Shulou(Shulou.com)06/01 Report--

1. Access to the network file system

A network file system is provided by a network attached storage server to multiple hosts over the network, rather than by a block device, such as a hard disk drive.

There are two main protocols available in linux to access the network file system: NFS and CIFS. NFS (network file systemc) can be seen as a standard file system for linux and unix and other similar operating systems.

CIFS (comon internet filesystem) is a standard network file system for Microsoft Windows systems.

There are three basic steps to access a network share:

1. Identify the remote share to be accessed

two。 Determine the mount point (where the share should be mounted) and create an empty directory of the mount point

3. Mount the network file system through appropriate fame or configuration changes

Cifs network file system access:

1. Install the shared access client

Samba-client

Yum install samba-clientent-y

two。 Identify shared server shared directory

Smbclient-L / / 172.25.254.253

3. Access Shar

Command access)

Smbclient / / 172.25.254.253/westos

Mount access)

Mount / / 172.25.254.253/westos / mnt-o username=guest put filename

4. Automatically mount cifs on boot

Method 1)

Vim / etc/fstab

/ / 172.25.254.253/westos / mnt cifs defaults,username=guest 0 0

2.vim / etc/rc.d/rc.local

Mount / / 172.25.254.253/westos / mnt-o username=guest

Access to nfs Network File system

1. Install access sharing softwar

Yum install nfs-utils-y

two。 Identify sharing

Showmount-e 172.25.254.250

3. Use Sharin

Mount 172.25.254.250:/nfsshare/nfs1 / mnt

4. Automatic mount

1)

Vim / etc/fstab

172.25.254.250:/nfsshare/nfs1 / mnt nfs defaults 0 0

2)

Vim / etc/rc.d/rc.local

Mount 172.25.254.250:/nfsshare/nfs1 / mnt

Chmod 755 / etc/rc.d/rc.local

Autofs auto-mount service

1. Service function

By default, when using mount to mount a share, it will be mounted when the share is not used, which is a waste of shared server resources.

Autofs can be automatically mounted when in use and unloaded automatically when idle

two。 Installation service

Yum install autofs-y

Systemctl start autofs

3. Visit

Cd / net/172.25.254.250/nfsshare/nfs1

4. Set idle unloading time

Vim / etc/autofs.conf

Chroot_local_user=NO

Chroot_list_enable=YES

# (default follows)

Chroot_list_file=/etc/vsftpd/chroot_list

15 timeout = 3 # the system automatically uninstalls the network device after it is idle for 3 seconds

5. Implement a custom mount point

Vim / etc/auto.master

Finally, the upper directory subconfiguration file of the custom mount point

/ mnt / etc/auto.nfs

Vim subprofile

Final mount point network shared directory

Vim / etc/auto.nfs

Pub1 172.25.254.250:/nfsshare/nfs1 specifies a specific mount point

!! * 172.25.254.250 Drexample nfssharepool & # specify any shared mount

Systemctl restart autofs.service

8. Access to network users

Ldap directory service authentication, similar to windows active Directory, is a way to record data

Software required for 2.ldap client

Yum install sssd krb5-workstation-y

3. How to turn on ladp user authentication

Authconfig-tui

[*] lLDAP [*] Use Kerberos

The certificate is missing. You need to download the required certificate to / etc/openldap/cacertss from the server.

Commands used:

Wget http://172.25.254.254/pub/example-ca.crt

Getent passwd ldapuser1

If the user information can be displayed normally, it proves that the client authentication is successful.

List all users

Vim / etc/sssd/sssd.conf

Enumerate = True

Systemctl restart sssd

4. Automatically mount the user's home directory

Yum install autofs-y

Vim / etc/auto.master

Chroot_local_user=NO

Chroot_list_enable=YES

# (default follows)

Chroot_list_file=/etc/vsftpd/chroot_list

/ home/guests / etc/auto.ldap

Fs

Vim / etc/auto.ldap

Ldapuser1 172.25.254.254:/home/guests/ldapuser1

+ + +

* 172.25.254.254Homeostermogram guestsUniverse &

The script automatically creates network users, mounts automatically, and changes home directories.

#! / bin/bash

Yum insatll sssd krb5-workstation autofs-y & > / dev/null

Echo "config ldapauth client ing..."

