1、建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为magedu; 2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“mageedu”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问;
环境 172.16.241.10 samba服务端
172.16.241.11 samba客户端
1、安装samba服务端和客户端
[root@server ~]# yum -y install samba
[root@client ~]# yum -y install samba-client
2、创建共享目录
[root@server ~]# mkdir /data
3、编辑server的smb.cnf修改工作组和添加共享目录
[root@server ~]# vim /etc/samba/smb.conf
workgroup = magedu
…
[shared]
comment = shared
path = /data
public = yes
writable = yes
write list = +develop
hosts allow = 172.16.
4、添加用户和组
[root@server ~]# groupadd develop
[root@server ~]# useradd ubuntu
[root@server ~]# useradd -G develop gentoo
[root@server ~]# useradd -G develop centos
[root@server ~]# echo “gentoo” | passwd –stdin gentoo
[root@server ~]# echo “centos” | passwd –stdin centos
[root@server ~]# echo “ubuntu” | passwd –stdin ubuntu
5、给samba添加用户–密码同用户名
[root@server ~]# smbpasswd -a gentoo
New SMB password:
Retype new SMB password:
Added user gentoo.
[root@server ~]# pdbedit -a ubuntu
new password:
retype new password:
Unix username: ubuntu
[root@server ~]# pdbedit -a centos
new password:
retype new password:
Unix username: centos
[root@server ~]# pdbedit -L
gentoo:3307:
ubuntu:3309:
centos:3308:
6、挂载测试权限
[root@client ~]# mount -t cifs -o username=gentoo,password=gentoo //172.16.241.10/shared /data
[root@client ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 19G 3.2G 16G 17% /
devtmpfs 228M 0 228M 0% /dev
tmpfs 237M 0 237M 0% /dev/shm
tmpfs 237M 4.9M 233M 3% /run
tmpfs 237M 0 237M 0% /sys/fs/cgroup
/dev/sda1 197M 104M 94M 53% /boot
tmpfs 48M 0 48M 0% /run/user/0
//172.16.241.10/shared 19G 4.1G 15G 22% /data
[root@client ~]# touch /data/123
[root@client ~]# ll /data/
total 0
-rw-r–r–. 1 3307 3308 0 May 21 23:53 123
-rw-r–r–. 1 3307 3308 0 May 21 23:55 1234
[root@client ~]# mount -t cifs -o username=centos,password=centos //172.16.241.10/shared /data
[root@client ~]# touch /data/1231231
[root@client ~]# ll /data/
total 0
-rw-r–r–. 1 3307 3308 0 May 21 23:53 123
-rw-r–r–. 1 root root 0 May 17 19:17 123123
-rw-r–r–. 1 3308 3309 0 May 21 23:57 1231231
-rw-r–r–. 1 3307 3308 0 May 21 23:55 1234
[root@client ~]# umount /data/
[root@client ~]# mount -t cifs -o username=ubuntu,password=ubuntu //172.16.241.10/shared /data
[root@client ~]# touch /data/123123
touch: cannot touch ‘/data/123123’: Permission denied
2、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200:;
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
环境:vsftpd 192.168.44.20 用于安装vsftpd和maridb
nfs 192.168.44.22 用于安装nfs
一、安装nfs并导出共享的文件夹
1、安装nfs
[root@nfs ~]# yum -y install nfs-utils
[root@nfs ~]# systemctl start nfs
[root@nfs ~]# systemctl status nfs
● nfs-server.service – NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Mon 2017-05-22 03:18:12 EDT; 6s ago
2、创建
[root@nfs ~]# mkdir /data/
3、导出目录
[root@nfs ~]# vim /etc/exports
/data/ 192.168.44.20(rw,no_root_squash) —注:数据库初始化时需要使用到root权限,在数据库初始化完成以后可以关闭root权限
[root@nfs ~]# exportfs -r
4、测试导出目录
[root@vsfptd ~]# showmount -e 192.168.44.22
Export list for 192.168.44.20
/data 192.168.44.20
5、vsftpd服务器挂载导出的目录
[root@vsfptd mysql]# mount -t nfs 192.168.44.22:/data /data
[root@vsfptd mysql]# df -h
192.168.44.22:/data 19G 3.2G 16G 17% /data
二、安装数据库
1、解压mariadb数据库到/usr/local下
[root@vsftpd src]# tar xf mariadb-10.1.22-linux-glibc_214-x86_64.tar.gz -C /usr/local/
2、创建连接文件到mysql
[root@vsftpd src]# cd ../
[root@vsftpd local]# ln -sv mariadb-10.1.22-linux-glibc_214-x86_64 mysql
‘mysql’ -> ‘mariadb-10.1.22-linux-glibc_214-x86_64’
3、创建mysql用户
[root@vsftpd local]# useradd -u 3306 -s /sbin/nologin mysql
4、创建数据库目录
[root@vsftpd local]# mkdir /data/mysql
[root@vsftpd local]# chown mysql:mysql /data/mysql/
6、初始化数据库
[root@vsftpd local]# chown root:mysql -R mysql
[root@vsftpd mysql]# scripts/mysql_install_db –user=mysql –datadir=/data/mysql/
7、复制mysql的启动文件
[root@vsftpd mysql]# cp support-files/mysql.server /etc/init.d/mysql
8、复制mysql的配置文件并编辑
[root@vsftpd mysql]# cp support-files/my-huge.cnf /etc/my.cnf
[root@vsftpd mysql]# vim /etc/my.cnf
datadir = /data/mysql
innodb_per_file_table = ON
