这篇文章给大家介绍vsftpd基于pam_mysql如何做虚拟用户认证，内容非常详细，感兴趣的小伙伴们可以参考借鉴，希望对大家能有所帮助。

（1）下载epel源

[root@CentOS7-175~]#wget-O/etc/yum.repos.d/epel.repohttp://mirrors.aliyun.com/repo/epel-7.repo#下载阿里云的epel源[root@CentOS7-175~]#yumrepolist

（2）安装所需要的包

[root@CentOS7-175~]#yum-ygroupinstall"DevelopmentTools""ServerPlatformDevelopment"[root@CentOS7-175~]#yum-yinstallvsftpdpam-develmariadb-servermariadb-developenssl-devel[root@CentOS7-175~]#systemctlstartmariadb.service[root@CentOS7-175~]#systemctlenablemariadb.service

（3）编译安装pam_mysql模块

vsftpd通过pam_mysql进行用户验证，需要安装pam_mysql模块，但是默认系统yum源不提供,所以需要编译安装pam_mysql模块

[root@CentOS7-175~]#mkdir/home/tools/[root@CentOS7-175~]#cd/home/tools/[root@CentOS7-175tools]#tarxfpam_mysql-0.7RC1.tar.gz[root@CentOS7-175tools]#cdpam_mysql-0.7RC1/[root@CentOS7-175pam_mysql-0.7RC1]#./configure--with-mysql=/usr--with-openssl=/usr--with-pam=/usr--with-pam-mods-dir=/lib64/security[root@CentOS7-175pam_mysql-0.7RC1]#make&&makeinstall[root@CentOS7-175pam_mysql-0.7RC1]#ls/lib64/security/pam_mysql.so#查询是否编译成功，ls是否有pam_mysql.so模块/lib64/security/pam_mysql.so

（4）备份vsftpd.conf配置文件

[root@CentOS7-175pam_mysql-0.7RC1]#systemctlstopvsftpd[root@CentOS7-175pam_mysql-0.7RC1]#cd/etc/vsftpd[root@CentOS7-175vsftpd]#cpvsftpd.conf{,.bak}[root@CentOS7-175vsftpd]#lsvsftpd.conf*vsftpd.confvsftpd.conf.bak

（5）配置mysql

[root@CentOS7-175vsftpd]#mysql-uroot-p#登录mysqlEnterpassword:WelcometotheMariaDBmonitor.Commandsendwith;or\g.YourMariaDBconnectionidis2Serverversion:5.5.44-MariaDBMariaDBServerCopyright(c)2000,2015,Oracle,MariaDBCorporationAbandothers.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.MariaDB[(none)]>CREATEDATABASEvsftpd;#创建vsftpd库QueryOK,1rowaffected(0.00sec)MariaDB[(none)]>usevsftpd;#进入vsftpd库DatabasechangedMariaDB[vsftpd]>CREATETABLEusers(#创建users表->idintAUTO_INCREMENTNOTNULLPRIMARYKEY,->namechar(30)NOTNULL,->passwordchar(48)binaryNOTNULL);QueryOK,0rowsaffected(0.05sec)MariaDB[vsftpd]>descusers;#查看users表+----------+----------+------+-----+---------+----------------+|Field|Type|Null|Key|Default|Extra|+----------+----------+------+-----+---------+----------------+|id|int(11)|NO|PRI|NULL|auto_increment||name|char(30)|NO||NULL|||password|char(48)|NO||NULL||+----------+----------+------+-----+---------+----------------+3rowsinset(0.00sec)MariaDB[vsftpd]>INSERTINTOusers(name,password)VALUES('tom',password('zhucke'));#在表中插入数据用户QueryOK,1rowaffected(0.00sec)MariaDB[vsftpd]>INSERTINTOusers(name,password)VALUES('jerry',password('zhucke.com'));QueryOK,1rowaffected(0.00sec)MariaDB[vsftpd]>SELECT*FROMusers;+----+-------+-------------------------------------------+|id|name|password|+----+-------+-------------------------------------------+|1|tom|*9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38||2|jerry|*3E27BE6A3667961ABCCFCA4832F06B151F81185A|+----+-------+-------------------------------------------+2rowsinset(0.00sec)MariaDB[vsftpd]>GRANTselectONvsftpd.*TOvsftpd@localhostIDENTIFIEDBY'zhucke';#授权vsftpd用户登录mysqlQueryOK,0rowsaffected(0.04sec)MariaDB[vsftpd]>GRANTselectONvsftpd.*TOvsftpd@127.0.0.1IDENTIFIEDBY'zhucke';#授权vsftpd用户登录mysqlQueryOK,0rowsaffected(0.00sec)MariaDB[vsftpd]>FLUSHPRIVILEGES;QueryOK,0rowsaffected(0.01sec)MariaDB[vsftpd]>exitBye