Authconfig\

-- enableldap\

-- disableldappauth\

-- enableldaptls\

-- ldaploadcacert= http://172.25.254.254/pub/example-ca.crt\

-ldapserver= "cla***oom.example.com"\

-ldapbasedn= "dc=example,dc=com"\

-krb5realm= "EXAMPLE.COM"\

-krb5kdc= "cla***oom.example.com"\

-krb5adminserver= "cla***ooom.example.com"\

-- enablesssd\

-- enablesssddauth\

-- update

Echo "config ldap user\'s home directory ing..."

Echo / home/guests / etc/auto.ldap > > / etc/auto.master

Echo "* 172.25.254.254VERGULAR homeguest &" > > / etc/auto.ldap

1.vsftp:

Yum install vsftpd-y

Firewall-cmd-permanent-add-service=ftp

Firewall-cmd-reload

Vim / etc/sysconfig/selinux

SELINUX=disabled

Systemctl start vsftpd

Systemctl enable vsftpd

Reboot

Vim / etc/vsftpd/vsftpd.conf

1) Anonymous user settings

Anonymous_enable=YES | NO # # login restrictions for anonymous users

Anon_upload_enable=YES # # upload from anonymous users

Anon_root=/directory # # Anonymous user Home Directory

Anon_umask=xxx # # default permissions for anonymous users to upload files

Anon_mkdir_write_enable=YES | NO # # create a directory for anonymous users

Anon_world_reable_only=YES | NO # # Anonymous user download parameter NO means anonymous user can download

Anon_other_write_enable=YES | NO # # deleted by anonymous users

Chown_uploads=YES # # Anonymous user identity modification

Chown_username=student

Anon_max_rate=102400 # # maximum upload rate for anonymous users

Max_client=2 # # maximum number of links

Chgrp ftp/ var/ftp/pub

Chgrp 775 / var/ftp/pub

Chmod 775 / var/ftp/pub

2) Local user settings

Local_enable=YES | NO # # Local user login restrictions

Write_enable=YES # # restrictions on write permissions for local users

Local_root=/directory # # modify the local user's home directory

Local_umask=xxx # # permissions for local users to upload files

3) restrict local users from browsing / directories (lftp172.25.24.11-u timo)

White list

Chroot_local_user=YES

Chroot_list_enable=YES

# (default follows)

Chroot_list_file=/etc/vsftpd/chroot_list vim / etc/vsftpd/chroot_list

Taxing

Black list

Chroot_local_user=NO

Chroot_list_enable=YES

# (default follows)

Chroot_list_file=/etc/vsftpd/chroot_list vim/etc/vsftpd/chroot_list

Taxing

4) restrict login access of local users

Vim / etc/vsftpd/ftpusers # # user blacklist

Vim / etc/vsftpd/user_list # # temporary blacklist of users

User whitelist setting

Vim / etc/vsftpd/vsftpd.conf

Userlist_deny=NO

Set the parameter vim / etc/vsftpd/user_list # #. This file becomes a whitelist of users. Only users who appear in the list can log in to ftp.

5) the setting of ftp virtual user

Create a virtual account identity

Vim / etc/vsftpd/taxing # # File name is arbitrary

Taxing1

one hundred and twenty three

Taxing2

four hundred and fifty six

Taxing3

seven hundred and eighty nine

Db_load-T-t hash-f taxing taxing.db

Rm-rf taxing

Cd / etc/pam.d

Vim / etc/pam.d/timo

Account required pam_userdb.so db=/etc/vsftpd/taxing

Auth required pam_userdb.so db=/etc/vsftpd/taxing

Vim / etc/vsftpd/vsftpd.cof

Pam_service_name=ckvsftpd

Guest_enable=YES

Virtual account identity assignment

Guest_username=ftpuser

Mkdir / ftpdir/taxing1-p

Mkdir / ftpdir/taxing2-p

Mkdir / ftpdir/taxing3-p

...

Touch / ftpdir/taxing1/taxing1file

Touch / ftpdir/taxing2/taxing2file

Touch / ftpdir/taxing3/taxing3file

...

Su-taxing

Vim / etc/vsftpd/vsftpd.conf

Local_root=/ftpuserhome/$USER

User_sub_token=$USER

Mkdir / ftpuserhome

Chgrp ftpuser / ftpuserhome

Chmod gears / ftpuserhome

Systemctl restart vsftpd

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.