vsftpd运用pam_mysql.so连接mariadb进行认证
发布时间:2022-03-08 17:50:36 所属栏目:MySql教程 来源:互联网
导读:实验环境: IP地址 描述 192.168.5.181 CentOS7系统,base源安装好了mariadb,作为ftp服务端,作为认证服务端 192.168.5.121 CentOS6系统,作为ftp客户端 认证模块pam_mysql.so的安装 需要从网上下载pam_mysql.so的源码包,pam_mysql-0.7RC1.tar.gz 在解压安
|
实验环境: IP地址 描述 192.168.5.181 CentOS7系统,base源安装好了mariadb,作为ftp服务端,作为认证服务端 192.168.5.121 CentOS6系统,作为ftp客户端 认证模块pam_mysql.so的安装 需要从网上下载pam_mysql.so的源码包,pam_mysql-0.7RC1.tar.gz 在解压安装之前,确保在CentOS7上面的开发组包已经安装,如果没有安装,则需要运行如下命令: $ yum groupinstall "Development Tools" -y 之后安装mariadb和pam的开发包: $ yum install mariadb-devel pam-devel -y 解压pam_mysql的源码包,进入源码目录,进行编译安装。其中–with-mysql引用了mariadb的头文件以及lib,–with-pam引用了pam的头文件以及lib。–with-pam-mods-dir指明将模块安装的位置。 $ ./configure --with-mysql=/usr --with-pam=/usr --with-pam-mods-dir=/usr/lib64/security $ make $ make install 安装完毕之后,在/usr/lib64/security目录下面,可以查看到新的pam_mysql.so模块。 $ ls /usr/lib64/security/ | grep mysql.so pam_mysql.so mariadb创建数据 下面规划一下mariadb里面的用户。建立一个名为vsftpd的数据库,在这个数据库里面建立一个名为auth的数据表,在数据表里面建立两个用户作为vsftpd的虚拟用户:user1,密码为user1;user2,密码为user2。密码采用mysql自带的PASSWORD()函数进行加密。使用名为vsftpd@’127.0.0.1’的用户进行登录查询,只授予该用户select权限,登录密码为vsftpd。建立之后的结果如下: Database changed MariaDB [vsftpd]> show tables; +------------------+ | Tables_in_vsftpd | +------------------+ | auth | +------------------+ 1 row in set (0.00 sec) MariaDB [vsftpd]> desc auth; +----------+-----------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+-----------+------+-----+---------+-------+ | name | char(20) | YES | | NULL | | | password | char(100) | YES | | NULL | | +----------+-----------+------+-----+---------+-------+ 2 rows in set (0.01 sec) 所有mysql里面存储的虚拟用户在登录之后都会被映射为本地的来宾用户,这里建立一个名为vuser的来宾账户,家目录为/ftproot/vuser,修改其权限为544,即去除所有的’写’权限。在里面新建一个pub目录,用setfacl给pub目录赋予vuser用户的读写执行权限。 $ mkdir ftproot $ cd ftproot $ useradd -d /ftproot/vuser vuser $ chmod 544 /ftproot/vuser $ mkdir /ftproot/vuser/pub $ setfacl -m u:vuser:rwx /ftproot/vuser/pub 配置pam文件 新建一个/etc/pam.d/ftp-mysql的文件,在里面添加两行如下内容,详细的配置项,请参见pam_mysql.so源码包里面的README文档: 在客户端上面,确保安装了ftp客户端工具: yum install ftp 利用上述工具和服务端进行通信,对user1进行测试,可以看到,登录成功,并且user1有上传的权限,但是并没有删除的权限: $ ftp 192.168.5.181 Connected to 192.168.5.181 (192.168.5.181). 220 (vsFTPd 3.0.2) Name (192.168.5.181:root): user1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (192,168,5,181,187,35). 150 Here comes the directory listing. drwxrwxr-x 2 0 0 6 Jun 05 18:33 pub 226 Directory send OK. ftp> cd pub 250 Directory successfully changed. ftp> ls 227 Entering Passive Mode (192,168,5,181,180,167). 150 Here comes the directory listing. 226 Directory send OK. ftp> lcd /etc Local directory now /etc ftp> put hosts local: hosts remote: hosts 227 Entering Passive Mode (192,168,5,181,142,11). 150 Ok to send data. 226 Transfer complete. 256 bytes sent in 0.000155 secs (1651.61 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,181,108,36). 150 Here comes the directory listing. -rw------- 1 1001 1001 256 Jun 06 05:06 hosts 226 Directory send OK. ftp> delete hosts 550 Permission denied. ftp> exit 221 Goodbye. 下面对user2进行测试,可以看到,user2登录成功,并且有上传权限,删除权限,创建目录的权限。: $ ftp 192.168.5.181 Connected to 192.168.5.181 (192.168.5.181). 220 (vsFTPd 3.0.2) Name (192.168.5.181:root): user2 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> cd pub 250 Directory successfully changed. ftp> ls 227 Entering Passive Mode (192,168,5,181,96,57). 150 Here comes the directory listing. 226 Directory send OK. ftp> lcd /etc Local directory now /etc ftp> put hosts local: hosts remote: hosts 227 Entering Passive Mode (192,168,5,181,36,41). 150 Ok to send data. 226 Transfer complete. 256 bytes sent in 0.000145 secs (1765.52 Kbytes/sec) ftp> ls 227 Entering Passive Mode (192,168,5,181,141,235). 150 Here comes the directory listing. -rw------- 1 1001 1001 256 Jun 06 05:10 hosts 226 Directory send OK. ftp> delete hosts 250 Delete operation successful. ftp> ls 227 Entering Passive Mode (192,168,5,181,56,230). 150 Here comes the directory listing. 226 Directory send OK. ftp> mkdir dir 257 "/pub/dir" created ftp> ls 227 Entering Passive Mode (192,168,5,181,208,106). 150 Here comes the directory listing. drwx------ 2 1001 1001 6 Jun 06 05:10 dir 226 Directory send OK. 下面对于系统用户ftpuser以及一个不存在的用户abc进行登录测试,发现无法登录,证明只用mysql数据库里面存在的用户才能够进行认证: $ ftp 192.168.5.181 Connected to 192.168.5.181 (192.168.5.181). 220 (vsFTPd 3.0.2) Name (192.168.5.181:root): ftpuser 331 Please specify the password. Password: 530 Login incorrect. Login failed. $ ftp 192.168.5.181 Connected to 192.168.5.181 (192.168.5.181). 220 (vsFTPd 3.0.2) Name (192.168.5.181:root): abc 331 Please specify the password. Password: 530 Login incorrect. Login failed. ftp> (编辑:拼字网 - 核心网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
站长推荐