1、对pam_mysql-0.7RC1包进行编译安装
-
编译安装环境配置
编译安装所需的包如下:
~]#yum -y groupinstall "Development Tools" "Server Platform Development"
~]#yum -y install mariadb-server mariadb-devel openssl-devel
-
对包进行解压并编译安装
~]# tar xf pam_mysql-0.7RC1.tar.gz
~]# cd pam_mysql-0.7RC1
pam_mysql-0.7RC1]# ls
acinclude.m4 config.h.in COPYING ltmain.sh mkinstalldirs pam_mysql.spec.in
aclocal.m4 config.sub CREDITS Makefile.am NEWS pkg.m4
ChangeLog configure INSTALL Makefile.in pam_mysql.c README
config.guess configure.in install-sh missing pam_mysql.spec stamp-h.in
pam_mysql-0.7RC1]# ./configure –help |less 编译安装参数帮助查看
~]#./configure –with-mysql=/usr –with-openssl=/usr –with-pam=/usr –with-pam-mods-dir=/lib64/security
~]#make && make install
pam_mysql-0.7RC1]# ls /lib64/security/ |grep pam_mysql 查看编译安装后pam_mysql.so是否存在
pam_mysql.la
pam_mysql.so
2、mysql中创建用户及表
开启数据库并设定开机自启动
~]systemctl start mariadb.service
~]systemctl enable mariadb.service
创建用户及表
pam_mysql-0.7RC1]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.50-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd;
Database changed
MariaDB [vsftpd]> CREATE TABLE users (
-> id int AUTO_INCREMENT NOT NULL PRIMARY KEY,
-> name char(30) NOT NULL,
-> password char(48) binary NOT NULL );
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> DESC users
-> ;
+———-+———-+——+—–+———+—————-+
| Field | Type | Null | Key | Default | Extra |
+———-+———-+——+—–+———+—————-+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(30) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+———-+———-+——+—–+———+—————-+
3 rows in set (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('tom',password('oracleadmin'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('jerry',password('oracleadmin'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> SELECT * FROM users;
+—-+——-+——————————————-+
| id | name | password |
+—-+——-+——————————————-+
| 1 | tom | *81D2898F52A342B0B5E52CB747519B10342BD069 |
| 2 | jerry | *81D2898F52A342B0B5E52CB747519B10342BD069 |
+—-+——-+——————————————-+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'oracleadmin';
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@'127.0.0.1' IDENTIFIED BY 'oracleadmin'
;
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> exit
Bye
测试连接
]# mysql -uvsftpd -poracleadmin
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 5.5.50-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SHOW DATABASE;
to your MariaDB server version for the right syntax to use near 'DATABASE' at line 1
MariaDB [(none)]> SHOW DATABASES;
+——————–+
| Database |
+——————–+
| information_schema |
| test |
| vsftpd |
+——————–+
3 rows in set (0.00 sec)
MariaDB [(none)]> user vsftpd
-> ;
to your MariaDB server version for the right syntax to use near 'user vsftpd' at line 1
MariaDB [(none)]> use vsftpd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [vsftpd]> SELECT * FROM users;
+—-+——-+——————————————-+
| id | name | password |
+—-+——-+——————————————-+
| 1 | tom | *81D2898F52A342B0B5E52CB747519B10342BD069 |
| 2 | jerry | *81D2898F52A342B0B5E52CB747519B10342BD069 |
+—-+——-+——————————————-+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> exit
Bye
3、创建并修改与pamd的连接文件
在pam.d目录中创建vsftpd.mysql文件
~]# cd /etc/pam.d/
pam.d]# vim vsftpd.mysql 此文件中所涉及的参数可以在pam_mysql-0.7RC1文件的README中查看
pam_mysql-0.7RC1]# less README |more
pam_mysql – A PAM authentication module against MySQL database.
