CentOS nginx 集成ngx_http_auth_pam_module实现基于Linux系统账号的访问权限控制
作者:互联网
yum install -y pam-develcd ~
wget https://github.com/sto/ngx_http_auth_pam_module/archive/refs/tags/v1.5.3.tar.gz
tar -xvf v1.5.3.tar.gzcd ~
wget http://nginx.org/download/nginx-1.20.2.tar.gz
tar -xvf nginx-1.20.2.tar.gzcd ~/nginx-1.20.2
./configure --add-module=/root/ngx_http_auth_pam_module-1.5.3
make -j4
make installnginx.conf
user root;
http {
server{
location / {
auth_pam "Secure Zone";
auth_pam_service_name "nginx";
root /data;
autoindex on;
}
}
}
/etc/pam.d/nginx
auth include system-auth
account include system-auth添加系统用户
useradd -M -d /data -s /sbin/nologin yeqiang重启nginx
# /usr/local/nginx/sbin/nginx -s stop
# /usr/local/nginx/sbin/nginx 配置测试目录
# mkdir yeqiang-dir
# chown yeqiang:yeqiang^C
# echo a > yeqiang-dir/a
# chown -R yeqiang:yeqiang yeqiang-dir/
#
# useradd -M -s /sbin/nologin -d /data test
# mkdir test-dir
# echo b > test-dir/b
# chown -R test:test test-dir/
# setfacl -R -m u:yeqiang:rwx test-dir/
# chmod -R o-rwx test-dir/
# chmod -R o-rwx yeqiang-dir/
# ll
total 0
drwxrwx---+ 2 test test 15 Jan 25 16:25 test-dir
drwxr-x--- 2 yeqiang yeqiang 15 Jan 25 16:24 yeqiang-dir
目前可实现基于系统用户账号登录,但登录后文件访问控制采用的是nginx.conf指定的root用户,绕过了当前登录账号。
待续
标签:http,CentOS,auth,nginx,test,pam,dir,yeqiang 来源: https://blog.csdn.net/hknaruto/article/details/122682276