Shulou(Shulou.com)06/01 Report--

1. Establish a samba share with a shared directory of / data, which requires: (describe the complete process)

1) shared name is shared, and working group is magedu

2) add group develop, add users gentoo,centos and ubuntu, where gentoo and centos take develop as the additional group, ubuntu does not belong to the develop group; passwords are user names

3) add samba users gentoo,centos and ubuntu with a password of "mageedu"

4) this samba share shared only allows develop groups to have write permissions, and other users can only access it as read-only.

5) this samba sharing service allows access only to hosts from the 172.16.0.0 Universe 16 network.

Build it in centos7.2 environment

[root@localhost ~] # yum-y install samba # install the samba service

[root@localhost ~] # mkdir / data # create a shared directory

[root@localhost ~] # useradd gentoo # add users

[root@localhost ~] # useradd centos

[root@localhost ~] # useradd ubuntu

[root@localhost ~] # echo "gentoo" | passwd-- stdin gentoo

[root@localhost ~] # echo "centos" | passwd-- stdin centos

[root@localhost ~] # echo "ubuntu" | passwd-- stdin ubuntu

[root@localhost ~] # groupadd develop # add develop group

[root@localhost ~] # usermod-aG developgentoo # gentoo additional group is develop

[root@localhost ~] # usermod-aG developcentos # centos additional group is develop

# add samba users

[root@localhost] # smbpasswd-a gentoo

[root@localhost] # smbpasswd-a centos

[root@localhost] # smbpasswd-a ubuntu

[root@localhost ~] # pdbedit-L # list all samba users

[root@localhost ~] # setfacl-mg:develop:rwx / data # set develop group to have write permission

[root@localhost ~] # vim / etc/samba/smb.conf # Edit configuration file

[global]

Workgroup = magedu # working group

Hosts allow = 192.168.0.0amp 16 # # only allow 192.168.0.0amp 16 network hosts to access

[shared] # share name

Comment = data dir # comment information

Path = / data # path

Browseable = yes # can be seen by the user

Read only = yes # read only

Write list = @ develop # groups with write permission

[root@localhost ~] # testparm # Test

[root@localhost ~] # systemctl reloadsmb.service # reload service

# client testing

[root@localhost ~] # smbclient//192.168.0.188/shared-U gentoo

Enter gentoo's password:

Domain= [MAGEDU] OS= [Windows 6.1] Server= [Samba 4.4.4]

Smb:\ > lcd / etc/

Smb:\ > put fstab

Putting file fstab as\ fstab (12.6 kb/s) (average 12.6 kb/s) # gentoo users can upload

[root@localhost ~] # smbclient//192.168.0.188/shared-U centos

Enter centos's password:

Domain= [MAGEDU] OS= [Windows 6.1] Server= [Samba 4.4.4]

Smb:\ > lcd / etc

Smb:\ > put php.ini

Putting file php.ini as\ php.ini (1102.8kb/s) (average 1102.8kb/s) # centos users can upload

[root@localhost ~] # smbclient//192.168.0.188/shared-U ubuntu

Enter ubuntu's password:

Domain= [MAGEDU] OS= [Windows 6.1] Server= [Samba 4.4.4]

Smb:\ > lcd / etc

Smb:\ > put resolv.conf

NT_STATUS_ACCESS_DENIED opening remote file\ resolv.conf # ubuntu users cannot upload

It's over.

2. Build a set of file vsftp file sharing service with a shared directory of / ftproot, which requires: (describe the complete process)

1) access form based on virtual user

2) anonymous users are only allowed to download, not upload

3) imprison all users in their home directories

4) limit the maximum number of concurrent connections to 200:

5) maximum transfer rate of anonymous users (512KB/s)

6) the account of the virtual user is stored in the mysql database.

7) the database is shared through NFS.

Build it in CentOS7.2 environment

(1) compile and install pam_mysql-0.7RC1.tar.gz

[root@localhost ~] # yum-y install vsftpd # install vsftpd

[root@localhost dylan] # yum-y groupinstall "Development Tools"Server Platform Development"

[root@localhost dylan] # yum-y installmariadb-server mariadb-devel openssl-devel pam-devel

[root@localhost dylan] # tar-xfpam_mysql-0.7RC1.tar.gz

[root@localhost dylan] # cdpam_mysql-0.7RC1/

[root@localhost pam_mysql-0.7RC1] # / configure-- with-mysql=/usr-- with-openssl=/usr-- with-pam=/usr--with-pam-mods-dir=/lib64/security

[root@localhost pam_mysql-0.7RC1] # make

[root@localhost pam_mysql-0.7RC1] # makeinstall

(2) configure and create the required database table

[root@localhost pam_mysql-0.7RC1] # mysql-uroot-pxiaozhang # configure mysql database

Welcome to the MariaDB monitor. Commands end with; or\ g.

Your MariaDB connection id is 11

Server version: 5.5.52-MariaDB MariaDBServer

Copyright (c) 2000, 2016, Oracle, MariaDBCorporation Ab and others.

Type 'help;' or'\ h' for help. Type'\ c 'toclear the current input statement.

