第一步:使用yum来安装vsftpd,mysql-server,mysql-devel,"Development Tools","Server Platform Development"

                [root@yangf ~]#yum -y install vsftpd mysql-server mysql-devel

                [root@yangf ~]#yum -y groupinstall "Development Tools" "Server Platform Development"

第二步:下载pam_mysql-0.7RC1.tar.gz并上传到服务器并解压

                 [root@yangf ~]#tar xf pam_mysql-0.7RC1.tar.gz

第三步:进入pam_mysql-0.7RC1.tar.gz目录编译安装

                 [root@yangf ~]#cd pam_mysql-0.7RC1

                 [root@yangf ~]#./configure --with-mysql=/usr --with-openssl

                 [root@yangf ~]#make && make install

第四步:分别启动vsftpd和mysql服务

                 [root@yangf ~]#service vsftpd start

                 [root@yangf ~]#service mysqld start

第五步:查看是否有pam_mysql.so文件,如没有,请把/usr/lib/security下的pam_mysql.so复制到/lib/security下

                 [root@yangf ~]#ls /usr/lib/security

                 [root@yangf ~]#cp /usr/lib/security/pam_mysql.so /lib/security/

第六步:创建mysql数据库,表,并插入数据

                 [root@yangf ~]#mysql

                 [root@yangf ~]#CREATE DATABASE vsftpd;

                 [root@yangf ~]#use vsftpd

                 [root@yangf ~]#CREATE TABLE users (id SAMLLINT AUTO_INCREMENT NOT NULL,

                                                                                name CHAR(20) BINARY NOT NULL,

                                                                                password CHAR(48) BINARY NOT NULL,

                                                                                PRIMARY KEY(id));

                [root@yangf ~]#DESC users;

                [root@yangf ~]#GRANT SELECT ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'vsftpd';

                [root@yangf ~]#GRANT SELECT ON vsftpd.* TO [email protected] IDENTIFIED BY 'vsftpd';

                [root@yangf ~]#FLUSH PRIVILEGES;

                [root@yangf ~]#INSERT INTO users (name,password) VALUE ('tom',password('tom')),('jerry',password('jerry'));

第七步:建立pam认证所需要文件

                [root@yangf ~]#vi /etc/pam.d/vsftpd.mysql

                 在文件中添加如下二行内容

                        auth required /lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

                        account required /lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

第八步:建立虚拟用户映射的系统用户及对应的目录

                [root@yangf ~]#useradd -s /sbin/nologin -d /var/ftproot/ vuser

                [root@yangf ~]#chmod go+rx /var/ftproot

第九步:请确保/etc/vsftpd/vsftpd.conf中已经启用了如下选项

                    anonymous_enable=NO                //是否启用匿名用户

                    local_enable=YES                           //是否启用本地系统用户

                    write_enable=YES                          //是否允许本地系统用户删除、创建

                    anon_upload_enable=NO            //是否开启匿名用户上传

                    anon_mkdir_enable=NO             //是否允许匿名用户创建目录

                    chroot_local_user=YES                //禁锢所有的ftp本地用户于其家目录中

                    listen=YES

                在最后添加如下几项

                    guest_enable=YES

                    guest_username=vuser

                    pam_service_name=vsftpd.mysql                //只能通过mysql认证登录

                    user_config_dir=/etc/vsftpd/vsusers

第十步:分别为tom和jerry用户建立不同的目录

                    [root@yangf ~]#mkdir -pv /tmp/{tom,jerry}

第十一步:分别为tom和jerry目录授予文件权限

                    [root@yangf ~]#setfacl -m u:vuser:rwx /tmp/tom

                    [root@yangf ~]#setfacl -m u:vuser:rwx /tmp/jerry

第十二步:创建ftp用户配制文件目录

                    [root@yangf ~]#mkdir /etc/vsftpd/vsusers

第十三步:在/etc/vsftpd/vsusers目录中创建以用户名命令的配置文件tom,jerry

                "tom"文件内容如下(tom用户拥有上传,下载,新建目录,删除操作)

                        local_root=/tmp/tom

                        anon_upload_enable=YES

                        anon_mkdir_write_enable=YES

                        anon_other_write_enable=YES

                

                  "jerry"文件内容如下(jerry用户拥有上传,下载,新建目录,但不允许删除操作)

                        local_root=/tmp/jerry

                        anon_upload_enable=YES

                        anon_mkdir_write_enable=YES

                        anon_other_write_enable=NO  

第十四步:重启vsftpd服务

                    [root@yangf ~]#service vsftpd restart

第十五步:在客户端中分别使用tom和jerry用户来测试,是否满足所设定的权限