In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
File sharing service
What is a file sharing service
To put it simply, files or storage block devices can be shared for everyone to use.
(1) there are three types of shared services:
1. Ftp: belongs to the application layer service and can be used across platforms (linuxunixwindows)
2. Nfs: belongs to kernel mode and cannot be cross-platform (linuxlinux)
3. Samba: cross-platform (linuxunixwindows)
(2) there are three ways to connect the storage device to the server:
1. DAS: connected disk
2. NAS: realize network file sharing (file storage mode) through nfs/cifs protocol. E-mail, web server, multimedia streaming service, file sharing and so on are suitable for NAS storage architecture.
3. SAN: use ISCSI and FCSAN to connect physical storage devices through network cable or optical fiber (block storage is lower, which needs to be formatted and mounted when the local disk is used) database-related applications are suitable for SAN storage architecture.
(3) attached:
1. Nfs (Network File System, Network File system) protocol realizes the file encapsulation and sharing transmission of Linux.
2. Cifs (common internet File System, Public Internet File system) protocol realizes the sharing and identification of windows and linux. For example, samba is based on cifs (smb) protocol.
II. FTP
1. FTP is the abbreviation of File Transfer Protocol file transfer protocol, an application layer communication protocol that transfers files based on network.
2. FTP can transfer files through the network, because it works in the application layer, so it will not be limited by the platform.
3. The working mode of FTP
(1) the data transmission of FTP is divided into command data and file data. Command transmission is the command to be executed by the client. After receiving it, the server returns the execution result to the client, such as the execution result of the ls command. File transfer is the data that the client wants to transfer, and the server connects with the client to transfer the data.
(2) there are three steps for the server of FTP to establish a connection with the client, to establish a connection, to transmit data, and to disconnect.
(3) FTP transmits data based on tcp protocol, using port 21 to establish authentication channel and port 20 to establish data channel.
(4) FTP is transmitted in clear text.
(5) FTP users can be divided into entity users (real user), anonymous users (anonymous user) and visiting users (guest user).
Active mode and passive mode
Because in the current network architecture, there will be firewalls to prevent ports from being actively connected with high-level ports, especially port 20 is prohibited from connecting actively, because port 20 is a data port of FTP, so in order to solve the firewall problem of the client or server, FTP has both active and passive modes, and actively connects the outside side through one end of the wall, so that it will not be blocked by the firewall.
Active mode: generally used when there is a firewall on the server, the client cannot actively connect to the 20 data port of the server, and the server needs to actively connect to the high data port of the client.
1. After the TCP communication channel is established at both ends, the client will send a port request to authenticate the connection with port 21 of the server and send a high-order port number open to establish a data connection. two。 After receiving it, the server will send ACK response request 3. 0 through port 20. The server will establish a data connection channel with the high port sent by the client through port 20.
Passive mode: generally used in the case where the client has a firewall, the server cannot reach the high port of the client because of the client firewall after receiving the connection request, so the client needs to actively connect to the data transmission port of the server.
1. After the two sides establish the TCP communication channel connection, the client will send the PASV request to the server. two。 After receiving the PASV port, the server will open a high port as a data transmission port to respond to the client waiting for the client to connect. 3. After receiving the response, the client will connect to the response port to establish a data connection channel.
We can see that in the above two ways of working, one side of the wall sends out the connection and allows the other end to connect the designated port. One side of the wall is similar to the owner of a house, while the other side is the guest. Guests need to get the consent of the host to visit and "open the door" for you before you can enter the room.
Third, response code
1XX: information class
2XX: success class information
3XX: hint that content classes need to be further completed
4XX: client error
5XX: server side error
IV. User authentication
1. Virtual user: only used to access resources in a specific service
Nsswitch:network server switch, name resolution framework
Configuration file: / etc/nsswitch.conf
Module: / lib64/libnss*,/usr/lib64/libnss*
Pam:pluggable authentication module, user authentication framework
Configuration file: / etc/pam.conf,/etc/pam.d/*
Module: / lib64/security/
The above two frameworks are built-in frameworks of linux. Through library calls, you are free to choose whether to implement based on system account, non-system account or database account without full compilation and waste of resources.
