第13周博客作业
1、建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为zhucke;
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“zhucke”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于10.0.0.0/16网络的主机访问;
实验环境准备:
| 序号 | 角色 | 系统版本 | IP地址 |
| 1 | Server端 | CentOS-7.1 | 192.168.5.171 |
| 2 | client端(Linux) | CentOS-7.1 | 192.168.5.172 |
| 3 | client端(Windows) | Windows 10 | 192.168.5.9 |
(1)安装samba程序包并启动
[root@CentOS7-171 ~]# yum install -y samba #安装samba包 [root@CentOS7-171 ~]# systemctl start smb.service #启动smb [root@CentOS7-171 ~]# systemctl start nmb.service #启动nmb [root@CentOS7-171 ~]# systemctl enable smb.service #开机自启动 [root@CentOS7-171 ~]# systemctl enable nmb.service #开机自启动
(2)创建需要的用户及密码
[root@CentOS7-171 ~]# groupadd develop #创建develop组 [root@CentOS7-171 ~]# useradd -G develop centos #添加centos用户的附加组为develop组 [root@CentOS7-171 ~]# useradd -G develop gentoo #添加gentoo用户的附加组为develop组 [root@CentOS7-171 ~]# useradd ubuntu #创建utuntu用户 [root@CentOS7-171 ~]# echo "gentoo" | passwd --stdin gentoo [root@CentOS7-171 ~]# echo "centos" | passwd --stdin centos [root@CentOS7-171 ~]# echo "ubuntu" | passwd --stdin ubuntu
(3)为samba创建用户及密码
[root@CentOS7-171 ~]# smbpasswd -a centos [root@CentOS7-171 ~]# smbpasswd -a gentoo [root@CentOS7-171 ~]# smbpasswd -a ubuntu
(4)创建共享目录并设定权限
[root@CentOS7-171 ~]# mkdir /data [root@CentOS7-171 ~]# ll -d /data/ drwxr-xr-x 2 root root 6 Dec 20 11:15 /data/ [root@CentOS7-171 ~]# chmod g+w /data [root@CentOS7-171 ~]# chown :develop /data [root@CentOS7-171 ~]# ll -dl /data drwxrwxr-x 2 root develop 6 Dec 20 11:15 /data
(5)修改配置文件/etc/samba/smb.conf
[root@CentOS7-171 ~]# cp /etc/samba/smb.conf{,.bak}
[root@CentOS7-171 ~]# cd /etc/samba/
[root@CentOS7-171 samba]# vim smb.conf
[global]
workgroup = zhucke
server string = Samba Server Version %v
hosts allow = 192.168.5.0/24
[shared]
comment = data
path = /data
read only = yes
write list = @develop
browseable = yes
[root@CentOS7-171 samba]# systemctl reload smb.service
(6)在192.168.5.172上登录共享测试
[root@CentOS7-172 ~]# smbclient //192.168.5.171/shared -U centos #用centos用户登录,测试是否可读可写 Enter centos's password: Domain=[ZHUCKE] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: \> ls . D 0 Tue Dec 20 11:15:46 2016 .. DR 0 Tue Dec 20 11:15:46 2016 52403200 blocks of size 1024. 48251556 blocks available smb: \> mkdir centos #创建目录 smb: \> ls . D 0 Tue Dec 20 15:34:21 2016 .. DR 0 Tue Dec 20 11:15:46 2016 centos D 0 Tue Dec 20 15:34:21 2016 #创建成功 52403200 blocks of size 1024. 48251516 blocks available smb: \> exit [root@CentOS7-172 ~]# smbclient //192.168.5.171/shared -U gentoo #用户gentoo用户测试,是否可读可写 Enter gentoo's password: Domain=[ZHUCKE] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: \> ls . D 0 Tue Dec 20 15:34:21 2016 .. DR 0 Tue Dec 20 11:15:46 2016 centos D 0 Tue Dec 20 15:34:21 2016 52403200 blocks of size 1024. 