[伊达原创]FreeBSD8.0 用MYSQL验证vsftp虚拟用户

先安装pam_mysql 源码在sf.net上
tar zxvf pam_mysql-0.7RC1.tar.gz
cd pam_mysql-0.7RC1
./configure --with-mysql=/usr/local/mysql --with-pam=/usr --with-pam-mods-dir=/usr/lib
make
make install

check一下,没有自己copy一个 : /usr/lib/pam_mysql.so

建虚拟用户验证的库和表
#cd /usr/local/mysql/bin
#./mysql -u root
>create database vsftp;
>use vsftp ;
>create table users ( name char(16) binary ,passwd char( 125) binary ) ;
>insert into users (name,passwd) values ('ghost001',password('ghost'));
>insert into users (name,passwd) values ('ghost002',password('ghost'));
>grant select on vsftpd.users to vsftpdguest@localhost identified by 'vsftpdguest';
>exit

#然后是虚拟用户的权限
semiscon#more /etc/vsftpd_user_conf/ghost001
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES

#验证文件 crypt=0就是明文 1是des加密 2是mysql的password()函数
semiscon#more /etc/pam.d/vsftpd.vu
auth required pam_mysql.so user=vsftpdguest passwd=vsftpdguest host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=2
account required pam_mysql.so user=vsftpdguest passwd=vsftpdguest host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=2

vsftp主配置文件
anonymous_enable=NO #安全考虑
local_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
guest_enable=YES
guest_username=vsftpdguest
pam_service_name=vsftpd.vu
user_config_dir=/etc/vsftpd_user_conf

chroot_local_user=YES注释掉好像也可以限制chroot

semiscon#grep -in chroot /etc/vsftpd.conf
92:# You may specify an explicit list of local users to chroot() to their home
93:# directory. If chroot_local_user is YES, then this list becomes a list of
94:# users to NOT chroot().
95:#chroot_local_user=YES
96:#chroot_list_enable=YES
98:#chroot_list_file=/etc/vsftpd.chroot_list

试一下 然后检查一下log文件
semiscon# grep -in ghost001 /var/log/vsftpd.log
30:Thu Apr  8 18:10:18 2010 [pid 72840] [ghost001] OK LOGIN: Client "127.0.0.1"
32:Thu Apr  8 18:12:51 2010 [pid 72866] [ghost001] OK LOGIN: Client "127.0.0.1"
37:Thu Apr  8 18:21:21 2010 [pid 72885] [ghost001] OK DOWNLOAD: Client "127.0.0.1", "/001", 0.00Kbyte/sec
39:Thu Apr  8 18:23:06 2010 [pid 72913] [ghost001] OK LOGIN: Client "127.0.0.1"
41:Thu Apr  8 18:26:44 2010 [pid 72934] [ghost001] OK LOGIN: Client "127.0.0.1"
42:Thu Apr  8 18:26:49 2010 [pid 72936] [ghost001] OK MKDIR: Client "127.0.0.1", "/123"
43:Thu Apr  8 18:27:05 2010 [pid 72936] [ghost001] OK UPLOAD: Client "127.0.0.1", "/vsftpd.log", 3092 bytes, 338.55Kbyte/sec
49:Thu Apr  8 18:28:17 2010 [pid 72956] [ghost001] OK LOGIN: Client "127.0.0.1"

参考资料: VSFTP+MySQL虚拟用户配置过程讲解

你可能感兴趣的:(mysql,vsftp,FreeBSD,虚拟用户,pam_mysql)