[CentOS] CentOS for vsftpd with MySQL Virtual user
從ubuntu
12.04的安裝手法拿到CentOS來真的有些很大的不同
絕大部分的語法、概念都是差不多的,只是指令上有些差別,跟ubuntu
有不一樣的地方特別拿出來另外說明
要讓vsftpd與mysql溝通一定要有一個介值,mysql的插件是一定要裝的
在ubuntu
12.04需要 libpam-ldap
CentOS 6.3 需要
pam_mysql
vsftpd主配置檔
/etc/pam.d/vsftpd
crypt=0:
明文密碼
crypt=1:
使用crpyt()函數(對應SQL資料表的encrypt(),encrypt()隨機產生salt)
crypt=2:
使用MySQL中的password()函數加密
crypt=3:表示使用md5函數加密
使用系統與套件
system:CentOS
6.3
software:MySQL 5.1、vsftpd
2.2
一、安裝軟體
1)使用這兩個software就一定要安裝他們
# yum install vsftpd mysql-server
2)啟用mysqld後,會提式第一次使用mysql一定要執行
mysqladmin 設定密碼
# /etc/init.d/mysqld
start
# mysqladmin -u root password ‘you root sql
password‘
二、設定vsftpd
1)建立與mysql橋接的guest
user,這個帳號只用於跟mysql溝通
# useradd -G users -s /sbin/nologin
-d /home/vsftpd
vsftpd
2)備份vsftpd.conf避免設定失敗
# cp -v /etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd.conf-orig
3)清空設定檔
#
cat /dev/null >
/etc/vsftpd/vsftpd.conf
4)編輯設定檔
#vi
/etc/vsftpd/vsftpd.conf
5) 內容
#
No ANONYMOUS users allowed
anonymous_enable=NO
#
Allow ‘local‘ users with WRITE permissions
(0755)
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
#
if you want to LOG vsftpd activity then uncomment this
log_ftp_protocol
#
log_ftp_protocol=YES
connect_from_port_20=YES
#
uncomment xferlog_file and xferlog_std_format if you DIDN‘T use the line
above
# with log_ftp_protocol - it must be excluding each
other
# The name of log file when xferlog_enable=YES and
xferlog_std_format=YES
# WARNING - changing this filename
affects
/etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
#
xferlog_std_format Switches between logging into vsftpd_log_file and
xferlog_file files.
# NO writes to vsftpd_log_file, YES to
xferlog_file
#
xferlog_std_format=YES
#
# You
may change the default value for timing out an idle session (in
seconds).
#idle_session_timeout=600
#
#
You may change the default value for timing out a data connection (in
seconds).
#data_connection_timeout=120
#
#
define a unique user on your system which the
# ftp server can
use as a totally isolated and unprivileged
user.
nopriv_user=vsftpd
chroot_local_user=YES
listen=YES
#
here we use the authentication module for vsftpd to check users name and
passw
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
#
If userlist_deny=YES (default), never allow users in this file
#
/etc/vsftpd/user_list , and do not even prompt for a password.
#
Note that the default vsftpd pam config also checks
/etc/vsftpd/ftpusers
# for users that are
denied.
userlist_deny=yes
#
here the vsftpd will allow the ‘vsftpd‘ user to login into ‘/home/vsftpd/$USER
directory
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
force_local_data_ssl=NO
force_local_logins_ssl=NO
#
PASV - passive ports for FTP (range 44000 - 44100 ; 100 PASV ports, OPEN
FIREWALL FOR ALLOWING
CONNECTIONS
pasv_enable=YES
pasv_min_port=44000
pasv_max_port=44100
6)建立vsftpd的virtual
user的個人設定檔目錄
# mkdir
/etc/vsftpd/vsftpd_user_conf
7)編輯個人設定檔
# vi
/etc/vsftpd/vsftpd_user_conf/user1
8)編輯內容
dirlist_enable=YES
download_enable=YES
#
full path to the directory where ‘user1‘ will have access, change to your
needs
local_root=/home/vsftpd/user1
write_enable=YES
11)備份於pam.d下的vsftpf設定檔
# cp /etc/pam.d/vsftpd
/etc/pam.d/vsftpd-orig
12)清空設定檔
# echo >
/etc/pam.d/vsftpd
13)編輯設定檔,寫入內容
#
vi /etc/pam.d/vsftpd
內容
#%PAM-1.0
session
optional pam_keyinit.so force
revoke
auth required pam_mysql.so user=vsftpd
passwd=vsftpdpasswd host=localhost db=vsftpd table=accounts usercolumn=username
passwdcolumn=pass crypt=3
account required pam_mysql.so
user=vsftpd passwd=vsftpdpasswd host=localhost db=vsftpd table=accounts
usercolumn=username passwdcolumn=pass
crypt=3
三、建立管理虛擬使用者db與table
1)設定資料庫名稱,這裡設定是vsftpd
mysql> CREATE DATABASE
vsftpd;
2)設定"使用者"與"密碼"能夠管理"vsftpd"這個資料庫,在本機端
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO
‘username‘@‘localhost‘ IDENTIFIED BY
‘password‘;
3)更新資料庫資料
mysql> FLUSH PRIVILEGES;
4)建立資料表各欄位
mysql> USE vsftpd;
mysql> CREATE
TABLE `accounts` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY
,
`username` VARCHAR( 30 ) NOT NULL ,
`pass`
VARCHAR( 50 ) NOT NULL ,
UNIQUE ( `username` )
)
ENGINE = MYISAM ;
5)建立virtual
user 與 password
mysql> INSERT INTO accounts (username,
pass) VALUES(‘user1‘, md5(‘123456‘));
mysql> INSERT
INTO accounts (username, pass) VALUES(‘testu‘,
PASSWORD(‘secret@123‘));
6)查看目前的user
mysql> select * from accounts;
7)建立virtual
user 需要的目錄
# mkdir
/home/vsftpd/user1
# chown vsftpd:users
/home/vsftpd/user1
四、安裝插件
1)安裝與mysql連接的檔案
http://pkgs.org/centos-6-rhel-6/epel-x86_64/pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm.html
# wget
http://dl.fedoraproject.org/pub/epel/6/x86_64/pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm
用rpm安裝,U參數是沒安裝過的software直接安裝,有裝過舊版的自動更新為新版
# rpm -Uvh
pam_mysql-0.7-0.12.rc1.el6.x86_64.rpm
一般安裝於/lib/security/
這目錄下,如果是x64就會在 /lib64/serurity/
下
2)安裝mysql需要插件
#
yum install
mysql-devel
重啟服務
service mysqld
vsftpd restart
http://rewriterdark.blogspot.tw/2013/01/centos-for-vsftpd-with-mysql-virtual.html
[CentOS] CentOS for vsftpd with MySQL Virtual user,布布扣,bubuko.com