MariaDB [(none)] > create databasevsftpd; # create a vsftpd library

Query OK, 1 row affected (0.01sec)

MariaDB [(none)] > use vsftpd

Database changed

MariaDB [vsftpd] > create table users (# create table structure

-> id int auto_increment not null primary key

-> name char (30) not null

-> password char (48) binary not null)

Query OK, 0 rows affected (0.02 sec)

MariaDB [vsftpd] > insert intousers (name,password) values ('tom',password (' xiaozhang')); # insert two pieces of data into the table

Query OK, 1 row affected (0.00 sec)

MariaDB [vsftpd] > insert intousers (name,password) values ('jerry',password (' xiaozhang1'))

Query OK, 1 row affected (0.01sec)

MariaDB [vsftpd] > grant select onvsftpd.* to vsftpd@localhost identified by 'xiaozhang'

# authorize vsftpd users

Query OK, 0 rows affected (0.00 sec)

MariaDB [vsftpd] > grant select onvsftpd.* to vsftpd@'127.0.0.1' identified by 'xiaozhang'

; Query OK, 0 rows affected (0.00 sec)

MariaDB [vsftpd] > flush privileges

Query OK, 0 rows affected (0.01 sec)

(3) create pam configuration file and create system virtual user vuser

[root@localhost dylan] # vim / etc/pam.d/vsftpd.mysql # create vsftpd.mysql as pam authentication file

Auth required pam_mysql.so user=vsftpdpasswd=xiaozhang host=localhost db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2

Account required pam_mysql.so user=vsftpd passwd=xiaozhang host=localhostdb=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

[root@localhost dylan] # useradd-s / sbin/nologin-d / ftproot vuser # create a system virtual user vuser

[root@localhost dylan] # chmod go+rx/ftproot/

(4) modify vsftpd configuration file

Anonymous_enable=YES # enable virtual users

Local_enable=YES # enable local users

Write_enable=YES # allow users to have write permission

Anon_upload_enable=NO # Anonymous users are not allowed to upload

Chroot_local_user=YES # imprison all users in their home directories

Max_clients=200 # limit the maximum number of concurrent connections to 200

Anon_max_rate=512000 # maximum transfer rate of anonymous users 512KB/s

Guest_enable=YES # activate a virtual user

Guest_username=vuser # create a vuser user as a virtual corresponding user

Pam_service_name=vsftpd.mysql # vsftpd.mysql as pam authentication file

(5) testing

[root@localhost ~] # ftp 192.168.0.104 # ftp remote connection

Connected to 192.168.0.104 (192.168.0.104).

220 (vsFTPd 3.0.2)

Name (192.168.0.104:root): tom

331 Please specify the password.

Password:

500 OOPS: vsftpd: refusing to run withwritable root inside chroot ()

Login failed.

421 Service not available, remote serverhas closed connection # connection failed

[root@localhost ~] # chmod-w / ftproot # remove the write permission of the server home directory

[root@localhost ~] # mkdir / ftproot/ {pub,upload} # create a home directory with two directories

[root@localhost ~] # ftp 192.168.0.104 # reconnect

Connected to 192.168.0.104 (192.168.0.104).

220 (vsFTPd 3.0.2)

Name (192.168.0.104:root): tom

331 Please specify the password.

Password:

230 Login successful. # Login successfully

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp > ls # View the directory

227 Entering Passive Mode (192, 168, 0, 104, 150, 82).

150 Here comes the directory listing.

Drwxr-xr-x 2 0 0 6 Jul 05 02:11 pub

Drwxr-xr-x 2 0 0 6 Jul 05 02:11 upload

226 Directory send OK. # successful test

(6) in addition: if you want to upload directory anonymous users can upload files, need:

[root@localhost ~] # chown vuser/ftproot/upload/

[root@localhost ~] # vim/etc/vsftpd/vsftpd.conf

Anon_upload_enable=YES # enable anonymous user upload

[root@localhost ~] # systemctl restartvsftpd.service

If there are two virtual users, one can be uploaded and the other cannot be uploaded, it needs to be configured as follows:

It is supported in the main profile that each virtual user can have its own separate profile.

[root@localhost ~] # mkdir / etc/vsftpd/vuser.conf.d # create a configuration directory

Create a file with a virtual user name in the [root@localhost ~] # vim/etc/vsftpd/vuser.conf.d/tom # # directory

Anon_upload_enable=YES # add this item to allow upload

[root@localhost ~] # vim/etc/vsftpd/vuser.conf.d/jerry

Anon_upload_enable=NO # indicates that upload is not allowed

[root@localhost ~] # vim / etc/vsftpd/vsftpd.conf # Edit the main configuration file

# anonymous_enable=YES # comment this item

User_config_dir=/etc/vsftpd/vuser.conf.d/ # add a user directory

[root@localhost ~] # systemctl restartvsftpd.service # restart the service.

(7) Database is shared through NFS

[root@localhost ~] # yum install nfs-utils-y # install nfs-utils

[root@localhost ~] # systemctl startnfs.service

[root@localhost ~] # ss-tnl

LISTEN 0 64:: 2049: *

The mysql data directory is datadir=/var/lib/mysql

[root@localhost ~] # vim/etc/exports.d/mydata.exports

/ var/lib/mysql 192.168.0.0Compact 16 (rw,root_squash) # read and write permissions and compressed root user permissions

[root@localhost ~] # exportfs-r # Export a shared directory

[root@localhost ~] # showmount-e192.168.0.104 # View the shared directory

Export list for 192.168.0.104:

/ var/lib/mysql 192.168.0.0/16

[root@localhost /] # mkdir / mydata/data-p # client creates a mount directory

[root@localhost /] # mount-t nfs192.168.0.104:/var/lib/mysql / mydata/data # client mount

[root@localhost /] # mount # View mount information

192.168.0.104:/var/lib/mysql on/mydata/data type nfs4 (rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.104,local_lock=none,addr=192.168.0.104)

So far, it's done.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.