Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解

2022-10-15 17:06:00

https://www.dwhd.org/20150603_144841.html

摘要

VSFTP可以使用系统账户或者匿名账户登录,但是出于安全的考虑,通常建议使用vsftp虚拟账户来登录ftp服务器,虚拟用户是指使用独立的文件保存vsftp用户帐号,虚拟账户只能登录ftp服务器。

 

一、配置基于MySQL认证的的vsftpd

1、安装vsftpd、启动vsftpd、配置vsftpd开机启动

1
2
3
4
5
6
7
8
9
[root@Legion100 ~]# yum install vsftpd pam_mysql -y
[root@Legion100 ~]# service vsftpd start
为 vsftpd 启动 vsftpd:                                    [确定]
[root@Legion100 ~]# netstat -tnlp | grep 21
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      7574/vsftpd
[root@Legion100 ~]# chkconfig vsftpd on
[root@Legion100 ~]# chkconfig --list vsftpd
vsftpd          0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
[root@Legion100 ~]#

2、安装MySQL/MariaDB

1)、编译安装MariaDB、设置开机启动

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[root@Legion100 ~]# cd /tmp/
[root@Legion100 /tmp]# groupadd -g 1500 mysql && useradd -g mysql -u 1500 -s /sbin/nologin -M mysql
[root@Legion100 /tmp]# yum install cmake -y
[root@Legion100 /tmp]# wget "https://downloads.mariadb.org/interstitial/mariadb-10.0.19/source/mariadb-10.0.19.tar.gz/from/http%3A//mirrors.opencas.cn/mariadb" -O mariadb-10.0.19.tar.gz
[root@Legion100 /tmp]# tar xf mariadb-10.0.19.tar.gz
[root@Legion100 /tmp]# cd mariadb-10.0.19
[root@Legion100 /tmp/mariadb-10.0.19]# cmake . -DCMAKE_INSTALL_PREFIX=/usr/local/mysql \
-DMYSQL_DATADIR=/data/mysql \
-DWITH_SSL=system \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_SPHINX_STORAGE_ENGINE=1 \
-DWITH_ARIA_STORAGE_ENGINE=1 \
-DWITH_XTRADB_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATEDX_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DWITH_PERFSCHEMA_STORAGE_ENGINE=1 \
-DWITH_EXTRA_CHARSETS=all \
-DWITH_EMBEDDED_SERVER=1 \
-DWITH_READLINE=1 \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DEXTRA_CHARSETS=all \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
[root@Legion100 /tmp/mariadb-10.0.19]# make -j $(awk '/processor/{i++}END{print i}' /proc/cpuinfo) && make install  && echo $?
[root@Legion100 /tmp/mariadb-10.0.19]# cd /usr/local/mysql/
[root@Legion100 /usr/local/mysql]# echo "export PATH=/usr/local/mysql/bin:\$PATH" > /etc/profile.d/mariadb10.0.19.sh
[root@Legion100 /usr/local/mysql]# . /etc/profile.d/mariadb10.0.19.sh
[root@Legion100 /usr/local/mysql]# sed -i "$(awk '$1=="MANPATH"{a=NR}END{print a}' /etc/man.config)a MANPATH\t/usr/local/mysql/man" /etc/man.config
[root@Legion100 /usr/local/mysql]# cp -a support-files/mysql.server /etc/rc.d/init.d/mysqld
[root@Legion100 /usr/local/mysql]# \cp support-files/my-large.cnf /etc/my.cnf
[root@Legion100 /usr/local/mysql]# sed -i '/query_cache_size/a datadir = /data/mysql' /etc/my.cnf
[root@Legion100 /usr/local/mysql]# mkdir -p /data/mysql
[root@Legion100 /usr/local/mysql]# chown -R mysql.mysql /data/mysql
[root@Legion100 /usr/local/mysql]# /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql/ --basedir=/usr/local/mysql
[root@Legion100 /usr/local/mysql]# chkconfig mysqld on
[root@Legion100 /usr/local/mysql]# chkconfig --list mysqld
mysqld          0:关闭  1:关闭  2:启用  3:启用  4:启用  5:启用  6:关闭
[root@Legion100 /usr/local/mysql]# service mysqld start
Starting MySQL.                                            [确定]
[root@Legion100 /usr/local/mysql]# ss -tnlp | grep 3306
LISTEN     0      150                      :::3306                    :::*      users:(("mysqld",33450,21))
[root@Legion100 /usr/local/mysql]#

2)、做vsftpd用户认证的授权

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
[root@Legion100 ~]# mysql   #登录数据库
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.0.19-MariaDB-log Source distribution
 
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> USE mysql; #进入mysql库
Database changed
MariaDB [mysql]> UPDATE user set password=PASSWORD('lookback') WHERE USER='root'; #给所有的root帐户设置密码为lookback
Query OK, 4 rows affected (0.01 sec)
Rows matched: 4  Changed: 4  Warnings: 0
 
