"/etc/pam.d/vsftpd文件配置如下：

#%PAM-1.0

auth sufficient /lib/security/pam_mysql.so user=vuser passwd=123 host=localhost db=ftpvuser table=users usercolumn=name passwdcolumn=passwd crypt=2

account sufficient /lib/security/pam_mysql.so user=vuser passwd=123 host=localhost db=ftpvuser table=users usercolumn=name passwdcolumn=passwd crypt=2

#auth     sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser

#account  sufficient /lib/security/pam_userdb.so db=/etc/vsftpd/vuser

session    optional     pam_keyinit.so    force revoke

auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

auth       required     pam_shells.so

auth       include      system-auth

account    include      system-auth

session    include      system-auth

session    required     pam_loginuid.so

/etc/vsftpd/vsftpd.conf文件配置如下：

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a denial of service

# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

# predicted this attack and has always been safe, reporting the size of the

# raw file.

# ASCII mangling is a horrible feature of the protocol.

ascii_upload_enable=YES

ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd/banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd/chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

ls_recurse_enable=YES

#

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# listens on IPv4 sockets. This directive cannot be used in conjunction

# with the listen_ipv6 directive.

listen=YES

#

# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

# sockets, you must run two copies of vsftpd whith two configuration files.

# Make sure, that one of the listen options is commented !!

#listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

download_enable=YES

guest_enable=YES

guest_username=vuser

user_config_dir=/etc/vsftpd/vuserconf

mysql创建的数据库及登录情况：

[root@server ~]# mysql -u vuser -p

Enter password:

Welcome to the MySQL monitor.  Commands end with ; or \g.

Your MySQL connection id is 24

Server version: 5.0.45 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use ftpvuser

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select * from users

-> ;

+-----------+------------------+

| name      | passwd           |

+-----------+------------------+

| qiaojiayi | 446a12100c856ce9 |

| qiaozelin | 446a12100c856ce9 |

| test      | 446a12100c856ce9 |

+-----------+------------------+

3 rows in set (0.00 sec)

ftp登录情况及错误提示如下：

[root@server ~]# ftp 125.96.214.208

Connected to 125.96.214.208.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (125.96.214.208:root): qiaojiayi

331 Please specify the password.

Password:

530 Login incorrect.

Login failed."

匿名和本地用户可以登录如下：

[root@localhost ~]# ftp 125.96.214.208

Connected to 125.96.214.208.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (125.96.214.208:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> quit

221 Goodbye.

[root@localhost ~]# ftp 125.96.214.208

Connected to 125.96.214.208.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (125.96.214.208:root): qiaoxj

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> quit

221 Goodbye.

mysql虚拟用户无法登录如下：

[root@localhost ~]# ftp 125.96.214.208

Connected to 125.96.214.208.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (125.96.214.208:root): qiaojiayi

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.

ftp> quit

221 Goodbye.

[root@localhost ~]# ftp 125.96.214.208

Connected to 125.96.214.208.

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (125.96.214.208:root): qiaozelin

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.