OS version:Red Hat Enterprise Linux Server release 6.4
Kernel version:2.6.32-358.el6.x86_64


-------------------------------------------------------------------------


准备工作:
[root@Zhai ~]# mkdir /pam_ftp
[root@Zhai ~]# groupadd pam_ftp
[root@Zhai ~]# useradd pam_test1 -G pam_ftp -d /pam_ftp
[root@Zhai ~]# useradd pam_test2 -G pam_ftp -d /pam_ftp
[root@Zhai ~]# chgrp pam_ftp /pam_ftp/
[root@Zhai ~]# cd /pam_ftp/
[root@Zhai ~]# touch successfully
[root@Zhai ~]# useradd pam_test3
[root@Zhai ~]# useradd pam_test4
[root@Zhai ~]# useradd pam_test5
[root@Zhai ~]# usermod -s /bin/csh pam_test5



验证1:
[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
#onerr: The return value when an unknown error occurred
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=fail
account    required     pam_unix.so


[root@Zhai ~]# ll /etc/vsftpd/

total 20
-rw-------  1 root root   21 Nov 29 12:30 ftpusers
-rw-------. 1 root root  361 Mar  2  2012 user_list
-rw-------. 1 root root 4599 Mar  2  2012 vsftpd.conf
-rwxr--r--. 1 root root  338 Mar  2  2012 vsftpd_conf_migrate.sh



pam_listfile.so_Linux-PAM




验证2:
[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
#onerr: The return value when an unknown error occurred
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=succeed
account    required     pam_unix.so


[root@Zhai ~]# ll /etc/vsftpd/

total 20
-rw-------  1 root root   21 Nov 29 12:30 ftpusers
-rw-------. 1 root root  361 Mar  2  2012 user_list
-rw-------. 1 root root 4599 Mar  2  2012 vsftpd.conf
-rwxr--r--. 1 root root  338 Mar  2  2012 vsftpd_conf_migrate.sh



pam_listfile.so_Linux-PAM_02




验证3:
[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
auth       required     pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers-1 onerr=fail
auth       required     pam_listfile.so item=user sense=allow file=/etc/vsftpd/ftpusers-2 onerr=fail
account    required     pam_unix.so


[root@Zhai ~]# vi /etc/vsftpd/ftpusers-1

pam_test4


[root@Zhai ~]# vi /etc/vsftpd/ftpusers-2

pam_test3
pam_ftp



pam_listfile.so_Linux-PAM_03




验证4:
[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
auth       required     pam_listfile.so item=group sense=allow file=/etc/vsftpd/ftpusers-1 onerr=fail
account    required     pam_unix.so


[root@Zhai ~]# vi /etc/vsftpd/ftpusers-1 

pam_test4
pam_ftp



pam_listfile.so_Linux-PAM_04




验证5:
[root@Zhai ~]# vi /etc/pam.d/vsftpd

#%PAM-1.0
auth       required     pam_listfile.so item=shell sense=deny file=/etc/vsftpd/shell-1 onerr=fail
auth       required     pam_listfile.so item=shell sense=allow file=/etc/vsftpd/shell-2 onerr=fail
account    required     pam_unix.so


[root@Zhai ~]# usermod -s /bin/tcsh pam_test4
[root@Zhai ~]# grep pam_test* /etc/passwd

pam_test1:x:500:501::/pam_ftp:/bin/bash
pam_test2:x:501:502::/pam_ftp:/bin/bash
pam_test3:x:502:503::/home/pam_test3:/bin/bash
pam_test4:x:503:504::/home/pam_test4:/bin/tcsh
pam_test5:x:504:505::/home/pam_test5:/bin/csh


[root@Zhai ~]# vi /etc/vsftpd/shell-1

/bin/bash
/bin/tcsh


[root@Zhai ~]# vi /etc/vsftpd/shell-2

/bin/csh



pam_listfile.so_安全_05



-------------------------------------------------------------------------



The detailed information:man pam_listfile