2. System users: resolve user name resolution through nsswitch service, and authenticate system users through pam (/ etc/passwd,/etc/shadow)
3. Anonymous user: map to a system user ftp, and set permissions for ftp users.
4. Virtual user: mapped to a user of the system, whose account password is stored in non-/ etc/passwd,/etc/shadow
Note: although anonymous users or virtual users have nothing to do with system users, they still need to be mapped to system users to access system files with the privileges of system users (for example, FTP system users, httpd system users) to obtain file permissions on the system after login.
5. VSFTPD
VSFTPD is an implementation of network data exchange based on ftp protocol and is an open source solution.
Through configuration, VSFTPD can set up ftp server and complete the function of data transmission based on network.
1 、 Vsftpd basic service build [root@lab01 ~] # cat / etc/redhat-release CentOS release 6.7 (Final) [root@lab01 ~] # yum-y install vsftpd # install vsftpd [root @ lab01 ~] # rpm-ql vsftpd # View the files generated by the installation / etc/logrotate.d/vsftpd/etc/pam.d/vsftpd # pam authentication file / etc/rc.d/init.d/vsftpd # service launch into Program / etc/vsftpd/etc/vsftpd/ftpusers # limit login file / etc/vsftpd/user_list/etc/vsftpd/vsftpd.conf # vsftp main configuration file / etc/vsftpd/vsftpd_conf_migrate.sh/usr/sbin/vsftpd # program file. / var/ftp # FTP home directory / var/ftp/pub 2, Vsftpd configuration file details # configuration of anonymous users: anonymous_enable=YES # launch anonymous users anon_upload_enable=YES # whether anonymous users are allowed to upload files anon_mkdir_write_enable=YES # whether anonymous users are allowed to create directories configuration of anon_ohter_write_enable=YES# system users: local_enable=YES # enable local user write_enable=YES# Allow users to write to local_umask=022 # umask of uploaded files That is, the permission of the uploaded file # defines whether to access the log xferlog_enable=YES # whether to launch the xferlog log xferlog_file=/var/log/xferlog # defines the location of the xferlog log file xferlog_std_format=YES # whether to use the standard xferlog mode # imprison all ftp local users in their home directories: chroot_local_user=YES# imprisons the ftp local users specified in the file in their home In the directory: chroot_list_enable=YES # sets whether to enable partial users to lock up the home directory chroot_list_file=/etc/vsftpd/chroot_list (add system users in this file) # Virtual user mapping system user guest_enable=YES whether to enable guest accounts (default is not) guest_username=vuser maps guest accounts to which system users (default is not) # through pam User authentication pam_service_name=vsftpd (defined in / etc/pam.d/vsftpd) pam_service_name=vsftpd.mysql\\ pam authentication file # defines the welcome word ftpd_banner=Welcome to blah FTP service. \\ set the welcome word to log in to ftp # other options connect_from_port_20=YES # set the actively connected data transfer port chown_uploads=YES # change the owner of the file [YES | NO] chown_username=whoever # if the owner of the uploaded file is enabled. Then define which owner idle_session_timeout=600\\ sets the session timeout data_connection_timeout=120\\ set the data transfer timeout nopriv_user=ftpsecure\\ to run vsftpd requires an unprivileged system user The default is nobody async_abor_enable=YES\\ set whether to allow the execution of special ftp commands async ABOR ascii_upload_enable=YES\\ set whether to upload files using ascii codes [YES | NO] ascii_download_enable=YES\\ set whether to download files using ascii codes [YES | NO] deny_email_enable=YES\\ set whether to prohibit anonymous users from using certain email addresses banned_email_file=/ Etc/vsftpd/banned_emails\\ email address file ls_recurse_enable=YES\\ whether to allow recursion [YES | NO] listen=YES\\ set whether vsftpd is listening listen_ipv6=YES\\ enable ipv6 address snooping user_config_dir=/etc/vsftpd/vuser_config\\ set anonymous user's permission configuration file location (not available by default) userlist_enable=YES\\ this option When both userlit_deny and the following option are YES / etc/vsftpd/user_list is blacklisted, userlist_deny=YES\\ if userlist _ enable is YES Userlist_deny=NO, this file is whitelisted tcp_wrappers=YES\\ supports tcp_wrappers access restrictions (/ etc/ {hosts.allow Hosts.deny} max_clients=1024\\ limit the maximum number of concurrent connections (without this option by default) max_per_ip=1024\\ limit the number of simultaneous requests per ip (without this option by default) anon_max_rate=1024\\ limit the transfer rate of anonymous users (without this option by default) local_max_rate=1024\\ limit the transfer rate of local users (there is no option by default) # Anonymous user (mapped to ftp user) shared resource location: / var/ftp # location of resources accessed by system users through ftp: user's own home directory # location of resources accessed by virtual users through ftp: home directory of system users mapped to virtual users
VI. The implementation process of vsftpd+mysql+pam
1. Install the database and pam_mysql plug-in [root@lab01 ~] # yum-y install mysql-server pam_mysql2, create a database for vsftpd, create tables and users mysql > CREATE DATABASE vsftpd; # create database mysql > use vsftpd # enter the database mysql > create table users (# create Table-> id int AUTO_INCREMENT NOT NULL,-> name char (20) binary NOT NULL,-> password char (48) binary NOT NULL,-> primary key (id)->); mysql > INSERT INTO users (name,password) values ('bjwf',password (' 123456')); mysql > INSERT INTO users (name,password) values ('zhangsan',password (' bjwf.com')) Mysql > GRANT ALL ON vsftpd.* TO vsftpd@'%' IDENTIFIED BY 'bjwf.com'; # user authorization mysql > FLUSH PRIVILEGES # Refresh authorization 3. View pam module And create the authentication file [root@lab01 ~] # rpm-ql pam_mysql/lib64/security/pam_mysql.so # pam module to generate the shared library needed for authentication [root@lab01 ~] # vim / etc/pam.d/vsftpd.mysqlauth required / lib64/security/pam_mysql.so user=vsftpd passwd=bjwf.com host=192.168.130.251 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required / lib64/security/pam_mysql.so user=vsftpd passwd=bjwf.com host=192.168.130.251 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=24, Create a mapping user for virtual users [root@lab01 ~] # useradd-s / sbin/nologin-d / var/ftproot vuser [root@lab01 ~] # chmod go+rx / var/ftproot5, edit the configuration file Launch the following options [root@lab01 ~] # vim / etc/vsftpd/vsftpd.conf anonymous_enable=NO local_enable=YES write_enable=YES anon_upload_enable=NO anon_mkdir_write_enable=NO chroot_local_user=YES pam_service_name=vsftpd.mysql guest_enable=YES guest_username=vuser6, Provide individual users with a configuration file [root@lab01 ~] # vim / etc/vsftpd/vsftpd.conf user_config_dir=/etc/vsftpd/vuser_ config[ root @ lab01 ~] # mkdir / etc/vsftpd/vuser_ config[ root @ lab01 ~] # cd / etc/vsftpd/vuser_ config[ root @ lab01 vuser_config] # cat bjwfanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable= YES [root @ lab01 