$Id: README,v 1.8.2.9 2006/01/09 10:35:59 moriyoshi Exp $
pam.d]# cat vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=oracleadmin host=localhost db=vsftpd table=users userco lumn=name passwdcolumn=password crypt=2 (Use MySQL PASSWORD() function)
account required pam_mysql.so user=vsftpd passwd=oracleadmin host=localhost db=vsftpd table=users use rcolumn=name passwdcolumn=password crypt=2
4、创建虚拟账户所对应的实体账号,并进行vsftpd的配置文件修改
创建账号并进行目录创建和权限修改
pam.d]# useradd -s /sbin/nologin -d /ftproot vuser
pam.d]# ls -ld /ftproot/
drwx—— 2 vuser vuser 59 11月 9 15:16 /ftproot/
pam.d]# chmod go+rx /ftproot/
pam.d]# ls -ld /ftproot/
drwxr-xr-x 2 vuser vuser 59 11月 9 15:16 /ftproot/
pam.d]# chmod -w /ftproot/
pam.d]# mkdir /ftproot/{pub,upload}
修改vsftpd的配置文件添加guest_enable=YES guest_username=vuser pam_service_name=vsftpd.mysql,可以通过man vsftpd.conf进行参数确认并查看
[root@localhost pam.d]# vim /etc/vsftpd/vsftpd.conf
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql
]# systemctl start vsftpd.service
]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 32 :::21 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
5、测试连接
-
连接性测试:
[root@localhost pam.d]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,150,137,84,48).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Nov 09 07:21 pub
drwxr-xr-x 2 0 0 6 Nov 09 07:21 upload
226 Directory send OK.
ftp> bye
221 Goodbye.
[root@localhost pam.d]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): jerry
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,150,137,181,119).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Nov 09 07:21 pub
drwxr-xr-x 2 0 0 6 Nov 09 07:21 upload
226 Directory send OK.
ftp> exit
221 Goodbye.
均可以通过mysql中添加的账户密码进行vsftp登入
-
文件上传下载测试
pam.d]# chown vuser /ftproot/upload/ upload文件夹添加vuser的用户权限
[root@localhost pam.d]# ls -ld /ftproot/upload/
drwxr-xr-x 2 vuser root 6 11月 9 15:21 /ftproot/upload/
pam.d]# vim /etc/vsftpd/vsftpd.conf 修改vsftpd.conf的配置文件,运行用户上传操作,修改完后重启vsftpd服务
anon_upload_enable=YES
[root@localhost pam.d]# !system
systemctl restart vsftpd.service
pam.d]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> put fstab
local: fstab remote: fstab
227 Entering Passive Mode (192,168,150,137,205,67).
150 Ok to send data.
226 Transfer complete.
465 bytes sent in 1.8e-05 secs (25833.33 Kbytes/sec)
ftp> bye
221 Goodbye.
[root@localhost pam.d]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): jerry
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> put issue
local: issue remote: issue
227 Entering Passive Mode (192,168,150,137,187,178).
150 Ok to send data.
226 Transfer complete.
23 bytes sent in 5.9e-05 secs (389.83 Kbytes/sec)
ftp> bye
221 Goodbye.
-
用户权限分类型测试
将mysql中的用户区分为可以上传和无法上传两个权限
pam.d]# cd /etc/vsftpd/
vsftpd]# vim vsftpd.conf 将anon_upload_enable=YES功能关闭
#anon_upload_enable=YES
创建vuser.conf.d目录并进行各用户单独配置文件创建,配置文件中单独设定anon_upload_enable此功能是否开启
vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
vsftpd]# mkdir vusers.conf.d
vsftpd]# cd vusers.conf.d/
vusers.conf.d]# vim tom
vusers.conf.d]# cp tom jerry
vusers.conf.d]# vim jerry
vusers.conf.d]# cat {tom,jerry}
anon_upload_enable=YES
anon_upload_enable=NO
修改vsftpd.conf添加参数user_config_dir=/etc/vsftpd/vusers.conf.d,进行单独用户配置文件的连接,修改完成后重启vsftpd服务
vusers.conf.d]# cd ..
vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh vusers.conf.d
vsftpd]# vim vsftpd
vsftpd]# vim vsftpd.conf
user_config_dir=/etc/vsftpd/vusers.conf.d
[root@localhost vsftpd]# systemctl restart vsftpd.service
测试
此用户可以上传
vsftpd]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> lcd /etc
Local directory now /etc
ftp> ls
227 Entering Passive Mode (192,168,150,137,166,0).
150 Here comes the directory listing.
-rw——- 1 1000 1000 465 Nov 09 07:25 fstab
-rw——- 1 1000 1000 23 Nov 09 07:26 issue
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> put grub2.cfg
local: grub2.cfg remote: grub2.cfg
227 Entering Passive Mode (192,168,150,137,46,19).
150 Ok to send data.
226 Transfer complete.
4265 bytes sent in 0.0286 secs (149.04 Kbytes/sec)
ftp> bye
221 Goodbye.
此用户禁用上传
vsftpd]# ftp 192.168.150.137
Connected to 192.168.150.137 (192.168.150.137).
220 (vsFTPd 3.0.2)
Name (192.168.150.137:root): jerry
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,150,137,62,132).
150 Here comes the directory listing.
-rw——- 1 1000 1000 465 Nov 09 07:25 fstab
-rw——- 1 1000 1000 4265 Nov 09 07:31 grub2.cfg
-rw——- 1 1000 1000 23 Nov 09 07:26 issue
226 Directory send OK.
ftp> lcd /etc
Local directory now /etc
ftp> !ls
adjtime e2fsck.conf ld.so.conf polkit-1 shadow-
aliases environment ld.so.conf.d popt.d shells
aliases.db ethertypes libaudit.conf postfix skel
alternatives exports libnl ppp ssh
anacrontab favicon.png libuser.conf prelink.conf.d ssl
asound.conf filesystems locale.conf printcap statetab
audisp firewalld localtime profile statetab.d
audit fstab login.defs profile.d subversion
avahi gcrypt logrotate.conf protocols sudo.conf
bash_completion.d gdbinit logrotate.d python sudoers
bashrc gdbinit.d lvm rc0.d sudoers.d
binfmt.d gnupg machine-id rc1.d sudo-ldap.conf
centos-release GREP_COLORS magic rc2.d sysconfig
centos-release-upstream groff makedumpfile.conf.sample rc3.d sysctl.conf
chkconfig.d group man_db.conf rc4.d sysctl.d
cron.d group- mke2fs.conf rc5.d systemd
cron.daily grub2.cfg modprobe.d rc6.d system-release
cron.deny grub.d modules-load.d rc.d system-release-cpe
cron.hourly gshadow motd rc.local tcsd.conf
cron.monthly gshadow- mtab rdma terminfo
crontab gss my.cnf redhat-release tmpfiles.d
cron.weekly host.conf my.cnf.d resolv.conf tuned
crypttab hostname NetworkManager rpc udev
csh.cshrc hosts networks rpm vconsole.conf
csh.login hosts.allow nsswitch.conf rsyncd.conf vimrc
dbus-1 hosts.deny nsswitch.conf.bak rsyslog.conf virc
default init.d openldap rsyslog.d vsftpd
depmod.d inittab opt rwtab wpa_supplicant
dhcp inputrc os-release rwtab.d X11
DIR_COLORS iproute2 pam.d sasl2 xdg
DIR_COLORS.256color issue passwd securetty xinetd.d
DIR_COLORS.lightbgcolor issue.net passwd- security yum
dnsmasq.conf kdump.conf pkcs11 selinux yum.conf
dnsmasq.d kernel pki services yum.repos.d
dracut.conf krb5.conf plymouth sestatus.conf
dracut.conf.d ld.so.cache pm shadow
ftp> put resolv.conf
local: resolv.conf remote: resolv.conf
227 Entering Passive Mode (192,168,150,137,44,37).
550 Permission denied.
ftp> bye
221 Goodbye.
原创文章,作者:N23-苏州-void,如若转载,请注明出处:http://www.178linux.com/58886
