week13
1、建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为magedu;
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“magedu”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于10.0.0.0/16网络的主机访问;
2、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200:;
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
题目1:
1.安装samba
[root@rs1 ~]# yum -y install samba
2.添加组,用户以及创建共享目录
[root@rs1 ~]# groupadd develop
[root@rs1 ~]# useradd -G develop gentoo
[root@rs1 ~]# useradd -G develop centos
[root@rs1 ~]# for user in {gentoo,centos,ubuntu};do echo $user;done
[root@rs1 ~]# mkdir /data
3.修改共享目录权限
[root@rs1 ~]# chmod g+w /data
4.编辑samba配置文件:
/etc/samba/smb.conf,添加如下配置:
[shared]
comment = week test
path = /data
browseable = yes
public = no
write = yes
write list = +develop
hosts allow = 10.0.0.0/255.255.0.0
5.启动服务:
[root@rs1 ~]# systemctl start smb.service
查看是否启用端口445,139
6.测试:
[root@rs2 ~]# smbclient -L 10.0.0.21 -U ubuntu
Enter gentoo's password:
Domain=[MAGEDU] OS=[Windows 6.1] Server=[Samba 4.2.10]
Sharename Type Comment
--------- ---- -------
shared Disk week test
IPC$ IPC IPC Service (Samba Server Version 4.2.10)
Domain=[MAGEDU] OS=[Windows 6.1] Server=[Samba 4.2.10]
Server Comment
--------- -------
RS1 Samba Server Version 4.2.10
Workgroup Master
--------- -------
MAGEDU RS1
[root@rs2 ~]# mount -t cifs //10.0.0.21/shared /mnt -o username=ubuntu -o password=magedu
mount: //10.0.0.21/shared is write-protected, mounting read-only
mount: cannot mount //10.0.0.21/shared read-only
[root@rs2 ~]# mount -t cifs //10.0.0.21/shared /mnt -o username=gentoo -o password=magedu
[root@rs2 ~]# df -hT|grep mnt
//10.0.0.21/shared cifs 18G 2.3G 16G 13% /mnt
[root@rs2 ~]# cd /mnt
[root@rs2 mnt]# touch test1
[root@rs2 mnt]# ll
total 0
-rw-r--r-- 1 1003 1006 0 Nov 11 23:01 test1
[root@rs1 ~]# id gentoo
uid=1003(gentoo) gid=1006(gentoo) groups=1006(gentoo),1005(develop)
题目2:
环境:
rs2:mysql+vsftpd
rs1:smaba
1.安装MySQL
[root@rs2 ~]# groupadd -g 1100 mysql
[root@rs2 ~]# useradd -u 1100 -g mysql -M mysql
[root@rs2 ~]# mount -t cifs //10.0.0.21/mysql /opt/mysql -o username=mysql -o password=magedu
[root@rs2 ~]# chown -R mysql.mysql /opt/mysql
[root@rs2 ~]# tar xf mysql-5.6.31-linux-glibc2.5-x86_64.tar.gz -C /usr/local/
[root@rs2 ~]# cd /usr/local
[root@rs2 local]# ln -sv mysql-5.6.31-linux-glibc2.5-x86_64 mysql
[root@rs2 local]# cd mysql
[root@rs2 mysql]# ./scripts/mysql_install_db --user=mysql --datadir=/opt/mysql
[root@rs2 mysql]# cp support-files/mysql.server /etc/init.d/mysqld
[root@rs2 mysql]# chmod +x /etc/init.d/mysqld
[root@rs2 mysql]# cp support-files/my-default.cnf /etc/my.cnf
[root@rs2 mysql]# vim /etc/my.cnf
basedir = /usr/local/mysql
datadir = /opt/mysql
skip_name_resolve = 1
character_set_server = utf8
innodb_file_per_table = 1
[root@rs2 mysql]# ln -sv /usr/local/mysql/include/ /usr/include/mysql
