vsftpd virtual_users setup转--(vsftpd虚拟用户配置)
2013-04-23 21:25
288 查看
STEP 1: Install Required packages:
pam (installed by default)
db4 (db4 is my version and was installed by default)
vsftpd
compat-db (this is the package name on fedora which provides the binary db42_load)
Check if the 'db' package is installed
Confirm existance/location of the file /lib/security/pam_userdb.so
If there are problems logging in with a virtual ftp user, check /var/log/secure FIRST!
pam (installed by default)
db4 (db4 is my version and was installed by default)
vsftpd
compat-db (this is the package name on fedora which provides the binary db42_load)
Check if the 'db' package is installed
[root@mysystem vsftpd]# rpm -qa | grep -i dbIf the db4 package is not installed, do it:
[root@mysystem vsftpd]# yum install db4The package compat-db will give us the db42_load binary used to build the virtual username/password db file
[root@mysystem vsftpd]# yum install compat-db [root@mysystem vsftpd]# yum install vsftpdCan't find dbXX_load binary? check the locations of the files in this package
[root@mysystem vsftpd]# rpm -ql compat-dbSTEP 2: Configure PAM
Confirm existance/location of the file /lib/security/pam_userdb.so
[root@mysystem vsftpd]# rpm -ql pam | grep pam_userdb.so [root@mysystem vsftpd]# vi /etc/pam.d/vsftpd (I EDITED THE FILE TO LOOK LIKE THIS:) #%PAM-1.0 session optional pam_keyinit.so force revoke auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users #auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed #auth required pam_shells.so #auth include system-auth #account include system-auth #session include system-auth #session required pam_loginuid.so(note: I had to comment out the bottom 6 lines to get the pam_userdb authentication to succeed for ftp logins. With them not commented out, authentication of known good users failed)STEP 3: Create system user for vsftpd.conf (this is basically a dummy user, not logged into directly via FTP)
[root@mysystem vsftpd]# adduser -d /home/virtualftp/ virtualftpSTEP 4: Configure vsftpd for virtual users
[root@mysystem vsftpd]# cd /etc/vsftpd [root@mysystem vsftpd]# vi vsftpd.conf(HERE IS MY vsftpd.conf FILE MINUS DEFAULT COMMENTS:)
local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES chroot_local_user=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES # Virtual users will be logged into /home/virtualftp/[username]/ user_sub_token=$USER local_root=/home/virtualftp/$USER guest_enable=YES guest_username=virtualftp # Umask applied for virtual users and anon anon_umask=0022 # Allows uploading by virtual users anon_upload_enable=YES # Allows creation of directories by virtual users anon_mkdir_write_enable=YES # Allows deletion of files and directories by virtual users anon_other_write_enable=YESNow start up vsftpd (which is configured to run stand-alone in my config file):
[root@mysystem vsftpd]# vsftpdSTEP 5: Setup virtual FTP usernames and their passwords
[root@mysystem vsftpd]# vi /etc/vsftpd/vsftpd_users.txt (FORMAT OF THE FILE:) username1 passwordforusername1 username2 passwordforusername2 username3 passwordforusername3Now we create the DB4 formatted username/password file from the plain text vsftpd_users.txt file that will be used by pam_userdb.so:
[root@mysystem vsftpd]# rm /etc/vsftpd/vsftpd_users.db [root@mysystem vsftpd]# db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db [root@mysystem vsftpd]# chmod 600 /etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txtSTEP 6: Create directories for each virtual FTP user
[root@mysystem vsftpd]# mkdir -p /home/virtualftp/username1STEP 7: Test an FTP virtual user login
[root@mysystem vsftpd]# ftp localhost Connected to localhost. 220 (vsFTPd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (localhost:root): username1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX Using binary mode to transfer files. ftp>Troubleshooting
If there are problems logging in with a virtual ftp user, check /var/log/secure FIRST!
