1、通过YUM安装必需的vsftpd, pam, pam-devel;
2、通过编译安装必需的pam_mysql(下面附件里);
3、修改默认vsftpd配置文件 (/etc/vsftpd/vsftpd.conf)以及添加ftp用户的权限配置文件(/etc/vsftpd/vconf/);
4、添加虚拟系统用户,及其ftp用户登录认证数据库;
5、修改vsftpd默认的pam配置文件 (/etc/pam.d/vsftpd);
6、添加ftp端口到防火墙,重启vsftpd服务,测试ftp虚拟用户登录。
1)
- [simonsun@magic ~]$ sudo yum install vsftpd pam pam-devel
目前的版本为
vsftpd - 2.0.5-12.el5, pam - 0.99.6.2-3.27.el5, pam-devel - 0.99.6.2-3.27.el5。
2)
- [simonsun@magic ~]$ wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
- [simonsun@magic ~]$ tar zxvf pam_mysql-0.7RC1.tar.gz
- [simonsun@magic ~]$ ls pam_mysql-0.7RC1
- acinclude.m4 config.guess configure CREDITS ltmain.sh missing pam_mysql.c pkg.m4
- aclocal.m4 config.h.in configure.in INSTALL Makefile.am mkinstalldirs pam_mysql.spec README
- ChangeLog config.sub COPYING install-sh Makefile.in NEWS pam_mysql.spec.in stamp-h.in
- [simonsun@magic ~]$ vim pam_mysql-0.7RC1/configure
#修改configure中的一个bug,将下面的一段修改,加上#include
=================================
- #include
- #include
- int
- main ()
- {
- md5_calc(0, 0, 0);
- ;
- return 0;
- }
=================================
- [simonsun@magic ~]$ cd pam_mysql-0.7RC1
- [simonsun@magic pam_mysql-0.7RC1]$ ./configure
- [simonsun@magic pam_mysql-0.7RC1]$ make
- [simonsun@magic pam_mysql-0.7RC1]$ sudo make install
- [simonsun@magic pam_mysql-0.7RC1]$ sudo cp /usr/lib/security/pam_mysql.* /lib/security/
3)
- [simonsun@magic ~]$ sudo vim /etc/vsftpd/vsftpd.conf
======================================
- anonymous_enable=NO
- local_enable=YES
- write_enable=YES
- local_umask=022
- #anon_upload_enable=YES
- #anon_mkdir_write_enable=YES
- dirmessage_enable=YES
- xferlog_enable=YES
- connect_from_port_20=YES
- #chown_uploads=YES
- #chown_username=whoever
- xferlog_file=/var/log/vsftpd.log
- xferlog_std_format=YES
- #idle_session_timeout=600
- #data_connection_timeout=120
- #nopriv_user=ftpsecure
- #async_abor_enable=YES
- #ascii_upload_enable=YES
- #ascii_download_enable=YES
- ftpd_banner=Welcome to Magic Linux FTP service.
- #deny_email_enable=YES
- # (default follows)
- #banned_email_file=/etc/vsftpd/banned_emails
- chroot_local_user=YES
- #chroot_list_enable=YES
- # (default follows)
- #chroot_list_file=/etc/vsftpd/chroot_list
- #ls_recurse_enable=YES
- listen=YES
- listen_port=21
- #listen_ipv6=YES
#下面是添加的:
- guest_enable=YES
- guest_username=vvsftpd #虚拟系统用户,在步骤4)中添加该用户到系统用户中。
- user_config_dir=/etc/vsftpd/vconf/ #登录ftp的虚拟用户的权限配置文件。
- pam_service_name=vsftpd
- userlist_enable=YES
- tcp_wrappers=YES
======================================
- [simonsun@magic ~]$ sudo mkdir /etc/vsftpd/vconf/
- [simonsun@magic ~]$ sudo vim /etc/vsftpd/vconf/myftp
======================================
- write_enable=YES
- anon_upload_enable=YES
- anon_mkdir_write_enable=YES
- anon_world_readable_only=NO
======================================
4)
- [simonsun@magic ~]$ sudo /usr/sbin/useradd -d /home/vvsftpd -s /sbin/nologin vvsftpd
- [simonsun@magic ~]$ mysql -u root -p
#执行如下语句,为虚拟系统用户vvsftpd创建虚拟用户(如myftp)登录ftp时的认证数据库vsftpd
- ======================================
- create database vsftpd;
- use vsftpd;
- create table user(name char(20) binary,passwd char(20) binary);
- insert into user values ('myftp',ENCRYPT('ptfym'));
- grant select on vsftpd.user to vvsftpd@localhost identified by 'PaSsWoRd';
- flush privileges;
- ======================================
5)
- [simonsun@magic ~]$ sudo vim /etc/pam.d/vsftpd
修改成如下
- ======================================
- #%PAM-1.0
- session optional pam_keyinit.so force revoke
- auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers nerr=succeed
- #auth required pam_shells.so
- auth required /lib/security/pam_mysql.so user=vvsftpd passwd=PaSsWoRd host=localhost db=vsftpd table=user usercolumn=name passwdpasswdcolumn=passwd crypt=1
- account required /lib/security/pam_mysql.so user=vvsftpd passwd=PaSsWoRd host=localhost db=vsftpd table=user usercolumn=name passwdpasswdcolumn=passwd crypt=1
- #auth include system-auth
- #account include system-auth
- session include system-auth
- session required pam_loginuid.so
- ======================================
6)
- [simonsun@magic ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 20 -j ACCEPT
- [simonsun@magic ~]$ sudo /sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT
- [simonsun@magic ~]$ sudo /etc/rc.d/init.d/iptables save
- [simonsun@magic ~]$ sudo /etc/rc.d/init.d/iptables restart
清除防火墙规则: [确定]
把 chains 设置为 ACCEPT 策略:filter nat [确定]
正在卸载 Iiptables 模块: [确定]
应用 iptables 防火墙规则: [确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns [确定]
- [simonsun@magic ~]$ sudo /etc/rc.d/init.d/vsftpd restart
关闭 vsftpd: [确定]
为 vsftpd 启动 vsftpd: [确定]
- [simonsun@magic ~]$ ftp shellfisher.3322.org
- Connected to shellfisher.3322.org.
- 220 Welcome to Magic Linux FTP service.
- 530 Please login with USER and PASS.
- 530 Please login with USER and PASS.
- KERBEROS_V4 rejected as an authentication type
- Name (shellfisher.3322.org:simonsun): myftp
- 331 Please specify the password.
- Password:
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp> ls
- 227 Entering Passive Mode (221,215,250,110,86,88)
- 150 Here comes the directory listing.
- 226 Directory send OK.
- ftp> mkdir testftp
- 257 "/testftp" created
- ftp> ls
- 227 Entering Passive Mode (221,215,250,110,43,155)
- 150 Here comes the directory listing.
- drwx------ 2 507 509 4096 Mar 24 08:32 testftp
- 226 Directory send OK.
- ftp> quit
- 221 Goodbye.
- ======================================
【编辑推荐】
- Linux下vsftp服务器配置
- vsFTPd服务器的启动和关闭
- 怎样安装vsFTPd
- Linux下配置vsftpd
- vsftpd安装篇
- vsftpd 启动篇
- Linux下vsftpd的配置
- 如果SELinux拒绝vsftpd上传文件到用户主目录怎么办
- vsFTPd常用功能之限速和限制链接点