[root@rs2 mysql]# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
[root@rs2 mysql]# ldconfig -v
[root@rs2 mysql]# vim /etc/profile.d/mysql.sh
export PATH=/usr/local/mysql/bin:$PATH
[root@rs2 mysql]# source /etc/profile.d/mysql.sh
[root@rs2 mysql]# service mysqld start
2.安装vsftpd
[root@rs2 ~]# yum -y install vsftpd pam-devel
安装pam_mysql:
[root@rs2 ~]# tar xf pam_mysql-0.7RC1.tar.gz
[root@rs2 ~]# cd pam_mysql-0.7RC1
[root@rs2 pam_mysql-0.7RC1]# ./configure --with-mysql=/usr/local/mysql/ --with-pam-mods-dir=/lib64/security/
[root@rs2 pam_mysql-0.7RC1]# make install
编辑vsftpd.conf配置文件:
anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_max_rate=512000
max_clients=200
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
download_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
listen=YES
listen_ipv6=NO
guest_enable=YES
guest_username=mysqlftp
virtual_use_local_privs=YES
pam_service_name=vsftpd
tcp_wrappers=YES
vsftpd_log_file=/var/log/vsftpd.log
allow_writeable_chroot=YES
创建虚拟用户映射账户:
[root@rs2 ~]# useradd mysqlftp -d /ftproot
编辑vsftpd的pam认证文件:/etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth sufficient /lib64/security/pam_mysql.so user=vsftp passwd=redhat \
host=127.0.0.1 db=ftp table=users usercolumn=name passwdcolumn=password crypt=2
auth requiredpam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth requiredpam_shells.so
auth includepassword-auth
account sufficient /lib64/security/pam_mysql.so user=vsftp passwd=redhat \
host=127.0.0.1 db=ftp table=users usercolumn=name passwdcolumn=password crypt=2
account includepassword-auth
session required pam_loginuid.so
session includepassword-auth
备注:此认证文件可以使vsftpd服务应用虚拟账号和本地账号;如果只想使用虚拟账号机制,
则只使用pam_mysql相关的2行;此文件认证机制顺序:先检查pam_mysql认证机制;后检查本地账号密码认证机制;
创建vsftpd使用的数据库:
mysql> create database ftp;
mysql> use ftp;
mysql> create table users (
id INT AUTO_INCREMENT NOT NULL,
name CHAR(20) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL,
primary key(id)
);
mysql> grant SELECT on ftp.* to vsftp@localhost identified by 'redhat';
mysql> grant SELECT on ftp.* to vsftp@127.0.0.1 identified by 'redhat';
添加一个虚拟账号:
mysql> insert into users(name,password) values('nginx',password('redhat'));
启动服务:
[root@rs2 ~]# systemctl start vsftpd
3.测试
[root@rs1 ~]# lftp -u nginx,redhat 10.0.0.22
lftp nginx@10.0.0.22:~> ls
-rw-r--r-- 1 0 0 1667 Nov 12 08:58 passwd
lftp nginx@10.0.0.22:/> exit
[root@rs1 ~]# lftp 10.0.0.22
lftp 10.0.0.22:~> ls
drwxr-xr-x 2 0 0 6 Mar 31 2016 pub
lftp 10.0.0.22:/> quit
[root@rs1 ~]# lftp -u devon,redhat 10.0.0.22
lftp devon@10.0.0.22:~> ls
-rw-r--r-- 1 0 0 1667 Nov 12 08:58 passwd
lftp devon@10.0.0.22:/> quit
[root@rs1 ~]# lftp -u nginx,redhat 10.0.0.22
lftp nginx@10.0.0.22:~> ls
-rw-r--r-- 1 0 0 1667 Nov 12 08:58 passwd
lftp nginx@10.0.0.22:/> quit
原创文章,作者:devon,如若转载,请注明出处:http://www.178linux.com/59389
评论列表(1条)
挂在记得写配置文件,否则机器一重启就没了。