系统chroot vsftpd，匿名用户可以登陆，本地用户却无法登陆

3645636

已经将vsftpd 送进系统的Chroot环境，工作良好。就是无法通过pam验证，我已经将pam相关的文件复制进chroot了，问题可以确定的是出在pam验证方面，只是不知道这些pam文件都藏在系统哪里，兄弟们帮帮忙吧！
sys:Centos5.3

cp -rp /lib/security /chroot/lib/
cp -rp /etc/pam* /chroot/

1. 匿名用户登陆
   
2. 
   
3. [root@localhost chroot]# ftp localhost
   
4. Connected to localhost.localdomain.
   
5. 220 (vsFTPd 2.3.0)
   
6. 530 Please login with USER and PASS.
   
7. 530 Please login with USER and PASS.
   
8. KERBEROS_V4 rejected as an authentication type
   
9. Name (localhost:root): anonymous
   
10. 331 Please specify the password.
    
11. Password:
    
12. 230 Login successful.
    
13. Remote system type is UNIX.
    
14. Using binary mode to transfer files.
    
15. ftp> ls
    
16. 227 Entering Passive Mode (127,0,0,1,147,252).
    
17. 150 Here comes the directory listing.
    
18. -rw-r--r--    1 0        0               0 Aug 19 23:20 pub
    
19. 226 Directory send OK.

复制代码

1. chroot里的实体用户登陆
   
2. 
   
3. [root@localhost chroot]# ftp localhost
   
4. Connected to localhost.localdomain.
   
5. 220 (vsFTPd 2.3.0)
   
6. 530 Please login with USER and PASS.
   
7. 530 Please login with USER and PASS.
   
8. KERBEROS_V4 rejected as an authentication type
   
9. Name (localhost:root): jazz
   
10. 331 Please specify the password.
    
11. Password:
    
12. 530 Login incorrect.
    
13. Login failed.

复制代码

[root@localhost chroot]# cat /chroot/var/log/vsftpd.log

Fri Aug 20 07:40:32 2010 [pid 4381] CONNECT: Client "127.0.0.1"
Fri Aug 20 07:40:37 2010 [pid 4380] [ftp] OK LOGIN: Client "127.0.0.1", anon password "?"
Fri Aug 20 07:40:49 2010 [pid 4386] CONNECT: Client "127.0.0.1"
Fri Aug 20 07:40:53 2010 [pid 4385] [jazz] FAIL LOGIN: Client "127.0.0.1"





[root@localhost /]# ls /chroot/etc/
group      hosts.allow  ld.so.conf     pam.d         passwd       shadow
host.conf  hosts.deny   localtime      pam_pkcs11    resolv.conf  vsftpd.conf
hosts      ld.so.cache  nsswitch.conf  pam_smb.conf  security


[root@localhost chroot]# chroot /chroot usr/local/sbin/vsftpd &
[1] 4330

[root@localhost chroot]# ls -l /proc/4330/root
lrwxrwxrwx 1 root root 0 08-20 07:35 /proc/4330/root -> /chroot



[root@localhost chroot]# ls -l /proc/4330/root/
总计 52
drwxr-xr-x 2 root root  4096 08-20 07:02 bin
drwxr-xr-x 2 root root  4096 08-20 05:37 dev
drwxr-xr-x 5 root root  4096 08-20 07:33 etc
drwxr-xr-x 5 root root  4096 08-19 22:52 home
drwxr-xr-x 4 root root  4096 08-20 07:11 lib
drwx------ 2 root root 16384 08-20 03:17 lost+found
drwxr-xr-x 2 root root  4096 08-20 07:21 sbin
drwxrwxrwt 2 root root  4096 08-20 06:24 tmp
drwxr-xr-x 6 root root  4096 08-20 06:53 usr
drwxr-xr-x 5 root root  4096 08-20 06:53 var


[root@localhost chroot]# ls -l /chroot
总计 52
drwxr-xr-x 2 root root  4096 08-20 07:02 bin
drwxr-xr-x 2 root root  4096 08-20 05:37 dev
drwxr-xr-x 5 root root  4096 08-20 07:33 etc
drwxr-xr-x 5 root root  4096 08-19 22:52 home
drwxr-xr-x 4 root root  4096 08-20 07:11 lib
drwx------ 2 root root 16384 08-20 03:17 lost+found
drwxr-xr-x 2 root root  4096 08-20 07:21 sbin
drwxrwxrwt 2 root root  4096 08-20 06:24 tmp
drwxr-xr-x 6 root root  4096 08-20 06:53 usr
drwxr-xr-x 5 root root  4096 08-20 06:53 var

gouxiongmao

cp RedHat/vsftpd.pam /etc/pam.d/vsftpd
[root@localhost vsftpd-2.3.2]# pwd                                    
/root/vsftpd-2.3.2
能看明白吧。。。

lydongkill

关闭SELinux

1. setsebool -P ftpd_disable_trans 1
2. service vsftpd restart