（6）测试用vsftpd用户登录mysql

[root@CentOS7-175vsftpd]#mysql-uvsftpd-pEnterpassword:WelcometotheMariaDBmonitor.Commandsendwith;or\g.YourMariaDBconnectionidis4Serverversion:5.5.44-MariaDBMariaDBServerCopyright(c)2000,2015,Oracle,MariaDBCorporationAbandothers.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.MariaDB[(none)]>SHOWDATABASES;+--------------------+|Database|+--------------------+|information_schema||test||vsftpd|+--------------------+3rowsinset(0.01sec)MariaDB[(none)]>usevsftpd;ReadingtableinformationforcompletionoftableandcolumnnamesYoucanturnoffthisfeaturetogetaquickerstartupwith-ADatabasechangedMariaDB[vsftpd]>SELECT*FROMusers;+----+-------+-------------------------------------------+|id|name|password|+----+-------+-------------------------------------------+|1|tom|*9BDB807A93B6C421BBFCAC5EF1AE0835396EEE38||2|jerry|*3E27BE6A3667961ABCCFCA4832F06B151F81185A|+----+-------+-------------------------------------------+2rowsinset(0.01sec)

（7）配置pam

[root@CentOS7-175vsftpd]#cd/etc/pam.d/[root@CentOS7-175pam.d]#vimvsftpd.mysql[root@CentOS7-175pam.d]#catvsftpd.mysqlauthrequiredpam_mysql.souser=vsftpdpasswd=zhuckehost=localhostdb=vsftpdtable=usersusercolumn=namepasswdcolumn=passwordcrypt=2accountrequiredpam_mysql.souser=vsftpdpasswd=zhuckehost=localhostdb=vsftpdtablee=usersusercolumn=namepasswdcolumn=passwordcrypt=2[root@CentOS7-175pam.d]#useradd-s/sbin/nologin-d/ftprootvuser[root@CentOS7-175pam.d]#ls-ld/ftproot/drwx------3vuservuser74Jun1111:30/ftproot/[root@CentOS7-175pam.d]#chmodgo+rx/ftproot/[root@CentOS7-175pam.d]#ls-ld/ftproot/drwxr-xr-x3vuservuser74Jun1111:30/ftproot/[root@CentOS7-175pam.d]#vim/etc/vsftpd/vsftpd.conf[root@CentOS7-175pam.d]#tail-7/etc/vsftpd/vsftpd.confpam_service_name=vsftpd.mysqllocal_enable=YESwrite_enable=YESlocal_umask=022guest_enable=YESguest_username=vuser#指明虚拟用户映射到的系统用户[root@CentOS7-175pam.d]#chmod-w/ftproot/[root@CentOS7-175pam.d]#systemctlrestartvsftpd[root@CentOS7-175pam.d]#mkdir/ftproot/{pub,upload}

（8）Client：192.168.5.171上分别用tom用户和jerry用户登录ftp服务器

[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):tom#用tom用户登录331Pleasespecifythepassword.Password:230Loginsuccessful.#登录成功RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>ls#查看ftp服务内的文件227EnteringPassiveMode(192,168,5,175,58,188).150Herecomesthedirectorylisting.drwxr-xr-x2006Jun1103:34pubdrwxr-xr-x2006Jun1103:34upload226DirectorysendOK.ftp>exit221Goodbye.[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):jerry#用jerry用户登录331Pleasespecifythepassword.Password:230Loginsuccessful.RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>ls227EnteringPassiveMode(192,168,5,175,189,114).150Herecomesthedirectorylisting.drwxr-xr-x2006Jun1103:34pubdrwxr-xr-x2006Jun1103:34upload226DirectorysendOK.

