Loading... <h1 id="vsftpd使用mysql存储虚拟用户进行认证" style="font-size: 2.6em;margin: 1.2em 0px 0.6em;font-family: inherit;line-height: 1.1;color: inherit">VSftpd使用MySQL存储虚拟用户进行认证</h1> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"></p> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"></p> <ul class=" list-paddingleft-2"> <li> <p>VSftpd使用MySQL存储虚拟用户进行认证</p> </li> <ul class=" list-paddingleft-2"> <li> <p>前言</p> </li> <li> <p>实验拓扑</p> </li> <li> <p>实验环境</p> </li> <li> <p>实验步骤</p> </li> <ul class=" list-paddingleft-2"> <li> <p>安装vsftpd并测试</p> </li> <li> <p>安装MySQL并创建对应用户和表</p> </li> <li> <p>配置vsftpd基于MySQL表的虚拟用户</p> </li> </ul> <li> <p>测试</p> </li> <ul class=" list-paddingleft-2"> <li> <p>测试tom用户的权限</p> </li> <li> <p>测试anyisalin用户的权限</p> </li> </ul> <li> <p>总结</p> </li> </ul> </ul> <h2 id="前言" style="font-family: inherit;line-height: 1.1;color: inherit;margin: 1.2em 0px 0.6em;font-size: 2.15em">前言</h2> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">周一的时候做这个实验失败了,当时以为是pam_mysql模块的问题,今天晚上随便试试,没想到竟然成功了,遂写一篇博客来分享一下</span></p> </blockquote> <h2 id="实验拓扑" style="font-family: inherit;line-height: 1.1;color: inherit;margin: 1.2em 0px 0.6em;font-size: 2.15em">实验拓扑</h2> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"><img src="//cto.wang/usr/uploads/2016/07/20160703180843-85.png" title="1459694444799387.png" alt="blob.png" /></p> <h2 id="实验环境" style="font-family: inherit;line-height: 1.1;color: inherit;margin: 1.2em 0px 0.6em;font-size: 2.15em">实验环境</h2> <table> <thead style="line-height: 1.6"> <tr style="line-height: 1.6" class="firstRow"> <th align="left">主机</th> <th>IP</th> <th>作用</th> </tr> </thead> <tbody style="line-height: 1.6"> <tr style="line-height: 1.6"> <td align="left" style="padding: 0.5em;line-height: 1.6;vertical-align: top">server1.anyisalin.com</td> <td style="padding: 0.5em;line-height: 1.6;vertical-align: top">172.16.1.2</td> <td style="padding: 0.5em;line-height: 1.6;vertical-align: top">提供ftp服务</td> </tr> <tr style="line-height: 1.6"> <td align="left" style="padding: 0.5em;line-height: 1.6;vertical-align: top">server2.anyisalin.com</td> <td style="padding: 0.5em;line-height: 1.6;vertical-align: top">172.16.1.3</td> <td style="padding: 0.5em;line-height: 1.6;vertical-align: top">使用存储vsftpd虚拟用户</td> </tr> </tbody> </table> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"><code>注意:本实验所有操作都在SElinux和iptables关闭的前提下进行</code></p> <h2 id="实验步骤" style="font-family: inherit;line-height: 1.1;color: inherit;margin: 1.2em 0px 0.6em;font-size: 2.15em">实验步骤</h2> <h3 id="安装vsftpd并测试" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.7em">安装vsftpd并测试</h3> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"><code>以下操作在server1.anyisalin.com执行</code></p> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server1 ~]<span class="hljs-comment"># yum install vsftpd -y --nogpgcheck| tail -n 10 #安装vsftpd</span><br />Running Transaction Test<br />Transaction Test Succeeded<br />Running Transaction<br /> Installing : vsftpd-<span class="hljs-number">2.2</span>.<span class="hljs-number">2</span>-<span class="hljs-number">14</span>.el6.x86_64 <span class="hljs-number">1</span>/<span class="hljs-number">1</span> <br /> Verifying : vsftpd-<span class="hljs-number">2.2</span>.<span class="hljs-number">2</span>-<span class="hljs-number">14</span>.el6.x86_64 <span class="hljs-number">1</span>/<span class="hljs-number">1</span> <br /><br />Installed:<br /> vsftpd.x86_64 <span class="hljs-number">0</span>:<span class="hljs-number">2.2</span>.<span class="hljs-number">2</span>-<span class="hljs-number">14</span>.el6 <br /><br />Complete!<br />[root@server1 ~]<span class="hljs-comment"># service vsftpd start</span><br />Starting vsftpd <span class="hljs-keyword">for</span> vsftpd: [ OK ]<br />[root@server1 ~]<span class="hljs-comment"># yum install -y lftp --nogpgcheck &> /dev/null</span><br />[root@server1 ~]<span class="hljs-comment"># lftp localhost #vsftpd能够正常运行</span><br />lftp localhost:~> ls <br />drwxr-xr-x <span class="hljs-number">2</span> <span class="hljs-number">0</span> <span class="hljs-number">0</span> <span class="hljs-number">4096</span> Jul <span class="hljs-number">24</span> <span class="hljs-number">2015</span> pub<br /></code></pre> <h3 