pam_access.so
OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64
-------------------------------------------------------------------------
准备工作:
[root@Zhai ~]# mkdir /pam_ftp
[root@Zhai ~]# groupadd pam_ftp
[root@Zhai ~]# useradd pam_test1 -G pam_ftp -d /pam_ftp
[root@Zhai ~]# useradd pam_test2 -G pam_ftp -d /pam_ftp
[root@Zhai ~]# chgrp pam_ftp /pam_ftp/
[root@Zhai ~]# cd /pam_ftp/
[root@Zhai ~]# touch successfully
[root@Zhai ~]# useradd pam_test3
[root@Zhai ~]# useradd pam_test4
[root@Zhai ~]# useradd pam_test5
[root@Zhai ~]# grep -v "^#" /etc/rsyslog.conf | sed '/^$/d'
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command) $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $IncludeConfig /etc/rsyslog.d/*.conf authpriv.* /var/log/secure
[root@Zhai ~]# service rsyslog restart
配置:
[root@Zhai ~]# cat /etc/pam.d/vsftpd
#%PAM-1.0 auth required pam_shells.so auth required pam_access.so debug accessfile=/etc/security/access.conf fieldsep=| listsep=, defgroup account required pam_unix.so
[root@Zhai ~]# grep -v "^#" /etc/security/access.conf
-|(pam_ftp),pam_test3|192.168.60.0/255.255.255.0 -|ALL EXCEPT pam_test4|ALL # default:+|ALL|ALL
[root@Zhai ~]# > /var/log/secure
验证:
[root@Zhai ~]# tail -n 30 /var/log/secure
-------------------------------------------------------------------------
The detailed information:man pam_access
The detailed information:man access.conf
转载于:https://blog.51cto.com/kingcraft/1331861