MariaDB [mysql]> DELETE FROM user WHERE User='';   #删除MariaDB所有的匿名帐号
Query OK, 2 rows affected (0.00 sec)
 
MariaDB [mysql]> create database vsftpd;   #新建vsftpd库
Query OK, 1 row affected (0.01 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@localhost identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是查询select,本地访问
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是select,本地访问
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@'172.16.%.%' identified by 'lookback'; #新建一个vsftpd的用户密码是lookback权限是select,可以在172.16.0.0/8网段内访问
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [mysql]> SELECT USER,PASSWORD,HOST FROM user; #查看下MariaDB上的用户用户名和host
+--------+-------------------------------------------+--------------------+
| USER   | PASSWORD                                  | HOST               |
+--------+-------------------------------------------+--------------------+
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost          |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | legion100.dwhd.org |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1          |
| root   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | ::1                |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | localhost          |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 127.0.0.1          |
| vsftpd | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C | 172.16.%.%         |
+--------+-------------------------------------------+--------------------+
7 rows in set (0.00 sec)
 
MariaDB [mysql]> use vsftpd;  #进入vsftpd库
Database changed
MariaDB [vsftpd]> create table users (
    -> id int AUTO_INCREMENT NOT NULL,
    -> name char(20) binary NOT NULL,
    -> password char(48) binary NOT NULL,
    -> primary key(id)
    -> );    #新建一个名为users的表,表中有id、name、password字段,id是自动增长,name是20个字符长度二进制存放区分大小写,password最大48字符二进制存放区分大小写,
Query OK, 0 rows affected (0.12 sec)
 
MariaDB [vsftpd]> insert into users(name,password) values('Legion',password('lookback')); #在users表中新建个Legion的用户密码是lookback
Query OK, 1 row affected (0.00 sec)
 
MariaDB [vsftpd]> insert into users(name,password) values('LookBack',password('lookback')); #在users表中新建个LookBack的用户密码是lookback
Query OK, 1 row affected (0.01 sec)
 
MariaDB [vsftpd]> SELECT id,name,password FROM users; #查看下users表
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | Legion   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
|  2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows in set (0.00 sec)
 
MariaDB [vsftpd]> FLUSH PRIVILEGES; #刷新生效上面的配置
Query OK, 0 rows affected (0.00 sec)
 
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~]#

3)、测试MariaDB的连接

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@Legion100 ~]# mysql -uvsftpd -plookback -h172.16.6.100 -P3306
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.0.19-MariaDB-log Source distribution
 
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
| vsftpd             |
+--------------------+
3 rows in set (0.00 sec)
 
MariaDB [(none)]> USE vsftpd
Database changed
MariaDB [vsftpd]> SHOW tables;
+------------------+
| Tables_in_vsftpd |
+------------------+
| users            |
+------------------+
1 row in set (0.00 sec)
 
MariaDB [vsftpd]> SELECT id,name,password FROM users;
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | Legion   | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
|  2 | LookBack | *153CCFAEAA83407D8DBDBFAA3D17B1A95553E60C |
+----+----------+-------------------------------------------+
2 rows in set (0.00 sec)
 
MariaDB [vsftpd]> \q
Bye
[root@Legion100 ~]#

3、配置vsFTPD

1)、建立pam认证所需的文件
新建个/etc/pam.d/vsftpd.mariadb文件

1
[root@Legion100 ~]# touch /etc/pam.d/vsftpd.mariadb

2)、64位系统写入下面的内容

1
2
auth required /lib64/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib64/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

32位系统写入下面的内容

1
2
auth required /lib/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /lib/security/pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

32位和64位通用写法

1
2
auth required pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=lookback host=172.16.6.100 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

3)、修改vsftpd配置文件

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
[root@Legion100 ~]# cd /etc/vsftpd/
[root@Legion100 /etc/vsftpd]# cp vsftpd.conf vsftpd.conf_`date +%F`
[root@Legion100 /etc/vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd.conf_2015-06-03 vsftpd_conf_migrate.sh
[root@Legion100 /etc/vsftpd]# groupadd -g 1501 vftpuser && useradd -g vftpuser -u 1501 -s /sbin/nologin -d /home/vftpuser vftpuser
[root@Legion100 /etc/vsftpd]# id vftpuser
uid=1501(vftpuser) gid=1501(vftpuser) 组=1501(vftpuser)
[root@Legion100 /etc/vsftpd]# finger vftpuser
Login: vftpuser                         Name:
Directory: /home/vftpuser               Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
[root@Legion100 /etc/vsftpd]# mkdir -p /home/vftpuser
[root@Legion100 /etc/vsftpd]# chown -R vftpuser.vftpuser /home/vftpuser
[root@Legion100 /etc/vsftpd]# chmod go+rx /home/vftpuser
[root@Legion100 /etc/vsftpd]# ls -ld /home/vftpuser/
drwxr-xr-x 4 vftpuser vftpuser 4096 6月   3 16:14 /home/vftpuser/
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
[root@Legion100 /etc/vsftpd]# grep -Ev '(^#\s.*|^#|^$)' vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd.mariadb
#这里直接把pam的认证文件换成了vsftpd.mariadb后系统用户就不能登录ftp了
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES
guest_username=vftpuser

reload下vsftpd使刚才上面的配置文件修改生效

1
2
3
4
[root@Legion100 /etc/vsftpd]# service vsftpd reload
关闭 vsftpd:                                              [确定]
为 vsftpd 启动 vsftpd:                                    [确定]
[root@Legion100 /etc/vsftpd]#

