麒麟配置vsftp

麒麟配置vsftp

坑点1:使用pam_userdb.so,但是/var/log/secure一直提示找不到文件,无论在pam中是否添加扩展名都不行

查看pam_userdb.so使用的链接库,如果是gdbm格式显示如下:

sudo ldd /usr/lib64/security/pam_userdb.so
        linux-vdso.so.1 (0x00007fff34dba000)
        libgdbm_compat.so.4 => /usr/lib64/libgdbm_compat.so.4 (0x00007f6d68f68000)
        libcrypt.so.1 => /usr/lib64/libcrypt.so.1 (0x00007f6d68f28000)
        libpam.so.0 => /usr/lib64/libpam.so.0 (0x00007f6d68f16000)
        libc.so.6 => /usr/lib64/libc.so.6 (0x00007f6d68d69000)
        libgdbm.so.6 => /usr/lib64/libgdbm.so.6 (0x00007f6d68d59000)
        libaudit.so.1 => /usr/lib64/libaudit.so.1 (0x00007f6d68d20000)
        libdl.so.2 => /usr/lib64/libdl.so.2 (0x00007f6d68d19000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6d68f99000)
        libcap-ng.so.0 => /usr/lib64/libcap-ng.so.0 (0x00007f6d68d11000)
        libpthread.so.0 => /usr/lib64/libpthread.so.0 (0x00007f6d68cf1000

解决方法:

https://blog.csdn.net/qq_26102311/article/details/129656279

使用gdbmtool生成pag扩展名的数据库(扩展名必须是pag,不然依然识别不到)

另外:bdb格式显示如下:

ldd /usr/lib/x86_64-linux-gnu/security/pam_userdb.so
  linux-vdso.so.1 (0x00007ffe291fa000)
  libdb-5.3.so => /lib/x86_64-linux-gnu/libdb-5.3.so (0x00007f8345f5d000)
  libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f8345f23000)
  libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007f8345f11000)
  libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f8345ce8000)
  libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1 (0x00007f8345cba000)
  /lib64/ld-linux-x86-64.so.2 (0x00007f834611b000)
  libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0 (0x00007f8345cb0000)
# db_load -T -t hash -f vusers.txt vsftpd-virtual-user.db
# chmod 600 vsftpd-virtual-user.db # make it not global readable
# rm vusers.txt

PS: bdb格式密码文本(vusers.txt)是一行用户名+一行密码组成

坑点2:500 OOPS: config file not owned by correct user, or not a file

某个vsftpd的配置文件所有者不是root,且需要权限为600;这里需要注意的是所有vsftpd的配置文件都要如此,就连虚拟用户的配置文件也是如此:

user_config_dir=/ftp/virtual/config
virtual_use_local_privs=YES
# ftp01为虚拟用户
root@local:/ftp/virtual/config# cat ftp01
#虚拟用户的根目录
local_root=/ftp/virtual/ftp01

坑点3:500 Illegal PORT command.

命令:	PWD
响应:	257 "/" is the current directory
命令:	TYPE I
响应:	200 Switching to Binary mode.
命令:	PASV
响应:	550 Permission denied.
命令:	PORT 192,168,1,93,157,12
响应:	500 Illegal PORT command.
错误:	读取目录列表失败

该问题是由于服务器发现客户端使用的Ip和连接的ip不同,而且没开启被动模式。

解决方法:同时开启主被动模式

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
port_enable=YES

ps:服务器有防火墙的话要开启被动端口范围。

Comments are closed.