First, Exportfs command
NFS Services on NFS server can not be restarted at will, if you need to restart the service side of the NFS service, you need to mount the server-side shared directory of all the client's load first uninstall all
Client execution:
#umount/mnt///Tips below
UMOUNT.NFS4:/mnt:device is busy
Solve:
The first option: Exit the/MNT directory
[[Email protected] mnt]# CD
[Email protected] ~]# umount/mnt/
The second method:
#umount-L/mnt/
Uninstall the client Mount first, and then restart the NFS service on the server
But if the client has a lot of machines are mounted on the server side of the shared directory, this time a single uninstall is too troublesome, you can use the following command directly on the server:
[[email protected] ~]# EXPORTFS-ARV//execute this command to get the configuration file to take effect again,-arv option explanation see
Exporting 192.168.238.0/24:/home/nfstestdir
Verify the # EXPORTFS-ARV command:
#vi/etc/exports//Edit the configuration file and add the following line
/tmp 192.168.238.130 (Rw,sync,no_root_squash)//Shared/tmp directory, only for 192.168.238.130 this IP to do share, permissions have RW, sync, to the root user unlimited
[[email protected] ~]# EXPORTFS-ARV//execute again # EXPORTFS-ARV
Exporting 192.168.238.130:/tmp
Exporting 192.168.238.0/24:/home/nfstestdir
[[email protected] ~]# showmount-e 192.168.238.128//execute SHOWMOUNT-E command on client
Export list for 192.168.238.128:
/home/nfstestdir 192.168.238.0/24
/tmp 192.168.238.130
[[email protected] ~]# mount-t NFS 192.168.238.128:/tmp//mnt///tmp
[Email protected] ~]# df-h
Filesystem Size used Avail use% mounted on
/dev/sda3 28G 1.4G 27G 5%/
Devtmpfs 479M 0 479M 0%/dev
Tmpfs 489M 0 489M 0%/dev/shm
Tmpfs 489M 6.7M 482M 2%/run
Tmpfs 489M 0 489M 0%/sys/fs/cgroup
/DEV/SDA1 197M 97M 100M 50%/boot
Tmpfs 98M 0 98M 0%/run/user/0
192.168.238.128:/tmp 28G 7.2G 21G 26%/mnt
[[email protected] ~]# ls/mnt///The/mnt/directory of the client machine is the/tmp/directory of the server machine
[[email protected] ~]# ls/tmp///view/tmp/directory on the server to verify that it is consistent with the/mnt/directory file on the client machine
[[email protected] ~]# vi/mnt/1212.txt//Create a 1212.txt file in the client/mnt/directory and write something
[[email protected] ~]# ls-l/tmp///Viewing the file and client files in the server/tmp/directory is root, because we have defined in the/etc/exports file no restrictions on the root user
/tmp 192.168.238.130 (Rw,sync,no_root_squash)
II. Client Issues with NFS
Issue: After the client mounts the shared directory, both the root user and the normal user, the new file is created and the owner group is nobody
FIX: CENTOS6 version encounters this problem more, the workaround is:
[[email protected] ~]# mount-t nfs-oremount,nfsvers=3 192.168.238.128:/tmp//mnt///Add-o option, specify NFS version number 3
Iii. Introduction of FTP
FTP (File Transfer Protocol)
FTP is the abbreviation for file Transfer Protocol (document Transfer Protocol), and Chinese is called "Interfax protocol". Used for two-way transmission of control files on the Internet. At the same time, it is also an application (application). There are different FTP applications based on different operating systems, and all of these applications follow the same protocol to transfer files. In the use of FTP, users often encounter two concepts: "Download" (Download) and "Upload" (Upload). A "Download" file is a copy of a file from a remote host to its own computer; the "upload" file is a copy of the file from your computer to a remote host. In the Internet language, users can upload (download) files to (from) a remote host through a client program.
Operating mechanism
FTP Server
Simply put, a server that supports the FTP protocol is an FTP server.