48251516 blocks available smb: \> mkdir gentoo #创建目录 smb: \> ls . D 0 Tue Dec 20 15:34:43 2016 .. DR 0 Tue Dec 20 11:15:46 2016 centos D 0 Tue Dec 20 15:34:21 2016 gentoo D 0 Tue Dec 20 15:34:43 2016 #创建成功 52403200 blocks of size 1024. 48251516 blocks available smb: \> exit [root@CentOS7-172 ~]# smbclient //192.168.5.171/shared -U ubuntu #用ubuntu用户登录,测试 Enter ubuntu's password: Domain=[ZHUCKE] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: \> ls . D 0 Tue Dec 20 15:34:43 2016 .. DR 0 Tue Dec 20 11:15:46 2016 centos D 0 Tue Dec 20 15:34:21 2016 gentoo D 0 Tue Dec 20 15:34:43 2016 52403200 blocks of size 1024. 48251516 blocks available smb: \> mkdir ubuntu #创建目录 NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \ubuntu #提示不能创建 smb: \> ls . D 0 Tue Dec 20 15:34:43 2016 .. DR 0 Tue Dec 20 11:15:46 2016 centos D 0 Tue Dec 20 15:34:21 2016 gentoo D 0 Tue Dec 20 15:34:43 2016 52403200 blocks of size 1024. 48251548 blocks available smb: \> exit
2、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200:;
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
实验环境准备:
| 序号 | 角色 | 系统版本 | IP地址 |
| 1 | nfs服务器 | CentOS-7.1 | 192.168.5.171 |
| 2 | vsftp服务器 | CentOS-7.1 | 192.168.5.172 |
| 3 | mariadb服务器 | CentOS-7.1 | 192.168.5.172 |
(1)下载epel源
[root@CentOS7.1-172 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
(2)安装所需要的程序包
yum -y groupinstall "Development Tools" "Server Platform Development" yum -y install vsftpd pam-devel mariadb-server mariadb-devel openssl-devel systemctl start mariadb.service #启动mariadb服务 systemctl enable mariadb.service #设置开机自启动mariadb
一、通过NFS服务器共享数据库
1、在192.168.5.171上配置nfs服务,设置共享目录为/data;
[root@CentOS7.1-171 ~]# mkdir /data [root@CentOS7.1-171 ~]# groupadd -g 27 mysql [root@CentOS7.1-171 ~]# useradd -g mysql -u 27 -s /sbin/nologin -M mysql [root@CentOS7.1-171 ~]# chown -R mysql.mysql /data/ [root@CentOS7.1-171 ~]# vim /etc/exports /data 192.168.5.0/24(rw,no_root_squash) [root@CentOS7.1-171 ~]# systemctl start nfs.service
2、在192.168.5.172服务器上安装mariadb,创建目录/mydatae用来挂载nfs共享目录
[root@CentOS7.1-172 html]# mkdir /mydata
[root@CentOS7.1-172 html]# chown -R mysql.mysql /mydata/
[root@CentOS7.1-172 html]# mount -t nfs 192.168.5.171:/data /mydata/
[root@CentOS7.1-172 html]# df -h /mydata
Filesystem Size Used Avail Use% Mounted on
192.168.5.171:/data 50G 4.0G 47G 8% /mydata
[root@CentOS7.1-172 ~]# vim /etc/fstab #设置开机自动挂载
192.168.5.171:/data /mydata nfs defaults 0 0
[root@CentOS7.1-172 html]# cp /etc/my.cnf{,.bak}
[root@CentOS7.1-172 html]# vim /etc/my.cnf
datadir=/var/lib/mysql修改为datadir=/mydata
[root@CentOS7.1-172 html]# systemctl restart mariadb.service
3、在192.168.5.172上创建数据库及表
[root@CentOS7.1-172 html]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.44-MariaDB MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE vsftpd; #创建vsftpd数据库
Query OK, 1 row affected (0.02 sec)
MariaDB [(none)]> use vsftpd; #进入vsftpd数据库
Database changed
MariaDB [vsftpd]> CREATE TABLE users ( #在vsftpd数据库中创建表
-> id int AUTO_INCREMENT NOT NULL PRIMARY KEY,
-> name char(30) NOT NULL,
