vsftpd 配置虚拟用户

<pre name="code" class="sql"><pre name="code" class="sql"><pre name="code" class="sql">配置虚拟用户（使用db实现）
------------------------------------------------------------------
（1）查看系统是否有相应软件包 
haproxy:/etc/haproxy# rpm -qa | grep vsftp

haproxy:/etc/haproxy# yum install vsftpd-2.2.2-13.el6_6.1.x86_64



# rpm –qa | grep db4 
db4-devel-4.2.52-7.1 
db4-4.2.52-7.1 
db4-utils-4.2.52-7.1 
（2）建立一个logins.txt的文件，单行为用户名，双行为密码，例如 
# vim /etc/vsftpd/virtual_user
ftpzjcap
1234567

haproxy:/etc/vsftpd# ls -ltr
total 24
-rwxr--r-- 1 root root  338 Oct 18  2014 vsftpd_conf_migrate.sh
-rw------- 1 root root 4599 Oct 18  2014 vsftpd.conf
-rw------- 1 root root  361 Oct 18  2014 user_list
-rw------- 1 root root  125 Oct 18  2014 ftpusers
-rw-r--r-- 1 root root   17 May 19 10:45 virtual_user


（3）建立数据库文件并设置文件属性 
# db_load -T -t hash -f /etc/vsftpd/virtual_user /etc/vsftpd/virtual_user.db
# chmod 600 /etc/vsftpd/virtual_user.db

haproxy:/etc/vsftpd# ls -ltr
total 36
-rwxr--r-- 1 root root   338 Oct 18  2014 vsftpd_conf_migrate.sh
-rw------- 1 root root  4599 Oct 18  2014 vsftpd.conf
-rw------- 1 root root   361 Oct 18  2014 user_list
-rw------- 1 root root   125 Oct 18  2014 ftpusers
-rw-r--r-- 1 root root    17 May 19 10:45 virtual_user
-rw-r--r-- 1 root root 12288 May 19 10:45 virtual_user.db
（4）建立认证文件 
# vim /etc/pam.d/vsftpd 插入如下两行 
##%PAM-1.0
#session    optional     pam_keyinit.so    force revoke
#auth       required	pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth       required	pam_shells.so
#auth       include	password-auth
#account    include	password-auth
#session    required     pam_loginuid.so
#session    include	password-auth

auth required pam_userdb.so db=/etc/vsftpd/virtual_user     ###没有db结尾     
account required pam_userdb.so db=/etc/vsftpd/virtual_user  ###没有db结尾  

（5）编写配置文件
# vim /etc/vsftpd/vsftpd.conf

haproxy:/etc/vsftpd# grep -v "^#" vsftpd.conf 
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

guest_enable=YES
user_config_dir=/etc/vsftpd/vuser_conf

6)

v-lhb-nfs01:/root# mkdir -p /etc/vsftpd/vuser_conf

v-dev-redis01:/etc/vsftpd/vuser_conf# cat ftpzjcap 
local_root=/t/deploy/zjdev/nfs/images
write_enable=YES
anon_umask=022
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES



7)报错:

500 OOPS: could not read chroot() list file:/etc/vsftpd/chroot_list

v-lhb-nfs01:/root# touch /etc/vsftpd/chroot_list

v-lhb-nfs01:/root# chmod 644 /etc/vsftpd/chroot_list 


haproxy:/etc/vsftpd/vuser_conf# ftp 192.168.32.173
Connected to 192.168.32.173 (192.168.32.173).
220 (vsFTPd 2.2.2)
Name (192.168.32.173:root): ftpzjcap
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.

报错信息如下:
haproxy:/etc/vsftpd/vuser_conf# tail -100 /var/log/secure
May 19 11:06:28 haproxy vsftpd[27543]: pam_succeed_if(vsftpd:auth): error retrieving information about user ftpzjcap
May 19 11:09:05 haproxy vsftpd[27574]: PAM unable to dlopen(/lib/security/pam_userdb.so): /lib/security/pam_userdb.so: cannot open shared object file: No such file or directory
May 19 11:09:05 haproxy vsftpd[27574]: PAM adding faulty module: /lib/security/pam_userdb.so
May 19 11:09:05 haproxy vsftpd[27574]: pam_unix(vsftpd:auth): check pass; user unknown
May 19 11:09:05 haproxy vsftpd[27574]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftpzjcap rhost=192.168.33.29 
May 19 11:09:05 haproxy vsftpd[27574]: pam_succeed_if(vsftpd:auth): error retrieving information about user ftpzjcap


没有/lib/security/pam_userdb.so文件,修改为


auth required pam_userdb.so db=/etc/vsftpd/vuser_passwd
account required pam_userdb.so db=/etc/vsftpd/vuser_passwd



 pam_userdb(vsftpd:auth): user_lookup: could not open database 




May 19 11:15:38 haproxy vsftpd[27631]: pam_unix(vsftpd:auth): check pass; user unknown
May 19 11:15:38 haproxy vsftpd[27631]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=ftpzjcap rhost=192.168.32.173 
May 19 11:15:38 haproxy vsftpd[27631]: pam_succeed_if(vsftpd:auth): error retrieving information about user ftpzjcap




May 19 11:15:38 haproxy vsftpd[27631]: pam_succeed_if(vsftpd:auth): error retrieving information about user ftpzjcap
May 19 11:18:49 haproxy vsftpd[27660]: pam_userdb(vsftpd:auth): user_lookup: could not open database `/etc/vsftpd/vuser_passwd': No such file or directory




haproxy:/etc/vsftpd# cat /etc/pam.d/vsftpd 
##%PAM-1.0
#session    optional     pam_keyinit.so    force revoke
#auth       required	pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth       required	pam_shells.so
#auth       include	password-auth
#account    include	password-auth
#session    required     pam_loginuid.so
#session    include	password-auth

auth required pam_userdb.so db=/etc/vsftpd/virtual_user         
account required pam_userdb.so db=/etc/vsftpd/virtual_user


haproxy:/etc/vsftpd# ls -ltr *db
-rw-r--r-- 1 root root 12288 May 19 10:45 virtual_user.db