1、建立samba共享,共享目录为/data,要求:(描述完整的过程)
mkdir /data #建立共享目录
1)共享名为shared,工作组为magedu
vim /etc/samba/smb.conf
修改
workgroup = MYGROUP
为
workgroup = magedu
修改
passdb backend = tdbsam
为
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
[root@CentOS7 samba]# groupadd develop [root@CentOS7 samba]# useradd -G develop gentoo [root@CentOS7 samba]# useradd -G develop centos [root@CentOS7 samba]# useradd ubuntu [root@CentOS7 samba]# echo "gentoo"| passwd --stdin gentoo 更改用户 gentoo 的密码 。 passwd:所有的身份验证令牌已经成功更新。 [root@CentOS7 samba]# echo "centos"| passwd --stdin centos 更改用户 centos 的密码 。 passwd:所有的身份验证令牌已经成功更新。 [root@CentOS7 samba]# echo "ubuntu"| passwd --stdin ubuntu
3)添加samba用户gentoo,centos和ubuntu,密码均为“mageedu”;
[root@CentOS7 samba]# smbpasswd -a gentoo New SMB password: Retype new SMB password: startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created. Added user gentoo. [root@CentOS7 samba]# smbpasswd -a centos New SMB password: Retype new SMB password: Added user centos. [root@CentOS7 samba]# smbpasswd -a ubuntu New SMB password: Retype new SMB password: Added user ubuntu. [root@CentOS7 samba]#
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
vim smb.conf
末尾添加 [shared] comment = Magedu.com path = /data guest = yes writable = no write list = +develop
**5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问; **
vim smb.conf
添加
hosts allow = 172.16.0.0/16
[root@CentOS7 samba]# systemctl start smb.service
[root@CentOS7 samba]# systemctl status smb.service
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2017-03-23 14:39:18 CST; 5s ago
Main PID: 101560 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─101560 /usr/sbin/smbd
├─101561 /usr/sbin/smbd
├─101562 /usr/sbin/smbd
└─101563 /usr/sbin/smbd
3月 23 14:39:18 CentOS7 systemd[1]: Starting Samba SMB Daemon...
3月 23 14:39:18 CentOS7 smbd[101557]: [2017/03/23 14:39:18.773050, 0] .....)
3月 23 14:39:18 CentOS7 smbd[101557]: Unknown parameter encountered: "g..."
3月 23 14:39:18 CentOS7 smbd[101557]: [2017/03/23 14:39:18.773117, 0] .....)
3月 23 14:39:18 CentOS7 smbd[101557]: Ignoring unknown parameter "guest"
3月 23 14:39:18 CentOS7 systemd[1]: smb.service: Supervising process 101...s.
3月 23 14:39:18 CentOS7 smbd[101560]: [2017/03/23 14:39:18.787425, 0] .....)
3月 23 14:39:18 CentOS7 smbd[101560]: STATUS=daemon 'smbd' finished sta...s
3月 23 14:39:18 CentOS7 systemd[1]: Started Samba SMB Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
PS: CentOS7必须关闭防火墙,还有SELinux
[root@CentOS7 ~]# systemctl list-unit-files |grep fire firewalld.service enabled [root@CentOS7 ~]# systemctl stop firewalld.service [root@CentOS7 ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
亲测OK,有图有真相
PS:这里我把hosts allow = 172.16.0.0/16 改为了hosts allow = 192.168.0.0/24
workgroup 改为WORKGROUP
这样就看到了,欧耶~
2、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,
要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中
7)数据库通过NFS进行共享
先科(zhuang)普(bi)
我们登录FTP有三种方式,匿名登录、本地用户登录和虚拟用户登录。
匿名登录:在登录FTP时使用默认的用户名,一般是ftp或anonymous。
本地用户登录:使用系统用户登录,在/etc/passwd中。
虚拟用户登录:这是FTP专有用户,有两种方式实现虚拟用户,本地数据文件和数据库服务器。
FTP虚拟用户是FTP服务器的专有用户,使用虚拟用户登录FTP,只能访问FTP服务器提供的资源,大大增强了系统的安全。
测试环境
NFS&MySQL服务器 192.168.0.248
vsftp 服务器 192.168.0.235
一、通过NFS服务器共享数据库
1、在192.168.0.248服务器上启动nfs服务,设置共享目录为/nfs_data
[root@CentOS6 ~]# mkdir -pv /nfsdata mkdir: created directory `/nfsdata’
2、安装组件
yum install rpcbind nfs-server nfs-lock nfs-idmap
3、启动nfs服务
[root@CentOS7 ~]# systemctl start nfs-server.service [root@CentOS7 ~]# systemctl status nfs-server.service ● nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled) Active: active (exited) since 五 2017-03-24 16:38:33 CST; 1 day 7h ago Main PID: 37384 (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-server.service 3月 24 16:38:33 CentOS7 systemd[1]: Starting NFS server and services... 3月 24 16:38:33 CentOS7 systemd[1]: Started NFS server and services. [root@CentOS7 ~]#
4、编辑 vim /etc/exports
添加一下内容
/nfs_data 192.168.0.0/24(rw,no_root_squash,sync)
exportfs -r 一下使其生效
注:配置文件说明:
