|
1、通过YUM安装必需的vsftpd, pam, pam-devel; 2、通过编译安装必需的pam_mysql(下面附件里); 3、修改默认vsftpd配置文件 (/etc/vsftpd/vsftpd.conf)以及添加ftp用户的权限配置文件(/etc/vsftpd/vconf/); 4、添加虚拟系统用户,及其ftp用户登录认证数据库; 5、修改vsftpd默认的pam配置文件 (/etc/pam.d/vsftpd); 6、添加ftp端口到防火墙,重启vsftpd服务,测试ftp虚拟用户登录。 1) [simonsun@magic ~]$ sudo yum install vsftpd pam pam-devel 目前的版本为 vsftpd - 2.0.5-12.el5, pam - 0.99.6.2-3.27.el5, pam-devel - 0.99.6.2-3.27.el5。 2) [simonsun@magic ~]$ wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz [simonsun@magic ~]$ tar zxvf pam_mysql-0.7RC1.tar.gz [simonsun@magic ~]$ ls pam_mysql-0.7RC1 acinclude.m4 config.guess configure CREDITS ltmain.sh missing pam_mysql.c pkg.m4 aclocal.m4 config.h.in configure.in INSTALL Makefile.am mkinstalldirs pam_mysql.spec README ChangeLog config.sub COPYING install-sh Makefile.in NEWS pam_mysql.spec.in stamp-h.in [simonsun@magic ~]$ vim pam_mysql-0.7RC1/configure #修改configure中的一个bug,将下面的一段修改,加上#include <md5global.h>,原来没有此引用。 ================================= #include <md5global.h> #include <md5.h> int main () { md5_calc(0, 0, 0); ; return 0; } ================================= [simonsun@magic ~]$ cd pam_mysql-0.7RC1 [simonsun@magic pam_mysql-0.7RC1]$ ./configure [simonsun@magic pam_mysql-0.7RC1]$ make [simonsun@magic pam_mysql-0.7RC1]$ sudo make install [simonsun@magic pam_mysql-0.7RC1]$ sudo cp /usr/lib/security/pam_mysql.* /lib/security/ 3) [simonsun@magic ~]$ sudo vim /etc/vsftpd/vsftpd.conf ====================================== anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 #anon_upload_enable=YES #anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES #chown_uploads=YES #chown_username=whoever xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES #idle_session_timeout=600 #data_connection_timeout=120 #nopriv_user=ftpsecure #async_abor_enable=YES #ascii_upload_enable=YES #ascii_download_enable=YES ftpd_banner=Welcome to Magic Linux FTP service. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list #ls_recurse_enable=YES listen=YES listen_port=21 #listen_ipv6=YES #下面是添加的: guest_enable=YES guest_username=vvsftpd #虚拟系统用户,在步骤4)中添加该用户到系统用户中。 user_config_dir=/etc/vsftpd/vconf/ #登录ftp的虚拟用户的权限配置文件。 pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES ====================================== [simonsun@magic ~]$ sudo mkdir /etc/vsftpd/vconf/ [simonsun@magic ~]$ sudo vim /etc/vsftpd/vconf/myftp ====================================== write_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_world_readable_only=NO ====================================== 4) [simonsun@magic ~]$ sudo /usr/sbin/useradd -d /home/vvsftpd -s /sbin/nologin vvsftpd [simonsun@magic ~]$ mysql -u root -p #执行如下语句,为虚拟系统用户vvsftpd创建虚拟用户(如myftp)登录ftp时的认证数据库vsftpd ====================================== create database vsftpd; use vsftpd; create table user(name char(20) binary,passwd char(20) binary); insert into user values ('myftp',ENCRYPT('ptfym')); grant select on vsftpd.user to vvsftpd@localhost identified by 'PaSsWoRd'; flush privileges; ====================================== 5) [simonsun@magic ~]$ sudo vim /etc/pam.d/vsftpd 修改成如下 ====================================== #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers nerr=succeed #auth required pam_shells.so auth required /lib/security/pam_mysql.so user=vvsftpd passwd=PaSsWoRd host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=passwd crypt=1 account required /lib/security/pam_mysql.so user=vvsftpd passwd=PaSsWoRd host=localhost db=vsftpd table=user usercolumn=name passwdcolumn=passwd crypt=1 #auth include system-auth #account include system-auth session include system-auth session required pam_loginuid.so ====================================== 6) [simonsun@magic ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 20 -j ACCEPT [simonsun@magic ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT [simonsun@magic ~]$ sudo /etc/rc.d/init.d/iptables save [simonsun@magic ~]$ sudo /etc/rc.d/init.d/iptables restart 清除防火墙规则: [确定] 把 chains 设置为 ACCEPT 策略:filter nat [确定] 正在卸载 Iiptables 模块: [确定] 应用 iptables 防火墙规则: [确定] 载入额外 iptables 模块:ip_conntrack_netbios_ns [确定] [simonsun@magic ~]$ sudo /etc/rc.d/init.d/vsftpd restart 关闭 vsftpd: [确定] 为 vsftpd 启动 vsftpd: [确定] [simonsun@magic ~]$ ftp shellfisher.3322.org Connected to shellfisher.3322.org. 220 Welcome to Magic Linux FTP service. 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (shellfisher.3322.org:simonsun): myftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (221,215,250,110,86,88) 150 Here comes the directory listing. 226 Directory send OK. ftp> mkdir testftp 257 "/testftp" created ftp> ls 227 Entering Passive Mode (221,215,250,110,43,155) 150 Here comes the directory listing. drwx------ 2 507 509 4096 Mar 24 08:32 testftp 226 Directory send OK. ftp> quit 221 Goodbye. ====================================== 参考链接: http://blog.chinaunix.net/u/27493/showart_418571.html http://wiki.centos.org/HowTos/Chroot_Vsftpd_with_non-system_users (责任编辑:IT) |