id="安装mysql并创建对应用户和表" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.7em">安装MySQL并创建对应用户和表</h3> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"><code>以下操作在server2.anyisalin.com执行</code></p> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server2 ~]<span class="hljs-comment"># yum install mysql-server -y --nogpgcheck &> /dev/null #安装MySQL数据库</span><br />[root@server2 ~]<span class="hljs-comment"># service mysqld start #启动MySQL数据库</span><br />[root@server2 ~]<span class="hljs-comment"># mysql_secure_installation #初始化安装MySQL数据库,否则后面登录可能会有问题</span><br /></code></pre> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6">创建用户并授权,创建对应数据库和表并插入两行数据</p> <pre class="prettyprint hljs-dark"><code class="language-sql hljs">[root@server2 ~]# mysql -uroot -ppasswd #连接MySQL<br /><br />mysql>mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">GRANT</span> ALL <span class="hljs-keyword">ON</span> vsftpd.* <span class="hljs-keyword">TO</span> vsftpd@<span class="hljs-string">'%'</span> <span class="hljs-keyword">IDENTIFIED</span> <span class="hljs-keyword">BY</span> <span class="hljs-string">'passwd'</span>; #授权用户</span><br />Query OK, 0 rows affected (0.00 sec)<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">CREATE</span> <span class="hljs-keyword">DATABASE</span> vsftpd; #创建数据库</span><br />Query OK, 1 row affected (0.00 sec)<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">use</span> vsftpd; #指定数据库</span><br />Database changed<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">create</span> <span class="hljs-keyword">table</span> <span class="hljs-keyword">users</span> ( #创建表<br /> -> <span class="hljs-keyword">id</span> <span class="hljs-built_in">int</span> AUTO_INCREMENT <span class="hljs-keyword">NOT</span> <span class="hljs-literal">NULL</span>,<br /> -> <span class="hljs-keyword">name</span> <span class="hljs-built_in">char</span>(<span class="hljs-number">20</span>) <span class="hljs-built_in">binary</span> <span class="hljs-keyword">NOT</span> <span class="hljs-literal">NULL</span>,<br /> -> <span class="hljs-keyword">password</span> <span class="hljs-built_in">char</span>(<span class="hljs-number">48</span>) <span class="hljs-built_in">binary</span> <span class="hljs-keyword">NOT</span> <span class="hljs-literal">NULL</span>,<br /> -> primary <span class="hljs-keyword">key</span>(<span class="hljs-keyword">id</span>)<br /> -> );</span><br />Query OK, 0 rows affected (0.01 sec)<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">insert</span> <span class="hljs-keyword">into</span> <span class="hljs-keyword">users</span>(<span class="hljs-keyword">name</span>,<span class="hljs-keyword">password</span>) <span class="hljs-keyword">values</span>(<span class="hljs-string">'tom'</span>,<span class="hljs-keyword">password</span>(<span class="hljs-string">'magedu'</span>)); #新建行,用户为tom</span><br />Query OK, 1 row affected (0.00 sec)<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">insert</span> <span class="hljs-keyword">into</span> <span class="hljs-keyword">users</span>(<span class="hljs-keyword">name</span>,<span class="hljs-keyword">password</span>) <span class="hljs-keyword">values</span>(<span class="hljs-string">'anyisalin'</span>,<span class="hljs-keyword">password</span>(<span class="hljs-string">'anyisalin'</span>)); #新建行,用户为anyisalin</span><br />Query OK, 1 row affected (0.00 sec)<br /><br />mysql> <span class="hljs-operator" style="line-height: 1.6"><span class="hljs-keyword">FLUSH</span> <span class="hljs-keyword">PRIVILEGES</span>; #刷新权限</span><br />Query OK, 0 rows affected (0.00 sec)<br /><br /></code></pre> <h3 id="配置vsftpd基于mysql表的虚拟用户" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.7em">配置vsftpd基于MySQL表的虚拟用户</h3> <p style="margin-top: 0px;margin-bottom: 1.1em;line-height: 1.6"><code>以下操作在server1.anyisalin.com执行</code></p> <p></p> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">首先要完成基于MySQL表的认证,需要通过</span><code><span style="font-size: 14px">pam_mysql</span></code><span style="font-size: 14px">模块实现,我们要先安装</span><code><span style="font-size: 14px">pam_mysql</span></code></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server1 ~]<span class="hljs-comment"># wget -O /etc/yum.repos.d/epel.repo https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/epel?codeblock=0 #下载epel源的repo文件</span><br />[root@server1 ~]<span class="hljs-comment"># yum install pam_mysql -y --nogpgcheck &> /dev/null</span><br /></code></pre> <p></p> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">建立pam认证所需的配置文件</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server1 ~]<span class="hljs-comment"># vim /etc/pam.d/vsftpd.mysql #创建pam配置文件并按照自己的参数配置文件</span><br /><br />auth required /lib64/security/pam_mysql.so user=vsftpd passwd=passwd host=<span class="hljs-number">172.16</span>.