/nfs_data为共享目录 192.168.0.0/24 可以为一个网段,一个IP,也可以是域名,域名支持通配符 如: *.qq.com rw:read-write,可读写; ro:read-only,只读; sync:文件同时写入硬盘和内存; async:文件暂存于内存,而不是直接写入内存; no_root_squash:NFS客户端连接服务端时如果使用的是:root的话,那么对服务端分享的目录来说,也拥有root权限。显然开启这项是不安全的。 root_squash:NFS客户端连接服务端时如果使用的是root的话,那么对服务端分享的目录来说,拥有匿名用户权限,通常他将使用nobody或nfsnobody身份; all_squash:不论NFS客户端连接服务端时使用什么用户,对服务端分享的目录来说都是拥有匿名用户权限;
二、vsftp mysql 服务器挂载nfs
[root@CentOS6 ~]# showmount -e 192.168.0.235
Export list for 192.168.0.235:
/nfs_data 192.168.0.0/24
[root@CentOS6 ~]# mount -t nfs 192.168.0.235:/nfs_data /nfs_data
[root@CentOS6 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_centos6-lv_root
18G 3.3G 13G 21% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sda1 477M 69M 383M 16% /boot
192.168.0.235:/nfs_data
17G 6.9G 11G 41% /nfs_data
客户端在挂载的时候遇到的一个问题如下,可能是网络不太稳定,NFS默认是用UDP协议,换成TCP协议即可
mount -t nfs 192.168.0.235:/nfsdata /nfsdata -o proto=tcp -o nolock
在客户端写入一个有内容的文件测试,嘿嘿,服务端马上看到了,欧耶~~~
vsftp mysql 服务器 192.168.0.235安装MySQL/MariaDB
这里我就直接yum安装MariaDB了
yum install mariadb-server.x8664 mariadb-devel.x8664 openssl-devel.x86_64 systemctl start mariadb.service systemctl enable mariadb.service
安装PAM-MySQL,要跟vsftp安装在同一台机器上
下载源码包,加压
安装前再次确认依赖包
yum install pam-devel openssl-devel mariadb-devel
CentOS7 ./configure –with-mysql=/usr –with-openssl –with-pam=/usr –with-pam-mods-dir=/usr/lib64/security
CentOS6 ./configure –with-mysql=/usr –with-openssl –with-pam=/usr –with-pam-mods-dir=/lib64/security/
make -j 4 && make install
配置数据库,创建vsftpd的库和表
[root@CentOS7 pam_mysql-0.7RC1]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
| vsftpd |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> use vsftpd;
Database changed
MariaDB [vsftpd]> create table users (
-> id int auto_increment not null primary key,
-> name char(30) not null,
-> password char(48) binary not null );
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> desc users;
+----------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(30) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
MariaDB [vsftpd]> insert into users(name,password) values ('jerry',password('mageedu'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert into users(name,password) values ('tom',password('mageedu111'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | jerry | *9A94EE7D14C10908118B62D2DA88E6932E11E438 |
| 2 | tom | *67CF267D9D554496768C605C2D66754EAE874C12 |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [vsftpd]>
#我这边vsftpd跟mysql不是同一台机器,所以开启远程授权
MariaDB [mysql]> grant select on vsftpd.* to vsftpd@'192.168.0.248' identified by 'mageedu';
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
[root@CentOS7 pam_mysql-0.7RC1]# mysql -uvsftpd -pmageedu
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 5.5.52-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
| vsftpd |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [vsftpd]> select * from users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | jerry | *9A94EE7D14C10908118B62D2DA88E6932E11E438 |
| 2 | tom | *67CF267D9D554496768C605C2D66754EAE874C12 |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> exit
Bye
[root@CentOS7 pam_mysql-0.7RC1]#
迁移MariaDB的数据库默认数据存放目录,放到/nfs_data/目录中,形成NFS共享
[root@CentOS7 /]# systemctl stop mariadb.service
[root@CentOS7 /]# cp -r /var/lib/mysql/ /nfs_data/
[root@CentOS7 /]#vim /etc/my.cnf
修改成:datadir=/nfs_data/mysql
[root@CentOS7 /]#cd /nfs_data/
[root@CentOS7 /]# chown -R mysql:mysql mysql/
[root@CentOS7 /]#systemctl start mariadb.service
[root@CentOS7 /]#systemctl status mariadb.service
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since 日 2017-03-26 15:16:34 CST; 18min ago
Process: 94278 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
Process: 94247 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Main PID: 94277 (mysqld_safe)
CGroup: /system.slice/mariadb.service
├─94277 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─94435 /usr/libexec/mysqld --basedir=/usr --datadir=/nfs_data...