-> password char(48) binary NOT NULL );
Query OK, 0 rows affected (0.02 sec)
MariaDB [vsftpd]> desc users; #查看表结构
+----------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(30) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.01 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('tom',password('zhucke'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES ('jerry',password('zhucke.com'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'zhucke';
Query OK, 0 rows affected (0.06 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'zhucke.com';
MariaDB [vsftpd]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
4、编译安装pam_mysql包
[root@CentOS7.1-172 tools]# tar xf pam_mysql-0.7RC1.tar.gz [root@CentOS7.1-172 tools]# cd pam_mysql-0.7RC1/ [root@CentOS7.1-172 pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr --with-pam-mods-dir=/lib64/security [root@CentOS7.1-172 pam_mysql-0.7RC1]# make && make install [root@CentOS7.1-172 pam_mysql-0.7RC1]# ls /lib64/security/pam_mysql.so /lib64/security/pam_mysql.so
5、建立pam认证需要的文件
[root@CentOS7.1-172 pam_mysql-0.7RC1]# cd /etc/pam.d/ [root@CentOS7.1-172 pam.d]# vim vsftpd.mysql auth required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=zhucke host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
6、建立虚拟用户映射的系统用户及对应目录
[root@CentOS7.1-172 pam.d]# useradd -s /sbin/nologin -d /ftproot/ vuser
[root@CentOS7.1-172 pam.d]# ll -d /ftproot/
drwxr-xr-x 3 vuser vuser 74 Dec 14 21:05 /ftproot/
[root@CentOS7.1-172 pam.d]# chmod go+rx /ftproot/
[root@CentOS7.1-172 pam.d]# ll -d /ftproot/
drwxr-xr-x 3 vuser vuser 74 Dec 14 21:05 /ftproot/
[root@CentOS7.1-172 pam.d]# mkdir /ftproot/{pub,upload}
7、修改配置文件/etc/vsftpd/vsftpd.conf
[root@CentOS7.1-172 pam.d]# cp /etc/vsftpd/vsftpd.conf{,.bak}
[root@CentOS7.1-172 pam.d]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO #匿名用户禁止上传
anon_mkdir_write_enable=NO #匿名用户禁止创建目录
max_clients=200 #最大并发数
anon_max_rate=512 #匿名用户最大传输速率
chroot_local_user=YES #将用户禁锢在自己的家目录中
添加以下选项
guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql #指明使用/etc/pam.d/vsftpd.mysql来认证
user_config_dir=/etc/vsftpd/vusers.conf.d/ #指明虚拟用户的配置文件
[root@CentOS7.1-172 pam.d]# cd /etc/vsftpd/
[root@CentOS7.1-172 vsftpd]# mkdir vusers.conf.d
[root@CentOS7.1-172 vsftpd]# vim tom
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
[root@CentOS7.1-172 vsftpd]# vim jerry
anon_upload_enable=NO
[root@CentOS7.1-172 vsftpd]# systemctl restart vsftpd.service
8、测试
[root@CentOS7.1-171 ~]# ftp 192.168.5.172 Connected to 192.168.5.172 (192.168.5.172). 220 (vsFTPd 3.0.2) Name (192.168.5.172:root): tom 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/" ftp> cd /etc 550 Failed to change directory. ftp> ls 227 Entering Passive Mode (192,168,5,172,67,115). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Dec 14 15:08 pub drwxr-xr-x 2 0 0 6 Dec 14 15:08 upload 226 Directory send OK.
原创文章,作者:zhuckee,如若转载,请注明出处:http://www.178linux.com/64288
评论列表(1条)
写的很好,可以作为展示作业来展示了,继续加油