| |
First, NFS
1, NFS Introduction
NFS full name is network file system Network File System nfs network bandwidth-dependent support
NFS allows a system to share directories and files with others on the network. By using NFS users and programs can access the same file as the local file on the remote system.
If there are three machines A, B, C they need to visit the same catalog Contents Photo is the traditional approach is to put these pictures were A, B, C. But the use of NFS only need to put on A and then A share to B And C can be. B and C visit is the way through the network to visit the A on the list.
2, installation, configuration NFS services
Need to install two packages (nfs-utils and rpcbind)
# Yum install-y nfs-utils also installs the dependency package rpcbind
Vim / etc / exports on the machine that provides nfs services Enter the following
/ Home / 192.168.20.0/24(rw,sync,all_squash,anonuid=501,anongid=501)
It is divided into three parts
/ Home / The first part is the local to share out of the directory
192.168.20.0/24 The second part is to allow access to the host can be an IP can also be an IP segment
(Rw, sync, all_squash, anonuid = 501, anongid = 501) The third part is inside the brackets for some permissions options. Permissions for the read-write synchronization limit all users and limited uid and gid are 501501 account must exist.
Start nfs service first start rpcbind then start nfs boot sequence error will lead to the back of the error
/etc/init.d/rpcbind start
/etc/init.d/nfs start
3, NFS configuration of some options that
Rw readable and writable
Ro Read only
Sync The data in the synchronous mode memory is always written to disk
Async does not synchronize the data in memory on a regular basis to disk
No_root_squash squash means squeeze to suppress the literal meaning does not suppress the root permissions with this option, the root user will have a shared directory with the highest permissions control is the same as the machine's directory operation. Unsafe is not recommended
Root_squash and the above options correspond to the root user permissions on the shared directory is not high The only ordinary user permissions that limit the root
All_squash Regardless of who the user is using NFS his identity will be limited to a designated ordinary user identity
Anonuid / anongid Used with root_squash and all_squash to specify a user-qualified uid and gid for use with NFS provided that the uid and gid are present in the / etc / passwd of the machine.
4, the client mount NFS
Client machines also need to install the nfs package # yum install-y nfs-utils
At the same time need to check iptables emptied iptables
Close the selinux firewall
To see what the server-side shared directory # Showmount-e 192.168.20.30nfs server ip address
Error with client using showmount -e RPC program is not registered
[Root @ yong ~] # showmount -e 192.168.20.30
Clnt_create: RPC: Program not registered
The reason is wrong rpcbind service and NFS service does not start the order to stop the service first restart the rpcbind service and then start the nfs service
[Root @ localhost ~] # /etc/init.d/nfs stop
[Root @ localhost ~] # /etc/init.d/rpcbind stop
After the restart, the display is correct
[Root @ localhost ~] # /etc/init.d/rpcbind start
[Root @ localhost ~] # /etc/init.d/nfs start
[Root @ yong ~] # showmount -e 192.168.20.30
Export list for 192.168.20.30:
/ Home 192.168.20.0/24
On the client, mount the nfs command on the server
Mount -t nfs -o nolock, nfsvers = 3 192.168.20.30:/home/ / mnt /
// If you do not add -onolock, nfsvers = 3 in the mount directory of the file owner and group are nobody If you specify nfsvers = 3 show root
-o nolock does not lock Specifies that nfsvers version 3 is 4 by default
Df-h to see the loading situation
Experimental test nfs
The server-side shared / home directory allows machine access on the 192.168.20.0 network segment to specify that the nfs user's identity is 501
[Root @ localhost home] # cat / etc / exports
/ Home / 192.168.20.0/24(rw,sync,all_squash,anonuid=501,anongid=501)
[Root @ localhost /] # ls -ld home /
Drwxr-xr-x. 8 root root 4096 5 月 22 11:33 home /
[Root @ localhost home] # ls -ld
Rwxr-xr-x 2 root root 4096 5 月 15 15:54 logs
Drwx ------ 3 mysql mysql 4096 May 11 14:47 mysql