3月 26 15:16:32 CentOS7 systemd[1]: Starting MariaDB database server...
3月 26 15:16:32 CentOS7 mysqld_safe[94277]: 170326 15:16:32 mysqld_safe....
3月 26 15:16:32 CentOS7 mysqld_safe[94277]: 170326 15:16:32 mysqld_safe...l
3月 26 15:16:34 CentOS7 systemd[1]: Started MariaDB database server.
Hint: Some lines were ellipsized, use -l to show in full.
这时候,两边机器的NFS目录都看看,OK啦~~~
安装vsftpd
[root@CentOS6 mysql]# yum install vsftpd Loaded plugins: fastestmirror Setting up Install Process Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * epel: mirrors.tuna.tsinghua.edu.cn * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================ Package Arch Version Repository Size ============================================================================ Installing: vsftpd x86_64 2.2.2-21.el6 base 155 k Transaction Summary ============================================================================ Install 1 Package(s) Total download size: 155 k Installed size: 340 k Is this ok [y/N]: y Downloading Packages: vsftpd-2.2.2-21.el6.x86_64.rpm | 155 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : vsftpd-2.2.2-21.el6.x86_64 1/1 Verifying : vsftpd-2.2.2-21.el6.x86_64 1/1 Installed: vsftpd.x86_64 0:2.2.2-21.el6 Complete!
配置vsftpd的pam文件
[root@CentOS6 ~]# vim /etc/pam.d/vsftpd.mysql
输入以下内容:
auth required pam_mysql.so user=vsftpd passwd=mageedu host=192.168.0.235 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=mageedu host=192.168.0.235 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
创建系统用户
因为虚拟用户最终要映射为系统用户,所以得创建用于vsftpd映射使用滴用户啦。。。。。
[root@CentOS6 ~]# mkdir -pv /ftproot mkdir: created directory `/ftproot' [root@CentOS6 /]# useradd -s /sbin/nologin -d /ftproot vuser
确保vuser的家目录其他用户能读能执行
[root@CentOS6 /]# ll |grep ftproot/ [root@CentOS6 /]# ll |grep ftpr drwx------ 3 vuser vuser 4096 Mar 27 13:59 ftproot [root@CentOS6 /]# chmod +rx -R /ftproot/ [root@CentOS6 /]# ll |grep ftpr drwxr-xr-x 3 vuser vuser 4096 Mar 27 13:59 ftproot [root@CentOS6 /]#
配置/etc/vsftpd/vsftpd.conf
[root@CentOS6 /]# vim /etc/vsftpd/vsftpd.conf
修改 pamservicename=vsftpd.mysql
匿名用户只允许下载,不允许上传
[root@CentOS6 /]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES #允许匿名账户登录
anonuploadenable=NO #不允许匿名用户上传文件
禁锢所有的用户于其家目录当中
chrootlocaluser=YES #禁锢本地账户的家目录
限制最大并发连接数为200
max_clients=200 #最大允许的客户端连接数
匿名用户的最大传输速率512KB/s
localmaxrate=512000
写入配置文件后,重启vsftp服务即可。
原创文章,作者:N24_Jerry,如若转载,请注明出处:http://www.178linux.com/71959
评论列表(2条)
总结的非常好,详细的操作过程,仔细的解释各参数意义,加油!!!
Have you gone to Bi.mcgatewaybeol? You can look up verses in several different translations there, in many different languages. They have the KJV available. Oh, and pagans don't necessarily think that wealth is a sign of divine favor. Long story. Won't bore you with it here, tho.