vsftpd 基於mysql的虛擬賬戶

Centos7 vsftpd 基於MySQL的虛擬賬戶認證

實驗環境: 兩臺虛擬機的防火牆和SELinux都已關閉

角色	IP
vsftpd	192.168.148.7
mysql	192.168.148.17

系統賬戶	用戶主目錄
vuser	/data/ftproot

虛擬賬戶	密碼	用戶主目錄
ftp1	centos	/data/ftproot/ftp1
ftp2	redhat	/data/ftproot/ftp2

mysql服務器添加用戶數據庫

[root@localhost ~]# yum -y install mariadb-server
[root@localhost ~]#  systemctl start mariadb

[root@localhost ~]# vim vsftpd.sql
CREATE DATABASE vsftpd;
USE vsftpd

CREATE TABLE vuser (
id int(10) AUTO_INCREMENT PRIMARY KEY,
username char(30) BINARY NOT NULL,
password char(50) BINARY NOT NULL
);

insert into vuser(username,password)values('ftp1',password('centos')),('ftp2',password('redhat'));
grant select on vsftpd.vuser to vsftpd@'192.168.148.7' identified by 'centos';

[root@localhost ~]# mysql < vsftpd.sql 

vsftpd配置虛擬賬戶

[root@localhost ~]# yum -y install vsftpd
# 創建虛擬賬戶 ftp1, ftp2的用戶目錄和上傳目錄
[root@localhost ~]# mkdir -p /data/ftproot/ftp{1,2}/upload
[root@localhost ~]# touch /data/ftproot/ftp1/ftp1
[root@localhost ~]# touch /data/ftproot/ftp2/ftp2

# 創建虛擬賬戶映射的系統賬號 vuser
[root@localhost ~]# useradd -r -s /sbin/nologin -d /data/ftproot vuser

# 修改配置文件，註釋默認的 pam設置，添加如下配置
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf 
#pam_service_name=vsftpd
pam_service_name=vsftpd.mysql
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vusers.d

#添加虛擬賬戶配置文件
[root@localhost ~]# mkdir /etc/vsftpd/vusers.d
[root@localhost ~]# vim /etc/vsftpd/vusers.d/ftp1
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
local_root=/data/ftproot/ftp1

[root@localhost ~]# vim /etc/vsftpd/vusersd.d/ftp2
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
local_root=/data/ftproot/ftp2

# 下載 pam_mysql 下載地址 http://repo.iotti.biz/CentOS/7/x86_64/pam_mysql-0.8.1-0.22.el7.lux.x86_64.rpm
[root@localhost ~]# rpm -iv pam_mysql-0.8.1-0.22.el7.lux.x86_64.rpm

#編寫vsftpd.mysql文件
[root@localhost ~]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=centos host=192.168.148.17  db=vsftpd table=vuser usercolumn=username passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=centos host=192.168.148.17 db=vsftpd table=vuser usercolumn=username passwdcolumn=password crypt=2

# 啓動服務
[root@localhost ~]# systemctl start vsftpd

MySQL服務器作客戶端測試虛擬賬戶

# 安裝客戶端程序
[root@localhost ~]# yum -y install lftp
# 指定用戶名，密碼
[root@localhost ~]# lftp -u ftp1,centos 192.168.148.7
lftp [email protected]:~> ls
-rw-r--r--    1 0        0               0 May 17 07:20 ftp1
drwxr-xr-x    2 0        0               6 May 17 07:04 upload
lftp [email protected]:/> quit

[root@localhost ~]# lftp -u ftp2,redhat 192.168.148.7
lftp [email protected]:~> ls
-rw-r--r--    1 0        0               0 May 17 07:20 ftp2
drwxr-xr-x    2 0        0               6 May 17 07:04 upload
lftp [email protected]:/> bye