Drwx ------. 4 php-fpm php-fpm 4096 May 13 14:24 php-fpm
Drwx ------ 2 test test 4096 May 22 11:40 test
[Root @ localhost home] # mkdir 111
[Root @ localhost home] # chmod 777 111
The client machine to create a new folder nfs mount nfs server's / home directory to the nfs directory after mounting df-h to view the mounted nfs
12345678910 [root @ yong ~] # mkdir nfs
[Root @ yong ~] # mount-t nfs 192.168.20.30:/home/ / root / nfs /
[Root @ yong ~] # df -h
Filesystem Size Used Avail Use% Mounted on
/ Dev / mapper / VolGroup-lv_root
19G 2.9G 15G 17% /
Tmpfs 250M 0 250M 0% / dev / shm
/ Dev / sda1 477M 46M 407M 11% / boot
/ Dev / sdb2 6.0G 93M 5.6G 2% / data
192.168.20.30:/home/ 18G 2.1G 15G 13% / root / nfs
Ls-l list of shared files to the main group, the group all nobody nfs directory in the new directory or file prompt permission denied
[Root @ yong nfs] # ls -l
Drwxr-xr-x 2 nobody nobody 4096 May 15 15:54 logs
Drwx ------ 3 nobody nobody 4096 May 11 14:47 mysql
Drwx ------ 4 nobody nobody 4096 May 13 14:24 php-fpm
Drwx ------ 2 nobody nobody 4096 May 22 11:40 test
[Root @ yong nfs] # mkdir abc
Mkdir: can not create directory `abc ': Permission denied
[Root @ yong nfs] # touch 1.txt
Touch: can not touch `1.txt ': Permission denied
Server / home directory New 111 directory and set the permissions for the 777 client to enter the 111 directory you can create a directory or file to create the file belongs to the main group are nobodoy
12 [root @ yong 111] # ls -l
-rw-r - r-- 1 nobody nobody 0 May 22 13:40 1.txt
Unmounting re-mount Add parameters -o nolock, nfsvers = 3 show the owner of the main root into 111 directory the creation of a new file belongs to the main group, the permissions for the 501 501 because the client has the corresponding account for user1 so here account For user1
[Root @ yong ~] # umount / root / nfs /
[Root @ yong ~] # mount-t nfs -o nolock, nfsvers = 3 192.168.20.30:/home/ / root / nfs /
[Root @ yong nfs] # ls -l
Drwxrwxrwx 2 root root 4096 May 22 14:18 111
Drwxr-xr-x 2 root root 4096 May 15 15:54 logs
Drwx ------ 3 500 testgroup 4096 May 11 14:47 mysql
Drwx ------ 4 user1 user1 4096 May 13 14:24 php-fpm
Drwx ------ 2 php-fpm php-fpm 4096 May 22 11:40 test
[Root @ yong nfs] # cd 111
[Root @ yong 111] # touch 2.txt
[Root @ yong 111] # ls -l
-rw-r - r-- 1 user1 user1 0 May 22 2015 2.txt
[Root @ yong 111] # id -u user1
501
5, exportfs command to use
-a all mount or uninstall
-r Remount
-u Uninstall a directory
-v Displays the shared directory
/ Home / 192.168.20.0/24 (rw, rsync, no_root_squash) does not restrict the root user to re-create the user's home group belong to the root
You can change the permissions to delete the file.
Change the / etc / exports configuration file without restarting the nfs service Execute the command #exportfs -arv Make the / etc / exports configuration file effective
We can also mount the nfs directory to write to the client on the / etc / fstab file 192.168.20.10:/tmp/ / test nfs nolock 0 0 then mount-a
Experiment to test server-side changes nfs configuration does not suppress the root permissions
1234 [root @ localhost home] # cat / etc / exports
/ Home / 192.168.20.0/24(rw,sync,no_root_squash)
[Root @ localhost home] # exportfs -arv
Exporting 192.168.20.0/24:/home
Client mount nfs nfsvers version does not specify the account or nobody but can directly create the file has been root 权限
[Root @ yong ~] # mount-t nfs 192.168.20.30:/home/ / root / nfs /
[Root @ yong ~] # cd nfs /
[Root @ yong nfs] # touch 1.txt
[Root @ yong nfs] # ls -l
Drwxrwxrwx 2 nobody nobody 4096 May 22 14:25 111
-rw-r - r-- 1 nobody nobody 0 May 22 2015 1.txt
Unmount nfs re-specify the parameters after the mount mount the account is displayed as root
1234567 [root @ yong ~] # umount / root / nfs /
[Root @ yong ~] # mount-t nfs -o nolock, nfsvers = 3 192.168.20.30:/home/ / root / nfs /
[Root @ yong ~] # cd nfs /
[Root @ yong nfs] # touch 1.txt
[Root @ yong nfs] # ls -l
Drwxrwxrwx 2 root root 4096 May 22 14:25 111
-rw-r - r-- 1 root root 0 May 22 2015 1.txt
Second, ftp
1, what is ftp
FTP is the File Transfer Protocol file transfer protocol in English abbreviation and the Chinese referred to as "cultural agreement" for the Internet on the two-way control file transfer.