[root@mysystem vsftpd]# tail -f /var/log/secure Mar 2 15:07:04 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'testing' granted access Mar 2 15:07:04 mysystem vsftpd: pam_unix(vsftpd:auth): check pass; user unknown Mar 2 15:07:04 mysystem vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=testing rhost=mysystem.cluster Mar 2 15:07:04 mysystem vsftpd: pam_succeed_if(vsftpd:auth): error retrieving information about user testing Mar 2 15:08:32 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'testing' granted access Mar 2 15:11:15 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'user0123456789012345678901234' granted access Mar 2 15:12:36 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'user01234567890123456789012345' granted access Mar 2 15:13:43 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'user012345678901234567890123456' granted access Mar 2 15:14:51 mysystem vsftpd: pam_userdb(vsftpd:auth): user 'user0123456789012345678901234567' granted access在redhat as4.4 64位系统下安装vsftp时遇到的两个问题,都是因为搜寻lib的路径不对引起的引用
/lib/libpam.so.0: could not read symbols: File in wrong format collect2: ld returned 1 exit status make: *** [vsftpd] Error 1将vsftp源文件下的vsf_findlibs.sh文件中的/lib,/usr/lib全部换成了/lib64,/usr/lib64再编译即可第二个问题,登陆的时候验证错误看vsftp的log没有任何信息。在/var/log/messages中发现了一段引用
Dec 11 22:02:20 localhost vsftpd: PAM unable to dlopen(/lib/security/pam_userdb.so) Dec 11 22:02:20 localhost vsftpd: PAM [dlerror: /lib/security/pam_userdb.so: cannot open shared object file: No such file or directo ry] Dec 11 22:02:20 localhost vsftpd: PAM adding faulty module: /lib/security/pam_userdb.so验证的时候找不到pam_userdb.so这个文件将/etc/pam.d/ftp中的/lib/security/pam_userdb.so 改为/lib64/security/pam_userdb.so 即可
I found a few times, which can be seen in the real log files above, that the vsftpd_users.db file was not correctly recreated with the db42_load command over the top of an existing vsftpd_users.db file. To resolve this, I simply remove the current vsftpd_users.db file and recreate the file from scratch with the db42_load. [root@mysystem vsftpd]# strings /etc/vsftpd/vsftpd_users.db [root@mysystem vsftpd]# db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db(possibly interesting note: The /var/log/secure messages above show some testing I did on the maximum allowed username character length. At this time, glibc limits usernames to 32 characters, as can be seen above with the longest username that successfully authenticates. For such a fundamental underlying library, I'd like to see it's limit higher so it is not the limiting factor for the higher level programs that use it.)转帖http://alien2thisworld.net/sitePages/tutorials/vsftpd_virtual_users_setup.html http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch15_:_Linux_FTP_Server_Setup
相关文章推荐
- Vsftpd虚拟用户的配置
- CentOS7安装vsftpd3.0.2、以及虚拟用户配置
- Centos6.7安装配置vsftpd虚拟用户
- vsftpd类似wu-ftpd分类(Class)的配置-给不同网段的人以不同的上传权限-对虚拟用户进行访问IP限制
- vsftpd虚拟用户配置
- vsftpd配置虚拟用户访问和登陆
- vsftpd 安装与虚拟用户配置 推荐
- 烂泥:ubuntu下vsftpd虚拟用户配置
- 配置vsftpd虚拟用户
- ubuntu下vsftpd虚拟用户配置
- [FTP服务]vsftpd 安装与虚拟用户配置
- vsftpd虚拟用户上传下载等配置
- vsftpd配置虚拟用户
- Vsftpd的虚拟用户配置:PAM + PgSQL + FreeBSD-4
- CentOS6.6下vsftpd虚拟用户配置
- Linux FTP服务器-VSFTPD虚拟用户配置
- Vsftpd虚拟用户配置(Linux FTP)
- ubuntu下vsftpd的配置(虚拟用户基于MySQL验证)
- linux vsftpd 的虚拟用户配置
- 【Ubuntu使用技巧】vsftpd 虚拟用户配置(Ubuntu 10.04环境下通过)