Like most Internet services, FTP is also a client/server system. The user connects to the FTP server program on the remote host through a client program that supports the FTP protocol. The user sends commands to the server program through the client program, the server executes the commands issued by the user, and returns the results of the execution to the client. For example, a user sends a command asking the server to send a copy of a file to the user, and the server responds to the command, sending the specified file to the user's machine. The client program receives the file on behalf of the user and stores it in the user directory.
Anonymous FTP
When using FTP, you must first log in and obtain the appropriate permissions on the remote host before you can download or upload the file. That is, if you want to transfer files to the same computer, you must have the appropriate authorization for which computer. In other words, the file cannot be transferred unless there is a user ID and password. This situation violates the openness of the Internet, the FTP host on the internet is more than tens of millions, it is impossible to require each user to have an account on each host. Anonymous FTP was created to solve this problem.
Anonymous FTP is a mechanism by which a user can connect to a remote host and download files from it without becoming a registered user. The system administrator has established a special user ID, named Anonymous, that can be used anywhere on the Internet by anyone. Br/> through the FTP program to connect the anonymous FTP host is similar to the way to connect the ordinary FTP host, but only when the user identification ID required to enter the anonymous, the password of the user ID can be any string. In practice, use your own e-mail address as a password, so that the system maintenance program can record who is accessing these files.
It is important to note that anonymous FTP does not apply to all Internet hosts, it only applies to those hosts that provide the service.
When the remote host provides an anonymous FTP service, certain directories are specified to be open to the public, allowing anonymous access. The remaining directories in the system are in a stealth state. As a security measure, most anonymous FTP hosts allow users to download files from them without allowing users to upload files to them, which means that the user can copy all the files on the anonymous FTP host to their machine, but cannot copy any of the files on their machine to an anonymous FTP host. Even if some anonymous FTP hosts do allow users to upload files, users can only upload files to a specified upload directory. Then, the system administrator will check these files, he will move these files to another public download directory for other users to download, in this way, the remote host users are protected, to avoid someone uploading the problematic files, such as virus files.
User Category
Real Account
This type of user refers to having an account number on the FTP service. When such a user logs on to an FTP server, its default home directory is the directory named by its account. However, it can also be changed to other directories. such as the system's home directory and so on.
Guest user
In an FTP server, we often set up an account for different departments or for a specific user. However, this account has the feature that it can only access its own home directory. This way the server protects the security of other files on the FTP service. This type of account, in VSFTPD software, is called the Guest user. An account with such a user can access only the directory under its home directory and not the files outside the home directory.
Anonymous (anonymous) user
This is also what we usually call anonymous access. This type of user means that no account is specified on the FTP server, but it can still access some publicly available resources anonymously.
When we build the FTP server, we need to classify the user according to the type of the user. By default, the VSFTPD server will attribute all established accounts to real users. However, this often does not meet the needs of enterprise security. Because this type of user can not only access their own home directory, but also access to other users ' directories. This will give other users the space to bring a certain security risks. Therefore, the enterprise should according to the actual situation, modify the user's category.
How to use
In the TCP/IP protocol, the FTP standard command TCP port number is 21,port mode with a data port of 20. The task of FTP is to transfer files from one computer to another computer, without the limitation of the operating system.
The computer that requires remote file transfer must have the FTP client installed and running. During the installation of the Windows operating system, the TCP/IP protocol software is usually installed, which includes the FTP client program. But the program is a character interface rather than a graphical interface, which must be done at the command prompt, which is inconvenient.
Another way to start the FTP client work is to use IE browser, users only need to enter the URL address in the IE address bar in the following format: ftp://[Username: password @]ftp server domain name: [Port number]
The method of starting FTP via IE browser, although it can be used, is slower and exposes passwords to Internet Explorer instead of being secure. Therefore, it is common to install and run dedicated FTP client programs.
1. Log on to the Internet on your local computer.
2. The search has a file sharing host or personal computer (usually published on a dedicated FTP server website, which has the name, password and path to enter the host or PC).
