Amazon Linux version 2016.03
1、先安装密码文件认证所需的lib库 libpam_pwdfile.so
我们将使用htpasswd(httpd24-tools)命令来生成用户名/密码文件作为存储虚拟用户账号的数据库,所以需要先安装lib库 libpam_pwdfile.so(https://github.com/tiwe-de/libpam-pwdfile)。
$ sudo yum install pam-devel $ wget -O libpam-pwdfile.zip https://github.com/tiwe-de/libpam-pwdfile/archive/master.zip $ unzip libpam-pwdfile.zip $ cd libpam-pwdfile-master/ $ make $ sudo cp pam_pwdfile.so /lib64/security/
2、使用htpasswd 命令创建用户名和密码
一般方法为 htpasswd -c virtual_user.passwd user1 ,然后按提示输入2次密码,这样就在文件virtual_user.passwd 中写入了用户名和密码。
$ cd /etc/vsftpd/ $ sudo htpasswd -c virtual_user.passwd user1 $ cat htpasswd.txt user1:$apr1$vc8gkvSk$s0Sm/uL.7A4mH53mlU9WZ1
但是新版的htpasswd默认使用MD5方式加密密码明文,libpam-pwdfile 不认识它生成的Apache专用的格式(前缀 $apr1$ ),需要使用openssl 来生成加密密码。
$ sudo htpasswd -b -p virtual_user.passwd user2 $(openssl passwd -1 -noverify YourPasswd) $ cat htpasswd.txt user1:$apr1$vc8gkvSk$s0Sm/uL.7A4mH53mlU9WZ1 user2:$1$d7iKL630$6Cwte2AjcRpboSYPfRXz5/
看到加密密码格式的不同了吧。
3、vsftpd 配置
1)vsftpd.conf 修改或添加以下配置项
anonymous_enable=NO local_enable=YES nopriv_user=ftp chroot_local_user=YES # ------ Virtual user settings start ------ # Virtual users will use the same privileges as local users. # It will grant write access to virtual users. Virtual users will use the # same privileges as anonymous users, which tends to be more restrictive # (especially in terms of write access).virtual_use_local_privs=YES pam_service_name=vsftpd.virtual # Activates virtual users guest_enable=YES # Automatically generate a home directory for each virtual user, based on a template. # For example, if the home directory of the real user specified via guest_username is # /home/virtual/$USER, and user_sub_token is set to $USER, then when virtual user vivek # logs in, he will end up (usually chroot()'ed) in the directory /home/virtual/vivek. # This option also takes affect if local_root contains user_sub_token. user_sub_token=$USER # Usually this is mapped to Apache virtual hosting docroot, so that # Users can upload files local_root=/home/vsftpd/$USER # Hide ids from user hide_ids=YES # ------ Virtual user settings end ------
2)创建一个 PAM文件以使其使用我们刚才创建的htpasswd文件进行认证
$ sudo vi /etc/pam.d/vsftpd.virtual #%PAM-1.0 auth required pam_pwdfile.so pwdfile /etc/vsftpd/virtual_user.passwd account required pam_permit.so
3)为虚拟用户创建家目录
$ mkdir /home/vsftpd $ mkdir /home/vsftpd/user1 $ sudo chown -R ftp.ftp /home/vsftpd # 如果是vsftpd-3.0,需要去掉用户家目录的写权限: $ sudo chmod a-w /home/vsftpd/user1
启动vsftpd 服务,试试使用虚拟用户登录,Good luck!