<span class="hljs-number">1.3</span> db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=<span class="hljs-number">2</span><br />account required /lib64/security/pam_mysql.so user=vsftpd passwd=passwd host=<span class="hljs-number">172.16</span>.<span class="hljs-number">1.3</span> db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=<span class="hljs-number">2</span><br /></code></pre> <p></p> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">创建虚拟用户映射的系统用户</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server1 ~]<span class="hljs-comment"># useradd -r -s /sbin/nologin vuser -d /var/ftproot</span><br />[root@server1 ~]<span class="hljs-comment"># mkdir /var/ftproot</span><br />[root@server1 ~]<span class="hljs-comment"># chmod go+x /var/ftproot</span><br /></code></pre> <p></p> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">编辑</span><code><span style="font-size: 14px">vsftpd</span></code><span style="font-size: 14px">配置文件并确保开启以下选项</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">anonymous_<span class="hljs-built_in">enable</span>=YES<br /><span class="hljs-built_in">local</span>_<span class="hljs-built_in">enable</span>=YES<br />write_<span class="hljs-built_in">enable</span>=YES<br />anon_upload_<span class="hljs-built_in">enable</span>=NO<br />anon_mkdir_write_<span class="hljs-built_in">enable</span>=NO<br />chroot_<span class="hljs-built_in">local</span>_user=YES<br /></code></pre> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">而后添加以下选项</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">guest_<span class="hljs-built_in">enable</span>=YES<br />guest_username=vuser<br /></code></pre> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">并确保</span><code><span style="font-size: 14px">pam_service_name</span></code><span style="font-size: 14px">选项的值如下所示</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">pam_service_name=vsftpd.mysql<br /></code></pre> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">为每个用户单独提供配置文件</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">user_config_dir=/etc/vsftpd/vusers_config <span class="hljs-comment">#在配置文件中添加这个选项</span><br /></code></pre> <pre class="prettyprint hljs-dark"><code class="hljs ini"><span class="hljs-title">[root@server1 ~]</span><span class="hljs-comment"># mkdir /etc/vsftpd/vusers_config</span><br /><span class="hljs-title">[root@server1 ~]</span><span class="hljs-comment"># vim /etc/vsftpd/vusers_config/tom #设置tom用户有所有权限</span><br /><span class="hljs-setting" style="line-height: 1.6">anon_upload_enable=<span class="hljs-value"><span class="hljs-keyword" style="line-height: 1.6">YES</span></span></span><br /><span class="hljs-setting" style="line-height: 1.6">anon_mkdir_write_enable=<span class="hljs-value"><span class="hljs-keyword" style="line-height: 1.6">YES</span></span></span><br /><span class="hljs-setting" style="line-height: 1.6">anon_other_write_enable=<span class="hljs-value"><span class="hljs-keyword" style="line-height: 1.6">YES</span></span></span><br /><span class="hljs-title">[root@server1 ~]</span><span class="hljs-comment"># vim /etc/vsftpd/vusers_config/anyisalin #设置anyisalin用户只有upload权限</span><br /><span class="hljs-setting" style="line-height: 1.6">anon_upload_enable=<span class="hljs-value"><span class="hljs-keyword" style="line-height: 1.6">yes</span></span></span><br /></code></pre> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">重启服务</span></p> </blockquote> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server1 ~]<span class="hljs-comment"># service vsftpd restart</span><br />Shutting down vsftpd: [ OK ]<br />Starting vsftpd <span class="hljs-keyword">for</span> vsftpd: [ OK ]<br /><br /></code></pre> <h3 id="测试" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.7em">测试</h3> <h4 