8. 为VSFTPD配置虚拟用户(数据库方式）

8.1 安装MySQL数据库

        # aptitude install  mysql-server  libpam-mysql

当前MySQL数据库版本为5.0.24-1 libpam-mysql 0.6.2-1

        tonybox:/var/log# mysql -u root
        Welcome to the MySQL monitor.  Commands end with ; or \g.
        Your MySQL connection id is 7 to server version: 5.0.22-Debian_4-log

        Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

        mysql>
        mysql>
        mysql> create database vsftpd;
        Query OK, 1 row affected (0.04 sec)

        mysql> use vsftpd
        Database changed
        mysql> create table users(name char(20), passwd char(20));
        Query OK, 0 rows affected (0.02 sec)

        mysql> insert into users values('tony',password('passtony'));
        Query OK, 1 row affected (0.02 sec)

        mysql> insert into users values('etony',password('passetony'));
        Query OK, 1 row affected (0.01 sec)

        mysql> grant select, insert on vsftpd.users to vsftpduser@localhost identified by 'vsftpdpass';
        Query OK, 0 rows affected (0.02 sec)

8.2 创建用户

        tonybox:/var/log# mysql -u vsftpduser -p
        Enter password:
        Welcome to the MySQL monitor.  Commands end with ; or \g.
        Your MySQL connection id is 10 to server version: 5.0.22-Debian_4-log

        Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

        mysql> use vsftpd
        Reading table information for completion of table and column names
        You can turn off this feature to get a quicker startup with -A

        Database changed

        mysql> select * from users;
        +----+-------+------------------+
        | id | name  | passwd           |
        +----+-------+------------------+
        |  1 | tony  | 2351315b1bd1bd58           |
        |  2 | etony | 59c0cde4781fb0be |
        +----+-------+------------------+
        2 rows in set (0.00 sec)


        mysql>

8.3 配置PAM文件

修改/etc/pam.d/vsftpd 内容如下：

        auth required /lib/security/pam_mysql.so user=vsftpduser passwd=vsftpdpass host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=2

        account required /lib/security/pam_mysql.so user=vsftpduser passwd=vsftpdpass host=localhost db=vsftpd
        
        table=users usercolumn=name passwdcolumn=passwd crypt=2

crypt 的值

        0: 在数据库中明文存储
        1: 使用crypt()函数加密存储
        2: 使用MySQL PASSWORD()函数加密存储

8.4 其他配置

同 为VSFTPD配置虚拟用户（文本方式）

8.5 测试

        tonybox:~# lftp localhost -u etony,passetony
        lftp etony@localhost:~> ls
        -rw-r--r--    1 1001     1001           22 Aug 17 21:49 msg
        lftp etony@localhost:/>

注：

与mysql-server-5.0对应的libpam-mysql由于使用的PASSWORD（）函数与服务器端使用的PASSWORD()不匹配， 故无法实现密码加密，仅可实现在数据库中明文存储ftp用户密码。 mysql-server-4.1 与 libpam-mysql( 0.5.0-6)可以实现在数据库中使用加密存储ftp用户密码