用Mysql+vsftpd實現虛擬用戶登錄,出現了一個很詭異的錯誤

火星人 @ 2014-03-04 , reply:0
←手機掃碼閱讀

用Mysql+vsftpd實現虛擬用戶登錄,出現了一個很詭異的錯誤

虛擬賬號登錄,隨機成功,有時候能登錄,有時候不行,登錄了也不能get,put

事情大約要從兩周前說起,話說看到在網上看到很多用Mysql+vsftpd實現虛擬ftp用戶的管理的文章,身體的某個部位不自覺的痛了下,於是開始了各種糾結的……

注意以下內容可能引起您的不適,心理承受能力差者不要閱讀,18周歲以下人士需要監護人陪同閱讀,切記,切記……

下載安裝需要的軟體(XX疼的編譯安裝)
vsftpd-2.0.5-16.el5
不知道什麼作用,反正都裝上吧
mysql-connector-odbc-3.51.26r1127-1.el5
mysql-devel-5.0.77-3.el5
mod_auth_mysql-3.0.0-3.2.el5_3
mysql-server-5.0.77-3.el5
php-mysql-5.1.6-23.2.el5_3
libdbi-dbd-mysql-0.8.1a-1.2.2
mysql-bench-5.0.77-3.el5
mysql-5.0.77-3.el5
然後是
pam_mysql-0.7
平台是
虛擬機上的RHEL5

反正由於版本原因(RHEL5收費,在線源什麼的太難找),發生各種糾結后,終於開始配置了

先添加個本地賬戶,作為虛擬賬號的映射,以下是賬號的基本信息
# finger virtual
Login: virtual                          Name: (null)
Directory: /home/ftpsite                Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.


接下來開始配置PAM認證,痛苦的經歷由此開始,關於這個pam.d/vsftpd的配置,網上的配置方法是五花八門,我也是參照別的配置方法,配置如下
# cat /etc/pam.d/vsftpd
#%PAM-1.0
#session    optional     pam_keyinit.so    force revoke
#auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth       required    pam_shells.so
#auth       include     system-auth
#account    include     system-auth
#session    include     system-auth
#session    required     pam_loginuid.so
auth required pam_mysql.so user=virtual passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1
account required pam_mysql.so user=virtual passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=0 sqllog=1 logtable=logs logmsgcolumn=msg logusercolumn=user logpidcolumn=pid loghostcolumn=host logrhostcolumn=rhost logtimecolumn=logtime verbose=1


配置mysql,建立一個名為vsftpd的資料庫,含一個名為users的用戶名,以下是我以virtual賬號登錄進行測試的過程
# mysql -u virtual -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 111
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from users
    -> select * from users;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'select * from users' at line 2
mysql> Aborted            
# mysql -u virtual -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 112
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select * from users;
+----+-------+--------+
| id | name  | passwd |
+----+-------+--------+
|  1 | tom   | foo    |
|  2 | jerry | bar    |
+----+-------+--------+
2 rows in set (0.00 sec)
由此可見此賬號可以順利訪問資料庫了

最後是配置vsftpd,配置如下
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
guest_enable=YES
guest_username=virtual
listen=YES
listen_port=21
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30999
anon_world_readable_only=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
dirlist_enable=YES
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog.log
vsftpd_log_file=/var/log/vsftpd.log
dual_log_enable=YES
log_ftp_protocol=YES
user_config_dir=/etc/vsftpd/vsftpd.conf


接下來,按慣例關閉防火牆,SELINUX


然後開始測試,詭異的事情發生了,過程如下:
# ftp 192.168.1.100
Connected to 192.168.1.100.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.100:root): tom
331 Please specify the password.
Password:
230 Login successful.
421 Service not available, remote server has closed connection
明明表示成功登錄了,咋又421了呢?於開始苦逼的百度,甚至看了下老外的論壇,有說可能是家目錄的許可權的問題,於我是這樣
# ls -all
drwxr-xr-x  4 virtual virtual 4096 03-21 22:11 ftpsite

其間又測試了下
# ftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (127.0.0.1:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
421 Service not available, remote server has closed connection

真坑爹啊,登錄成不成功還是隨機的啊,這次登錄成功了,但一執行命令就又苦逼的421了

到目前就是這樣一個狀態,虛擬賬號tom可以登錄,當然是有概率的,有時能成功,有時不行,登錄上去也不能執行任何操作,我於是再一次把怨恨目光投向了防火牆,SELINUX,結果發現它們的確是關閉
我徹底無語了,死活不知道問題出在哪裡
至此,這個問題已糾結了我一周多的寶貴業餘時間

求有耐心看完此貼的路過的,飛過的,高手救小第脫離於苦海中,阿米脫佛




[火星人 via ] 用Mysql+vsftpd實現虛擬用戶登錄,出現了一個很詭異的錯誤已經有266次圍觀

http://www.coctec.com/docs/service/show-post-13159.html