天天看点
返回

pam_listfile.so

OS version:Red Hat Enterprise Linux Server release 6.4

Kernel version:2.6.32-358.el6.x86_64

-------------------------------------------------------------------------

准备工作:

[root@Zhai ~]# mkdir /pam_ftp

[root@Zhai ~]# groupadd pam_ftp

[root@Zhai ~]# useradd pam_test1 -G pam_ftp -d /pam_ftp

[root@Zhai ~]# useradd pam_test2 -G pam_ftp -d /pam_ftp

[root@Zhai ~]# chgrp pam_ftp /pam_ftp/

[root@Zhai ~]# cd /pam_ftp/

[root@Zhai ~]# touch successfully

[root@Zhai ~]# useradd pam_test3

[root@Zhai ~]# useradd pam_test4

[root@Zhai ~]# useradd pam_test5

[root@Zhai ~]# usermod -s /bin/csh pam_test5

验证1:

[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
#onerr: The return value when an unknown error occurred
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=fail
account    required     pam_unix.so

[root@Zhai ~]# ll /etc/vsftpd/

total 20
-rw-------  1 root root   21 Nov 29 12:30 ftpusers
-rw-------. 1 root root  361 Mar  2  2012 user_list
-rw-------. 1 root root 4599 Mar  2  2012 vsftpd.conf
-rwxr--r--. 1 root root  338 Mar  2  2012 vsftpd_conf_migrate.sh
pam_listfile.so

验证2:

#%PAM-1.0
#onerr: The return value when an unknown error occurred
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=succeed
account    required     pam_unix.so      
total 20
-rw-------  1 root root   21 Nov 29 12:30 ftpusers
-rw-------. 1 root root  361 Mar  2  2012 user_list
-rw-------. 1 root root 4599 Mar  2  2012 vsftpd.conf
-rwxr--r--. 1 root root  338 Mar  2  2012 vsftpd_conf_migrate.sh
pam_listfile.so

验证3:

#%PAM-1.0
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=fail
auth       required     pam_listfile.so item=user sense=allow file=/etc/vsftpd/ftpusers-2 onerr=fail
account    required     pam_unix.so

[root@Zhai ~]# vi /etc/vsftpd/ftpusers-1

pam_test4

[root@Zhai ~]# vi /etc/vsftpd/ftpusers-2

pam_test3
pam_ftp
pam_listfile.so

验证4:

#%PAM-1.0
auth       required     pam_listfile.so item=group sense=allow file=/etc/vsftpd/ftpusers-1 onerr=fail
account    required     pam_unix.so      
pam_test4
pam_ftp
pam_listfile.so

验证5:

#%PAM-1.0
auth       required     pam_listfile.so item=shell sense=deny file=/etc/vsftpd/shell-1 onerr=fail
auth       required     pam_listfile.so item=shell sense=allow file=/etc/vsftpd/shell-2 onerr=fail
account    required     pam_unix.so

[root@Zhai ~]# usermod -s /bin/tcsh pam_test4

[root@Zhai ~]# grep pam_test* /etc/passwd

pam_test1:x:500:501::/pam_ftp:/bin/bash
pam_test2:x:501:502::/pam_ftp:/bin/bash
pam_test3:x:502:503::/home/pam_test3:/bin/bash
pam_test4:x:503:504::/home/pam_test4:/bin/tcsh
pam_test5:x:504:505::/home/pam_test5:/bin/csh

[root@Zhai ~]# vi /etc/vsftpd/shell-1

/bin/bash
/bin/tcsh

[root@Zhai ~]# vi /etc/vsftpd/shell-2

/bin/csh
pam_listfile.so

The detailed information:man pam_listfile

安全 Linux-PAM
上一篇: pam_permit.so…pam_deny.so…pam_time.so…pam_echo.so…pam_limits.so
下一篇: pam_env.so

继续阅读