4、测试登录

1)、Linux下

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[root@Legion101 ~]# ifconfig | sed -rn '/^[^ \t]/{N;s/(^[^ ]*).*addr:([^ ]*).*/\1 \2/p}' | \
> awk '$2!~/^192\.168|^10\.|^127|^0|^$/{print $1"="$2}'
eth0=172.16.6.101
[root@Legion101 ~]# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
[root@Legion101 ~]# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): LookBack
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
[root@Legion101 ~]#

Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解

2)、Windows下

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Microsoft Windows [版本 6.3.9600]
(c) 2013 Microsoft Corporation。保留所有权利。
 
C:\Users\Administrator>ftp 172.16.6.100
连接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用户(172.16.6.100:(none)): Legion
331 Please specify the password.
密码:
230 Login successful.
ftp> pwd
257 "/"
ftp> bye
221 Goodbye.
 
C:\Users\Administrator>ftp 172.16.6.100
连接到 172.16.6.100。
220 (vsFTPd 2.2.2)
用户(172.16.6.100:(none)): LookBack
331 Please specify the password.
密码:
230 Login successful.
ftp> pwd
257 "/"
ftp> bye
221 Goodbye.
 
C:\Users\Administrator>

Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解

3)、客户端
Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解
Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解

5、配置基于单个虚拟用的权限
从上面可以看出我们创建的两个虚拟用户只能登录 但是不上传文件。下面将说说具体的虚拟用户权限配置

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
[root@Legion100 /etc/vsftpd]# echo "user_config_dir=/etc/vsftpd/vftpusers" >> /etc/vsftpd/vsftpd.conf
[root@Legion100 /etc/vsftpd]# mkdir -p /etc/vsftpd/vftpusers
[root@Legion100 /etc/vsftpd]# cd /etc/vsftpd/vftpusers
[root@Legion100 /etc/vsftpd/vftpusers]# touch /etc/vsftpd/vftpusers/{Legion,LookBack}
[root@Legion100 /etc/vsftpd/vftpusers]# cat > /etc/vsftpd/vftpusers/Legion <<EOF
anon_upload_enable=YES
#允许Legion用户可以上传文件
anon_mkdir_write_enable=YES
#允许Legion用可以创建文件
anon_other_write_enable=YES
#允许Legion可以删除文件
EOF
[root@Legion100 /etc/vsftpd/vftpusers]# cat /etc/vsftpd/vftpusers/Legion > /etc/vsftpd/vftpusers/LookBack
[root@Legion100 /etc/vsftpd/vftpusers]# sed -i 's/NO/YES/' /etc/vsftpd/vftpusers/LookBack #修改LookBack没有上传 创建 删除权限
[root@Legion100 /etc/vsftpd/vftpusers]# service vsftpd restart
关闭 vsftpd:                                              [确定]
为 vsftpd 启动 vsftpd:                                    [确定]
[root@Legion100 /etc/vsftpd/vftpusers]#

2)、测试

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@Legion101 ~]# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Legion
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /etc/
Local directory now /etc
ftp> put inittab
local: inittab remote: inittab
227 Entering Passive Mode (172,16,6,100,253,120).
150 Ok to send data.
226 Transfer complete.
884 bytes sent in 7.4e-05 secs (11945.94 Kbytes/sec)
ftp> ls -l
227 Entering Passive Mode (172,16,6,100,244,244).
150 Here comes the directory listing.
-rw-------    1 1501     1501          884 Jun 03 09:02 inittab
226 Directory send OK.
ftp> bye
221 Goodbye.
[root@Legion101 ~]# ftp 172.16.6.100
Connected to 172.16.6.100 (172.16.6.100).
220 (vsFTPd 2.2.2)
Name (172.16.6.100:root): Lookback
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> lcd /etc/
Local directory now /etc
ftp> put fstab
local: fstab remote: fstab
530 Please login with USER and PASS.
Passive mode refused.
ftp> bye
221 Goodbye.
[root@Legion101 ~]#

Linux基础入门之vsFTP+MySQL/MariaDB认证实现虚拟用户配置详解

上一篇:设置sqlplus访问远程oracle数据库的最快方法


下一篇:OpenGL ES平移矩阵和旋转矩阵的左乘与右乘效果