skip_name_resolve = ON
9、导出mysql的头文件和二进制文件路径
[root@vsftpd mysql]# ln -sv /usr/local/mysql/include/ /usr/include/mysql
‘/usr/include/mysql’ -> ‘/usr/local/mysql/include/’
[root@vsftpd mysql]# vim /etc/profile.d/mysql.sh
[root@vsftpd mysql]# . /etc/profile.d/mysql.sh
10、启动mysql
[root@vsftpd mysql]# service mysql start
[root@vsftpd mysql]# netstat -nat
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
三、准备用户数据库
1、修改mysql的密码
[root@vsftpd ~]# mysqladmin -u root -p password “123456”
2、创建用户表
[root@vsftpd ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> create database vsftpd
-> ;
Query OK, 1 row affected (0.03 sec)
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> CREATE TABLE users(id int AUTO_INCREMENT NOT NULL PRIMARY KEY,name char(30) NOT NULL,password char(48) binary NOT NULL );
Query OK, 0 rows affected (0.08 sec)
MariaDB [vsftpd]> DESC users;
+———-+———-+——+—–+———+—————-+
| Field | Type | Null | Key | Default | Extra |
+———-+———-+——+—–+———+—————-+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(30) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+———-+———-+——+—–+———+—————-+
3 rows in set (0.01 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES(‘han’,password(‘123456’));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES(‘tom’,password(‘123456’));
Query OK, 1 row affected (0.02 sec)
MariaDB [vsftpd]> select * from users;
+—-+——+——————————————-+
| id | name | password |
+—-+——+——————————————-+
| 1 | han | 6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | tom | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+—-+——+——————————————-+
3 rows in set (0.00 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd. TO vsftpd@localhost IDENTIFIED BY ‘123456’;
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> GRANT select ON vsftpd.* TO vsftpd@’127.0.0.1′ IDENTIFIED BY ‘123456’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> exit
[root@vsftpd ~]# mysql -uvsftpd -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| test |
| vsftpd |
+——————–+
3、去掉nfs的no_root_squash属性
[root@nfs ~]# vim /etc/exports
[root@nfs ~]# vim /etc/exports
/data/ 192.168.44.20(rw)
[root@nfs ~]# exportfs -r –修改后再次导出
4、编译安装pam_mysql
[root@vsftpd pam_mysql-0.7RC1]# yum -y groupinstall “Development Tools” “Server Platfrom Development”
[root@vsftpd pam_mysql-0.7RC1]# yum -y install pam-devel mariadb-devel openssl-devel
[root@vsftpd pam_mysql-0.7RC1]# ./configure –with-mysql=/usr –with-openssl=/usr –with-pam=/usr –with-pam-mods-dir=/usr/lib64/security/
[root@vsftpd pam_mysql-0.7RC1]# make && make install
四、安装配置vsfptd
1、安装vsftpd
[root@nfs ~]# yum -y install vsftpd
[root@nfs ~]# systemctl start vsftpd
2、创建pam.mysql
[root@nfs pam.d]# vim /etc/pam.d/pam.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=password crpyt=2
3、编辑vsftpd配置文件
[root@nfs pam.d]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES –启用匿名用户登录,默认是开启
anon_root=/ftpdir –定义匿名用户上传目录
anon_mkdir_write_enable=NO –禁止匿名用户创建目录和写入
anon_upload_enable=NO –禁止匿名用户上传
chroot_local_user=NO –禁锢用户在自己的家目录
pam_service_name=pam.mysql –指明使用的pam文件
guest_enable=YES — 启用来宾账户
guest_username=vuser –指定来宾账户名
anon_upload_enable=YES –开启匿名用户上传
anon_max_rate=512000 –限制匿名用户的最大传输速率
max_clients=200 –vsftpd的最大客户端连接数
4、创建来宾账户
[root@vsftpd ~]# useradd -s /sbin/nologin -d /ftproot vuser
[root@vsftpd ~]# chmod 755 /ftproot –修改上传目录使其他用户对该目录有读和执行权限
[root@vsftpd ~]# mkdir /ftproot/{pub,download} –创建用于上传和下载的目录
[root@vsftpd ~]# ll -d /ftproot
drwx-wx-wx 2 vuser vuser 59 May 29 19:45 /ftpdir
5、pam_mysql需使用默认的sock文件路径登录mysql
[root@vsftpd ~]# mkdir -p /var/lib/mysql
[root@vsftpd ~]# ln -s /mydata/data/mysql.sock /var/lib/mysql/mysql.sock
6、修改配置文件后需要重启服务使配置生效
[root@vsftpd ~]# systemctl restart vsftpd
7、测试虚拟用户链接vsftpd
[root@localhost pam.d]# ftp 192.168.44.22
Connected to 192.168.44.22 (192.168.44.22).
220 (vsFTPd 3.0.2)
Name (192.168.44.22:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,44,22,21,254).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Jun 01 17:09 pub
drwxr-xr-x 2 0 0 6 Jun 01 17:09 upload
226 Directory send OK.
ftp> exit
原创文章,作者:胡安慧,如若转载,请注明出处:http://www.178linux.com/75570
