在本教程中，我们将了解如何将vsftpd服务器的用户保存到mysql中。通过mysql进行身份验证。
这对于编写应用程序管理ftp服务器非常方便。因为应用程序可以直接操作数据库完成相应的管理。

主要特点：

1. vsftp服务器可以chroot

2. 通过mysql进行身份验证

3. 虚拟用户保存在mysql中(而不是在本地系统中)

使用mysql身份验证设置vsftpd服务器的步骤

安装vsftpd和mysql server

yum install vsftpd mysql-server

安装mysql server后。
重新启动mysql服务器并为mysql用户root设置新密码。(默认情况下，root没有密码)

/etc/init.d/mysqld restart

执行下面命令，按照说明进行操作：

[root@ftpserver ~]# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, well need the current
password for the root user.  If youve just installed MySQL, and
you havent set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If youve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


[root@ftpserver ~]#

安装pam_mysql

pam_mysql是提供mysql认证的依赖项。

获取最新的epel文件：

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

安装pam_mysql

yum install pam_mysql

在mysql server中创建数据库和表。

1. 数据库名称：vsftpd

2. 表名：accounts

3. 新建mysql用户：vsftpd

4. 新mysql用户密码设置：Password1234

mysql> create database vsftpd;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT SELECT ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'Password1234';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> use vsftpd
Database changed
mysql> CREATE TABLE `accounts` (
    -> `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
    -> `username` VARCHAR( 40 ) NOT NULL ,
    -> `passwd` VARCHAR( 50 ) NOT NULL ,
    -> UNIQUE ( `username` )
    -> ) ENGINE = INNODB ;
Query OK, 0 rows affected (0.06 sec)

mysql> exit

设置vsftpd服务器

在本地系统中创建用户vsftpd。shell使用nologin 。
默认情况下，在CentOS或者redhat中，它将在/home/vsftpd中创建其主目录。
vsftpd将是users组的成员。

useradd -G users -s /sbin/nologin  vsftpd

首先备份vsftpd.conf文件。然后改写成下面内容：

[root@ftpserver ~]# cp -v /etc/vsftpd/vsftpd.conf   /etc/vsftpd/vsftpd.conf.orig.bak
`/etc/vsftpd/vsftpd.conf' -> `/etc/vsftpd/vsftpd.conf.orig.bak'
[root@ftpserver ~]#

[root@ftpserver ~]# > /etc/vsftpd/vsftpd.conf

[root@ftpserver ~]# vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=vsftpd
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
userlist_deny=yes
guest_enable=YES
guest_username=vsftpd
local_root=/home/vsftpd/$USER
user_sub_token=$USER
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
force_local_data_ssl=NO
force_local_logins_ssl=NO
pasv_enable=YES
pasv_min_port=10080
pasv_max_port=10100

设置pam_mysql

[root@ftpserver ~]# cp -p /etc/pam.d/vsftpd /etc/pam.d/vsftpd.orig

[root@ftpserver ~]# > /etc/pam.d/vsftpd

[root@ftpserver ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
session     optional     pam_keyinit.so     force revoke
auth required pam_mysql.so user=vsftpd passwd=Password1234 host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=passwd crypt=3
account required pam_mysql.so user=vsftpd passwd=Password1234 host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=passwd crypt=3

创建第一个vsftpd用户进行访问

登录mysql服务器：mysql-u root-p

连接到数据库：use vsftpd

创建用户名和密码：INSERT INTO accounts (username, passwd) VALUES('Hyman', md5('pass123'));

[root@ftpserver pam.d]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or g.
Your MySQL connection id is 3
Server version: 5.1.69 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

mysql> 
mysql> 
mysql> use vsftpd
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> INSERT INTO accounts (username, passwd) VALUES('Hyman', md5('pass123'));
Query OK, 1 row affected (0.02 sec)

mysql> show tables;
 
+------------------+
| Tables_in_vsftpd |
+------------------+
| accounts         |
+------------------+
1 row in set (0.00 sec)

mysql> select * from accounts;
+----+----------+----------------------------------+
| id | username | passwd                           |
+----+----------+----------------------------------+
|  1 | Hyman   | 5ebe2294ecd0e0f08eab7690d2a6ee69 |
+----+----------+----------------------------------+
1 row in set (0.00 sec)

mysql> exit

在/home/vsftpd中创建ftp用户主目录

刚创建的ftp用户名是Hyman，因此我们将在/etc/vsftpd中创建主目录Hyman

mkdir /home/vsftpd/Hyman
chmod 700 /home/vsftpd/Hyman
chown vsftpd:users /home/vsftpd/Hyman

重启vsftpd服务器。

/etc/init.d/vsftpd restart

额外设置 - 为特定ftp用户设置特定设置

下面我们将为不同的用户赋予不同的权限

在/etc/vsftpd中创建一个ftpusers-conf的目录。

mkdir -p /etc/vsftpd/ftpusers-conf

在/home中创建新目录:

mkdir -p /home/HR-dept/tom

更改目录的权限、所有者和组

chmod 700 /home/HR-dept/tom
chown vsftpd:users /home/HR-dept/tom

登录mysql服务器并创建一个新ftp用户tom并设置其密码

mysql -u root -p

use vsftpd;

INSERT INTO accounts (username, passwd) VALUES('tom', md5('pass123'));

exit

为tom用户创建一个配置文件

vi /etc/vsftpd/ftpusers-conf/tom

dirlist_enable=YES
download_enable=YES
local_root=/home/HR-dept/tom
write_enable=YES

重新启动vsftpd服务器

/etc/init.d/vsftpd restart

连接到ftp服务器

使用FTP客户端（比如Filezilla）连接到FTP服务器

或者通过命令行进行连接 'ftp ftp服务器ip`

分别使用Hyman和tom账号进行测试。