vuser_config] # cat zhangsananon_upload_enable=YESanon_mkdir_write_enable=NOanon_other_write_enable=NO7, Restart service verification permissions [root@lab01 ~] # service vsftpd restartShutting down vsftpd: [OK] Starting vsftpd for vsftpd: [OK] [root@lab01 ~] # netstat-tnlp | grep 21tcp 00 0.0.0.0OK 21 0.0.0.0 LISTEN 1850/vsftpd [root@lab01 ~] # cp install.log / var/ftproot/# switch another machine test [root@node1 tmp] # lftp-u bjwf 192.168.130.251 # use readable, Writable account Password: lftp bjwf@192.168.130.251:~ > ls # View file-rw-r--r-- 100 9545 Jul 01 09:16 install.loglftp bjwf@192.168.130.251:/ > lcd / etc/ # switch to the local directory lcd ok Local cwd=/etclftp bjwf@192.168.130.251:/ > put fstab # upload files 541 bytes transferredlftp bjwf@192.168.130.251:/ > ls-rw- 1 500 500 541 Jul 01 09:20 fstab-rw-r--r-- 1 00 9545 Jul 01 09:16 install.loglftp bjwf@192.168.130.251:/ > put passwd # upload files 1228 Bytes transferredlftp bjwf@192.168.130.251:/ > ls-rw- 1 500 500 541 Jul 01 09:20 fstab-rw-r--r-- 1 00 9545 Jul 01 09:16 install.log-rw- 1 500 1228 Jul 01 09:21 passwdlftp bjwf@192.168.130.251:/ > mkdir # create directory mkdir ok `' createdlftp bjwf@192.168.130.251:/ > rm install.log # Delete the file rm ok `install.log' removedlftp bjwf@192.168.130.251:/ > ls-rw- 1 500 500 541 Jul 01 09:20 fstabdrwx- 2 500 4096 Jul 01 09:21 -rw- 1 500 1228 Jul 01 09:21 passwd [root@node1 tmp] # lftp-u zhangsan 192.168.130.251 # switch another One user Password: lftp zhangsan@192.168.130.251:~ > ls-rw- 1 500 500 541 Jul 01 09:20 fstabdrwx- 2 500 4096 Jul 01 09:21 -rw- 1 500 1228 Jul 01 09:21 passwdlftp zhangsan@192.168.130.251:/ > lcd / etclcd ok Local cwd=/etclftp zhangsan@192.168.130.251:/ > put issue # uploaded successfully 23 bytes transferredlftp zhangsan@192.168.130.251:/ > ls-rw- 1 500 500 541 Jul 01 09:20 fstabdrwx- 2 500 4096 Jul 01 09:21 -rw- 1 500 23 Jul 01 09:23 Issue-rw- 1500500 1228 Jul 01 09:21 passwdlftp zhangsan@192.168.130.251:/ > rm issuerm: Access failed: 550Permission denied. (issue) # cannot delete lftp zhangsan@192.168.130.251:/ > mkdir datamkdir: Access failed: 550Permission denied. (data) # cannot create a directory lftp zhangsan@192.168.130.251:/ > ls-rw- 1 500 500 541 Jul 01 09:20 fstabdrwx- 2 500 4096 Jul 01 09:21 -rw- 1 500 23 Jul 01 09:23 issue-rw- 1 500 1228 Jul 01 09:21 passw# FAQ: 1. Ftp cannot log in Please check your folder permissions and check whether the properties in the main configuration file are turned on, such as anonymous_enable,local_enable, etc. 2. Unable to change directories or individual users cannot log in, please check whether the configuration in the chroot_list,ftpusers,user_list file or the main configuration file is correct. 3. The mysql storage cannot be logged in. Please check the log file / var/log/secure,/var/log/message,/var/log/xferlog, make sure that the authentication file is not miswritten, and carefully check the configuration file and directory and the permissions of the mapped entity users. 4. If you encounter a password error, check whether the password file, such as the field length type in the mysql table, is correct, and whether the database user can log in and access the database user table remotely. 5. It is recommended not to compile and install pam_mysql module 6. When it does not work properly, please check whether the port is open, or check whether the firewall and selinux are configured correctly.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
SELECTSUBSTRING (REPLACE (do,'B',''),'.','0'),'_','1'),'-','1'), 1pjm32), B.idPerceB.d
© 2024 shulou.com SLNews company. All rights reserved.