id="测试tom用户的权限" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.25em">测试tom用户的权限</h4> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server2 ~]<span class="hljs-comment"># lftp -u tom 172.16.1.2 #使用tom用户登录</span><br />Password: <br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:~> lcd /etc<br />lcd ok, <span class="hljs-built_in">local</span> cwd=/etc<br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:~> put fstab <span class="hljs-comment">#能够上传</span><br /><span class="hljs-number">711</span> bytes transferred <br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> ls<br />-rw------- <span class="hljs-number">1</span> <span class="hljs-number">496</span> <span class="hljs-number">492</span> <span class="hljs-number">711</span> Apr <span class="hljs-number">03</span> <span class="hljs-number">22</span>:<span class="hljs-number">34</span> fstab<br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> rm fstab <span class="hljs-comment">#能够删除</span><br />rm ok, `fstab<span class="hljs-string">' removed<br />lftp tom@172.16.1.2:/> ls<br />lftp tom@172.16.1.2:/> mkdir 1 #能够创建文件夹<br />mkdir ok, `1'</span> created<br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> ls<br />drwx------ <span class="hljs-number">2</span> <span class="hljs-number">496</span> <span class="hljs-number">492</span> <span class="hljs-number">4096</span> Apr <span class="hljs-number">03</span> <span class="hljs-number">22</span>:<span class="hljs-number">35</span> <span class="hljs-number">1</span><br />lftp tom@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> <br /></code></pre> <h4 id="测试anyisalin用户的权限" style="font-family: inherit;line-height: 1.6;color: inherit;margin: 1.2em 0px 0.6em;font-size: 1.25em">测试anyisalin用户的权限</h4> <pre class="prettyprint hljs-dark"><code class="language-bash hljs">[root@server2 ~]<span class="hljs-comment"># lftp -u anyisalin 172.16.1.2 #使用anyisalin用户登录</span><br />Password: <br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:~> ls <br />drwx------ <span class="hljs-number">2</span> <span class="hljs-number">496</span> <span class="hljs-number">492</span> <span class="hljs-number">4096</span> Apr <span class="hljs-number">03</span> <span class="hljs-number">22</span>:<span class="hljs-number">35</span> <span class="hljs-number">1</span><br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> lcd /etc/<br />lcd ok, <span class="hljs-built_in">local</span> cwd=/etc<br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> put fstab <span class="hljs-comment">#能够上传</span><br /><span class="hljs-number">711</span> bytes transferred<br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> ls<br />drwx------ <span class="hljs-number">2</span> <span class="hljs-number">496</span> <span class="hljs-number">492</span> <span class="hljs-number">4096</span> Apr <span class="hljs-number">03</span> <span class="hljs-number">22</span>:<span class="hljs-number">35</span> <span class="hljs-number">1</span><br />-rw------- <span class="hljs-number">1</span> <span class="hljs-number">496</span> <span class="hljs-number">492</span> <span class="hljs-number">711</span> Apr <span class="hljs-number">03</span> <span class="hljs-number">22</span>:<span class="hljs-number">36</span> fstab<br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> rm fstab <span class="hljs-comment">#不能删除</span><br />rm: Access failed: <span class="hljs-number">550</span> Permission denied. (fstab)<br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> mkdir <span class="hljs-number">2</span> <span class="hljs-comment">#不能创建文件夹</span><br />mkdir: Access failed: <span class="hljs-number">550</span> Permission denied. (<span class="hljs-number">2</span>)<br />lftp anyisalin@<span class="hljs-number">172.16</span>.<span class="hljs-number">1.2</span>:/> <br /></code></pre> <h2 id="总结" style="font-family: inherit;line-height: 1.1;color: inherit;margin: 1.2em 0px 0.6em;font-size: 2.15em">总结</h2> <blockquote><p style="margin-top: 0px;margin-bottom: 0px;font-size: 1em;line-height: 1.6"><span style="font-size: 14px">其实我感觉使用MySQL存储vsftpd虚拟用户的账号密码没有什么实际用处,毕竟用户量也不会太大,还不如用文件的方式存储 <br />作者:AnyISalIn QQ 1449472454 <br />感谢:MageEdu</span></p> </blockquote> <p></p> 最后修改:2021 年 12 月 10 日 10 : 53 AM © 允许规范转载 赞赏 如果觉得我的文章对你有用,请随意赞赏 赞赏作者 支付宝微信