FTP's main role is to allow users to connect to a remote computer These computers run the FTP server program to view the remote computer which files and then copy the files from the remote computer to the local computer or the local computer file to the remote computer.
In CentOS or RedHat Linux comes with ftp software called vsftpd.
2, the use of pure-ftpd build FTP services
Pure-ftpd official website http://www.pureftpd.org/project/pure-ftpd
Pure-ftpd is a server-side tool
Install the epel extension source and install the pure-ftpd package
#yum install -y epel-release
#yum install -y pure-ftpd
Yum list You can view the source of the package
123 [root @ pma ~] # yum list | grep pure-ftpd
Pure-ftpd.i686 1.0.30-1.el6 epel
Pure-ftpd-selinux.i686 1.0.30-1.el6 epel
Pure-ftpd Configures the template reference
Cat /etc/pure-ftpd/pure-ftpd.conf
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous yes
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
PureDB /etc/pure-ftpd/pureftpd.pdb
LimitRecursion 3136 8
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133: 022
MinUID 10
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload no
CustomerProof yes
Generate random string User name length 5 No special characters No numbers No uppercase letters Password No special characters and then redirect to a file
If no mkpasswd command needs to install expect package # yum install-y expect
User = `mkpasswd -l 5 -s 0 -d 0 -C 0`
Pass = `mkpasswd -s 0`
Echo $ user $ pass> /tmp/ftp.pass
12 [root @ localhost ~] # cat /tmp/ftp.pass
Zwdlc EEoz14swg
Create the ftp service directory for sharing
#mkdir / data / ftp
#echo -e "$ pass \ n $ pass" | pure-pw useradd $ user -u test -d / data / ftp /
Pure-pw Creates a user
-u test Mapping a user system must exist in the user. Use the created random user to map to users in the system
Pure-pw mkdb # Create a password file to save the user and password to a binary file. Path in the path specified by PureDB in the /etc/pure-ftpd/pure-ftpd.conf configuration file
[Root @ localhost ~] # ls -l /etc/pure-ftpd/pureftpd.pdb
-rw ------- 1 root root 2141 5 月 22 15:24 /etc/pure-ftpd/pureftpd.pdb
Pure-pw list # List users
[Root @ localhost ~] # pure-pw list
Zwdlc /data/ftp/./
Pure-pw userdel $ user # Delete the account
/etc/init.d/pure-ftpd start # Start the service listening port as 21
Ftp client needs to install lftp package # yum install-y lftp
Enter the command #lftp username @ ftp server ip address
User name for the server to create a random user name ftp server ip address enter the password on the login ftp server
Put the file upload to the ftp server
The get file is downloaded to the local client directory
[Root @ yong nfs] # lftp zwdlc@192.168.20.30
Password:
Lftp zwdlc@192.168.20.30: /> get nginx-1.6.2.tar.gz
804164 bytes transferred
2, vsftp configuration ftp services
Server-side installation yum install-y vsftpd db4-utils
The establishment of a virtual account associated with the system account useradd virftp-s / sbin / nologin
Create a virtual account related files vim / etc / vsftpd / vsftpd_login / / content as follows
Test1
123456
Test2
Abcdef
Chmod 600 / etc / vsftpd / vsftpd_login
Generate the corresponding library file db_load -T -t hash -f / etc / vsftpd / vsftpd_login / etc / vsftpd / vsftpd_login.db
The db_load command converts a user text information file into a db database and uses hash encryption.