（9）设置文件可以上传

[root@CentOS7-175pam.d]#chownvuser/ftproot/upload/#修改此目录属主为vuser用户[root@CentOS7-175pam.d]#ls-ld/ftproot/upload/drwxr-xr-x2vuserroot6Jun1111:34/ftproot/upload/[root@CentOS7-175pam.d]#vim/etc/vsftpd/vsftpd.conf#编译vsftpd.conf文件anon_upload_enable=YES#将此行#号去掉，开启文件上传[root@CentOS7-175pam.d]#systemctlrestartvsftpd

（10）测试文件上传

[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):tom#用tom用户登录331Pleasespecifythepassword.Password:230Loginsuccessful.RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>cdupload#进入upload目录250Directorysuccessfullychanged.ftp>lcd/etc#进入本地的/etc目录Localdirectorynow/etcftp>putfstab#上传fstab文件local:fstabremote:fstab227EnteringPassiveMode(192,168,5,175,72,65).150Oktosenddata.226Transfercomplete.648bytessentin0.000229secs(2829.69Kbytes/sec)ftp>ls#查看是否有fstab文件227EnteringPassiveMode(192,168,5,175,187,100).150Herecomesthedirectorylisting.-rw-------110011001648Jun1103:50fstab#上传成功226DirectorysendOK.ftp>exit221Goodbye.[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):jerry#用jerry用户登录331Pleasespecifythepassword.Password:230Loginsuccessful.RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>cdupload#进入upload目录250Directorysuccessfullychanged.ftp>lcd/etc#进入本地的/etc/目录Localdirectorynow/etcftp>putissue#上传issue文件local:issueremote:issue227EnteringPassiveMode(192,168,5,175,95,111).150Oktosenddata.226Transfercomplete.23bytessentin0.000659secs(34.90Kbytes/sec)ftp>ls227EnteringPassiveMode(192,168,5,175,177,97).150Herecomesthedirectorylisting.-rw-------110011001648Jun1103:50fstab-rw-------11001100123Jun1103:52issue#上传issue文件成功226DirectorysendOK.

（11）配置用户拥有不同的权限，一个可以上传，一个不可以上传

[root@CentOS7-175pam.d]#cd/etc/vsftpd[root@CentOS7-175vsftpd]#mkdirvusers.conf.d[root@CentOS7-175pam.d]#cdvusers.conf.d[root@CentOS7-175vusers.conf.d]#vimtomanon_upload_enable=YES#tom用户可以上传[root@CentOS7-175vusers.conf.d]#vimjerryanon_upload_enable=NO#jerry用户不上传[root@CentOS7-175vsftpd]#vim/etc/vsftpd/vsftpd.confuser_config_dir=/etc/vsftpd/vusers.conf.d[root@CentOS7-175vsftpd]#systemctlrestartvsftpd.service

（12）验证tom用户和jerry用户

[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):tom331Pleasespecifythepassword.Password:230Loginsuccessful.RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>ls227EnteringPassiveMode(192,168,5,175,205,162).150Herecomesthedirectorylisting.drwxr-xr-x2006Jun1103:34pubdrwxr-xr-x21001030Jun1103:52upload226DirectorysendOK.ftp>cdupload250Directorysuccessfullychanged.ftp>lcd/etcLocaldirectorynow/etcftp>putgrub2.cfglocal:grub2.cfgremote:grub2.cfg227EnteringPassiveMode(192,168,5,175,211,51).150Oktosenddata.#tom用户上传成功226Transfercomplete.4213bytessentin0.0815secs(51.69Kbytes/sec)ftp>ls227EnteringPassiveMode(192,168,5,175,111,189).150Herecomesthedirectorylisting.-rw-------110011001648Jun1103:50fstab-rw-------1100110014213Jun1104:04grub2.cfg-rw-------11001100123Jun1103:52issue226DirectorysendOK.[root@CentOS7-171~]#ftp192.168.5.175Connectedto192.168.5.175(192.168.5.175).220(vsFTPd3.0.2)Name(192.168.5.175:root):jerry331Pleasespecifythepassword.Password:230Loginsuccessful.RemotesystemtypeisUNIX.Usingbinarymodetotransferfiles.ftp>ls227EnteringPassiveMode(192,168,5,175,31,254).150Herecomesthedirectorylisting.drwxr-xr-x2006Jun1103:34pubdrwxr-xr-x21001062Jun1104:06upload226DirectorysendOK.ftp>lcd/etcLocaldirectorynow/etcftp>cdupload250Directorysuccessfullychanged.ftp>putissuelocal:issueremote:issue227EnteringPassiveMode(192,168,5,175,87,198).550Permissiondenied.#jerry测试结果是不能上传

关于vsftpd基于pam_mysql如何做虚拟用户认证就分享到这里了，希望以上内容可以对大家有一定的帮助，可以学到更多知识。如果觉得文章不错，可以把它分享出去让更多的人看到。