N22-第十三周作业

1、建立samba共享，共享目录为/data，要求：（描述完整的过程）
  1)共享名为shared，工作组为magedu；
  2)添加组develop，添加用户gentoo,centos和ubuntu，其中gentoo和centos以develop为附加组，ubuntu不属于develop组；密码均为用户名；
  3)添加samba用户gentoo,centos和ubuntu，密码均为“mageedu”；
  4)此samba共享shared仅允许develop组具有写权限，其他用户只能以只读方式访问；
  5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问；

添加用户和组：

[root@localhost ~]# groupadd develop

[root@localhost ~]# useradd -G develop gentoo
[root@localhost ~]# useradd -G develop centos
[root@localhost ~]# useradd -G develop ubuntu

设置用户密码：

[root@localhost ~]# echo "gentoo" |passwd –stdin gentoo

[root@localhost ~]# echo "centos" |passwd –stdin centos

[root@localhost ~]# echo "ubuntu" |passwd –stdin ubuntu

添加samba用户：

[root@localhost samba]# smbpasswd -a gentoo
New SMB password:
Retype new SMB password:
Added user gentoo.
[root@localhost samba]# smbpasswd -a centos
New SMB password:
Retype new SMB password:
Added user centos.
[root@localhost samba]# smbpasswd -a ubuntu
New SMB password:
Retype new SMB password:
Added user ubuntu.

修改共享目录/data/的acl：

[root@localhost ~]# setfacl -m g:develop:rwx /data/

编辑samba配置文件：

[root@localhost ~]# vim /etc/samba/smb.conf

workgroup = magedu    

hosts allow = 172.16.0.0/16

[shared]
        comment = test
        pahth = /data
        browseable = yes

        guest ok = yes

        writable = no
        write list = @develop

重新加载samba服务：

[root@localhost ~]# systemctl reload smb.service

测试centos用户：

[root@localhost ~]# smbclient //192.168.1.120/shared -U centos
Enter centos's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> put fstab
putting file fstab as \fstab (254.9 kb/s) (average 254.9 kb/s)
测试gentoo用户：

root@localhost ~]# smbclient //192.168.1.120/shared -U gentoo
Enter centos's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> put crontab
putting file crontab as \crontab (146.8 kb/s) (average 146.8 kb/s)

测试ubuntu用户：

[root@localhost ~]# smbclient //192.168.1.120/shared -U ubuntu
Enter ubuntu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> get fstab
getting file \fstab of size 783 as fstab (191.2 KiloBytes/sec) (average 191.2 KiloBytes/sec)
smb: \> put hosts
NT_STATUS_ACCESS_DENIED opening remote file \hosts

2、搭建一套文件vsftp文件共享服务，共享目录为/ftproot,要求：（描述完整的过程）
1)基于虚拟用户的访问形式；

2)匿名用户只允许下载，不允许上传；

3)禁锢所有的用户于其家目录当中；

4)限制最大并发连接数为200:；

5)匿名用户的最大传输速率512KB/s

6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
安装mariadb-server和vsftpd

[root@localhost ~]# yum install mariadb-server

[root@localhost ~]# yum install vsftpd

编译安装pam-mysql:

[root@localhost ~]#yum groupinstall "Development Tools" "Server Platform Development"

[root@localhost ~]#yum install pam-devel openssl-devel mariadb-devel

[root@localhost pam_mysql-0.7RC1]#  ./configure –prefix=/user/local/pam-mysql –with-openssl –with-mysql=/usr –with-pam=/usr –with-pam-mods-dir=/usr/lib64/security

[root@localhost pam_mysql-0.7RC1]#  make && make install

查看是否安装成功：

[root@localhost ~]# ls /lib64/security/ |grep pam_mysql
pam_mysql.la
pam_mysql.so
在mariadb数据库上创建虚拟用户：

[root@localhost pam_mysql-0.7RC1]# systemctl start mariadb.service

[root@localhost ~]# mysql
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(
    -> id int auto_increment not null primary key,
    -> name char(30) not null,
    -> password char(48) binary not null );
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('tom',password('magedu'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('jerry',password('magedu.com'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@localhost identified by 'magedu';
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'127.0.0.1' identified by 'magedu';
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> exit
Bye

创建虚拟用户的映射用户：

[root@localhost ~]# useradd -s /sbin/nologin -d /ftproot vuser

[root@localhost ~]# chmod go+rx /ftproot

[root@localhost ~]# chmod -w /ftproot
编辑vsftpd配置文件：
[root@localhost ~]# vim /etc/vsftpd//vsftpd.conf

anonymous_enable=YES 

local_enable=YES
write_enable=YES
anon_upload_enable=NO

chroot_local_user=YES
max_clients=200

anon_max_rate=512000

guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql
启动vsftpd服务：

[root@localhost ~]# systemctl start vsftpd.service
在另一台主机上验证：

[root@localhost ~]# ftp 192.168.1.120
Connected to 192.168.1.120 (192.168.1.120).
220 (vsFTPd 3.0.2)
Name (192.168.1.120:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
共享数据库：

[root@localhost ~]# vim /etc/exports

/mydata/data        192.168.1.0/24（rw）

[root@localhost ~]#exportfs -r