个文件默认是安装在/usr/lib/security/中,但RHEL5系统中共享库文件默认是存在/lib/security/文件夹中,可将/usr/lib/security/中两文件复制或链接到此处(或者在下面的vsftpd的pam配置文件中写明pam_mysql的路径也是可以的)

配置:

useradd -s /sbin/nologin vsftpd

setsebool -P allow_ftpd_anon_write=1 allow_ftpd_full_access=1 ftp_home_dir=1 ftpd_disable_trans=1 ftpd_is_daemon=1

1.vsftpd
  由于是测试,所以我直接复制vsftpd.conf文件成为vsftpd.mysql.conf,修改vsftpd.mysql.conf文件

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd.mysqld
userlist_enable=YES
tcp_wrappers=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
listen_port=2121
guest_enable=YES
guest_username=vsftpd
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30999
anon_world_readable_only=NO
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf

**************************************************************
设置每个用户单独的目录:
增加 user_config_dir=/etc/vsftpd_user_conf 到/etc/vsftp.mysql.conf

创建
/etc/vsftpd/vsftpd_user_conf目录 :
如需给用户设置单独的权限,在/etc/vsftpd/vsftpd_user 建立以用户命名的文件,如tom,
然后 vi /etc/vsftpd/vsftpd_user/tom,将下面代码复制进去
local_root=/home/vsftpd/tom
anon_world_readable_only=NO
write_enable=YES
anon_upload_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES
virtual_use_local_privs=YES
chmod_enable=YES
file_open_mode=0775

然后到 /home/vsftpd/下创建一个tom目录:
mkdir /home/vsftpd/tom
chown -R vsftp.vsftpd /home/vsftpd
chmod -R 700 /home/vsftpd

2.mysql
创建vsftpd数据库,且新增vsftpd帐户,密码为123456
mysql> CREATE USER 'vsftpd'@'localhost' IDENTIFIED BY '123456';
GRANT USAGE ON * . * TO 'vsftpd'@'localhost' IDENTIFIED BY '123456' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE DATABASE IF NOT EXISTS `vsftpd` ;
GRANT ALL PRIVILEGES ON `vsftpd` . * TO 'vsftpd'@'localhost';
GRANT ALL PRIVILEGES ON `vsftpd` . * TO 'vsftpd'@'localhost' WITH GRANT OPTION ;


mysql> use vsftpd;
mysql> create table users (id int AUTO_INCREMENT NOT NULL,name char(16) binary NOT NULL,passwd char(48) binary NOT NULL,primary key(id));
mysql> describe users;
+--------+----------+------+-----+---------+----------------+
| Field  | Type     | Null | Key | Default | Extra          |
+--------+----------+------+-----+---------+----------------+
| id     | int(11)  | NO   | PRI | NULL    | auto_increment |
| name   | char(16) | NO   |     | NULL    |                |
| passwd | char(48) | NO   |     | NULL    |                |
+--------+----------+------+-----+---------+----------------+
3 rows in set (0.00 sec)

mysql> create table logs (msg varchar(255),user char(16),pid int,host char(32),rhost char(32),logtime timestamp);

mysql> describe logs;
+---------+--------------+------+-----+-------------------+-------+
| Field   | Type         | Null | Key | Default           | Extra |
+---------+--------------+------+-----+-------------------+-------+
| msg     | varchar(255) | YES  |     | NULL              |       |
| user    | char(16)     | YES  |     | NULL              |       |
| pid     | int(11)      | YES  |     | NULL              |       |
| host    | char(32)     | YES  |     | NULL              |       |
| rhost   | char(32)     | YES  |     | NULL              |       |
| logtime | timestamp    | YES  |     | CURRENT_TIMESTAMP |       |
+---------+--------------+------+-----+-------------------+-------+
6 rows in set (0.00 sec)

这里,用户密码这个字段的长度是48。这是根据MySQL加密函数的返回值的长度确定的。关于PASSWORD函数返回值的长度,可以参考这个:

http://dev.mysql.com/doc/refman/4.1/en/password-hashing.html

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
因为mysql5.0版本中password函数默认返回长度为16,需要将/etc/my.cnf中的old_passwords的值设置为0
[root@mail vsftpd]# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Default to using old password format for compatibility with mysql 3.x
# clients (those using the mysqlclient10 compatibility package).
#old_passwords=1
old_passwords=0

[mysql.server]
user=mysql
basedir=/var/lib

[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

记得重新启动mysql服务呀。。。
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

mysql> select encrypt('foo');
+----------------+
| encrypt('foo') |
+----------------+
| xxY8K1xpBNqPg  |
+----------------+
1 row in set (0.01 sec)

mysql> select password('foo');
+-------------------------------------------+
| password('foo')                           |
+-------------------------------------------+
| *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
+-------------------------------------------+
1 row in set (0.00 sec)

mysql> select md5('foo');
+----------------------------------+
| md5('foo')                       |
+----------------------------------+
| acbd18db4cc2f85cedef654fccc4a4d8 |
+----------------------------------+
1 row in set (0.01 sec)

插入用户信息:
mysql> insert into users (name,passwd) values('tom',password('foo'));
mysql> insert into users (name,passwd) values('jerry',password('bar'));
mysql> select * from users;
+----+-------+-------------------------------------------+
| id | name  | passwd                                    |
+----+-------+-------------------------------------------+
|  1 | tom   | *F3A2A51A9B0F2BE2468926B4132313728C250DBF |
|  2 | jerry | *E8D46CE25265E545D225A8A6F1BAF642FEBEE5CB |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)

接下来配置pam配置文件
cd /etc/pam.d/
cp vsftpd vsftpd.mysqld
vim vsftpd.mysqld

auth required /lib/security/pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=2 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1
account required /lib/security/pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=2 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
注意:
   注意这里pam_mysql.so的路径是/lib/security;指定了sqllog;加密方式是2,也就是用MySQL PASSWORD()函数;verbose=1,设置这个可以帮助调试,日志信息输出在/var/log/secure里。

crypt 参数。crypt表示口令字段中口令的加密方式:crypt=0,口令以明文方式(不加密)保存在数据库中;crypt=1,口令使用UNIX系统的 DES加密方式加密后保存在数据库中;crypt=2,口令经过MySQL的password()函数加密后保存;
crypt=3,口令使用16进制数制MD5加密后保存;crypt=4,口令使用16进制数制SHA1加密后保存。
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

这是配置文件1,也可按配置文件2方式配置(任选一种即可)
auth required /usr/lib/security/pam_mysql.so config_file=/etc/vsftpd/pam_mysql
account required /usr/lib/security/pam_mysql.so config_file=/etc/vsftpd/pam_mysql
然后在/etc/vsftpd目录中新增pam_mysql文件,在此文件中新增以下内容
users.host=localhost
users.database=vsftpd
users.db_user=vsftpd
users.db_passwd=123456
users.table=users
users.user_column=name
users.password_column=passwd
users.password_crypt=2
verbose=1
log.enabled=1
log.table=logs
log.message_column=msg
log.pid_column=pid
log.user_column=user
log.host_column=host
log.rhost_column=rhost
log.time_column=logtime

重启动vsftpd服务,测试
[root@mail vsftpd]# ftp localhost 2121
Connected to mail.brinkman.com.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): tom
331 Please specify the password.
Password: foo
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"




阅读(2109) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~