The -T option allows an application to load a text file into the database. Since we then store the virtual user's information in a file as a file, this option must be used in order for Vsftpd to be able to load user data via text.
Specify the option -T then append the sub-option -t; sub-option -t appends the database type used to specify the translations to load after the -T option.
Hash is the use of hash code encryption.
The -f argument is followed by a text file containing the user name and password. The contents of the file are: odd-line user name, even-line password
If you change the password change file, you need to restart db_load and restart the ftp service to take effect
The establishment of virtual account-related directories and configuration files mkdir / etc / vsftpd / vsftpd_user_conf
Cd / etc / vsftpd / vsftpd_user_conf Create a configuration file corresponding to the user
Vim test1 reads as follows
Local_root = / home / virftp / test1
Anonymous_enable = NO
Write_enable = YES
Local_umask = 022
Anon_upload_enable = NO
Anon_mkdir_write_enable = NO
Idle_session_timeout = 600
Data_connection_timeout = 120
Max_clients = 10
Max_per_ip = 5
Local_max_rate = 50000
Mkdir / home / virftp / test1
Modify the permissions chown -R virftp: virftp / home / virftp
Vim /etc/pam.d/vsftpd The user-authenticated configuration file adds two lines at the beginning
Auth sufficient /lib/security/pam_userdb.so db = / etc / vsftpd / vsftpd_login / / If it is a 64-bit system is /lib64/security/pam_userdb.so
Account sufficient /lib/security/pam_userdb.so db = / etc / vsftpd / vsftpd_login / / If it is a 64-bit system is /lib64/security/pam_userdb.so
Then modify the vsftpd master configuration file
Vim /etc/vsftpd/vsftpd.conf
Anonymous_enable = YES Change to anonymous_enable = NO Anonymous users
# Anon_upload_enable = YES Change to anon_upload_enable = NO Anonymous upload is disabled
# Anon_mkdir_write_enable = YES to anon_mkdir_write_enable = NO Anonymous Create Directory Disable
Increase again
Chroot_local_user = YES
Guest_enable = YES
Guest_username = virftp
Virtual_use_local_privs = YES
User_config_dir = / etc / vsftpd / vsftpd_user_conf
Start the vsftpd service /etc/init.d/vsftpd start
Start vsftp service error vsftp.conf main configuration file guest_enable this line error variable value. Find the reason is because the end of this line there are spaces at the end of all the configuration files can not have spaces to delete the space after the normal start service
[Root @ localhost vsftpd_user_conf] # /etc/init.d/vsftpd start
Boot vsftpd500 for vsftpd OOPS: bad bool value in config file for: guest_enable
Client-side validation
Ftp client needs to install lftp package yum install-y lftp
Login command lftp test1 @ ftp ip address of the server
Client access ftp server Intentionally wrong password Even can log on but the implementation of ls on the failure to log on Login with the correct password Use ls normal
[Root @ localhost ~] # lftp
Test1@192.168.22.30
Password:
Lftp test1@192.168.22.30: ~> ls
Ls: Login failed: 530 Login incorrect.
Lftp test1@192.168.22.30: ~> exit
[Root @ localhost ~] # lftp test1@192.168.22.30
Password:
Lftp test1@192.168.22.30: ~> ls
-rw-r - r-- 1 0 0 0 May 24 15:21 1.txt
Put upload a file ls view the file belongs to the main group 501 in the ftp server view shows virftp account corresponding uid that 501
12345678910 lftp test1@192.168.22.30: /> put 1.sql
1851 bytes transferred
Lftp test1@192.168.22.30: /> ls -l
-rw-r - r-- 1 501 501 1851 May 24 15:23 1.sql
-rw-r - r-- 1 0 0 0 May 24 15:21 1.txt
[Root @ linuxidc test1] # ls -l
-rw-r - r-- 1 virftp virftp 1851 May 24 23:23 1.sql
-rw-r-r-- 1 root root 0 月 24 23:21 1.txt
[Root @ linuxidc ~] # tail -1 / etc / passwd
Virftp: x: 501: 501 :: / home / virftp: / sbin / nologin |
|
|
|