3. When connected to a remote host or personal computer, log in to the host or the other person's PC with the username and password provided by the other person.
4. After the remote host or the other person's personal computer login is successful, you can upload what you want to share with others or download something that someone else authorized to share (here is something that can be put on the computer and can be seen on the screen).
5. After completing the work, close the FTP download software, cut off the connection.
Transmission mode
There are two ways to transfer ftp: ASCII, Binary.
ASCII transmission mode
Assuming that the user is copying a file that contains simple ASCII text, if it is not UNIX running on the remote machine, FTP usually automatically adjusts the contents of the file when the file is transferred in order to interpret the file as the format in which the other computer stores the text file.
However, there are often cases where users are transmitting files that contain not text files, which may be programs, databases, word processing files, or compressed files. Before copying any non-text files, use the binary command to tell FTP verbatim copies.
Binary transfer Mode
In binary transmission, the order of the files is saved so that the original and copy are bit-wise. Even files that contain bit sequences on the destination machine are meaningless. For example, the Macintosh transmits the executable file to the Windows system in binary mode, and the file cannot be executed on the other system.
If the binary file is transmitted in ASCII mode, it will still be translated even if it is not required. This can damage the data. (ASCII generally assumes that the first significant bit of each character is meaningless, because the ASCII character combination does not use it.) If a binary file is transferred, all bits are important. )
Support Mode
FTP supports two modes: standard (port mode, active mode), Passive (PASV, passive mode).
Port mode
The FTP client first establishes a connection to the server's TCP 21 port, which is used to send a command that sends the port command on this channel when the client needs to receive data. The port command contains what ports the client uses to receive data. When transmitting data, the server connects to the client's specified port via its TCP 20 port to send the data. The FTP server must establish a new connection with the client to transfer the data.
Passive mode
Establish a control channel similar to standard mode, but send the PASV command after establishing a connection. After the server receives the PASV command, it opens a temporary port (with a port number greater than 1023 less than 65535) and notifies the client of the request to transmit data on this port, the client connects to this port on the FTP server, and the FTP server transmits the data through this port.
Many firewalls are not allowed to accept externally initiated connections when they are set up, so many FTP servers behind firewalls or intranet do not support PASV mode because clients cannot open the high-end port of the FTP server through the firewall, and many intranet clients cannot log on to the FTP server using port mode. Because TCP 20 from the server cannot establish a new connection to the internal network client, it does not work.
Command parameters
Brief introduction
1. Login for FTP server
Anonymous User: FTP Password: FTP
User: ANONYMOUS Password: any email
2. Display file information: Dir/ls
3. Download file: Get file name (download to current directory)
4. Upload file: PUT filename
5. Multi-File Download: MGET
6. Multiple file uploads: mput
7. Exit: BYE
8. Help:
Use
Transfer files between the local host and the remote host.
Grammar
FTP [-d] [-g] [-i] [-n] [-v] [-f] [-K realm] [-q[-c]][HostName [Port]]
Ii. using VSFTPD to build FTP
#yum install-y vsftpd
#useradd-S/sbin/nologin virftp//Create a VIRFTP user but don't let it log on to the system
#vim/etc/vsftpd/vsftpd_login//Modify virtual user's password file, odd behavior username, even behavior password
TestUser1
Aminglinux
TestUser2
#chmod 600/etc/vsftpd/vsftpd_login//Set permissions to 600, not for all users to see
#db_load-T-t hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db//convert password to binary
#ls-L/etc/vsftpd///binary password file is vsftpd_login.db, this file cannot be directly cat
#mkdir/etc/vsftpd/vsftpd_user_conf//Create virtual users the path where their profiles are located
#vim testuser1//Description: The TestUser1 file name created is the same as the user name you created earlier, write the following
Local_root=/home/virftp/testuser1//Define Virtual user home directory
Anonymous_enable=no//Whether anonymous users are allowed, NO
Write_enable=yes//Allow writable, YES
local_umask=022//To define permissions to create new directories for new files
Anon_upload_enable=no//Whether to allow anonymous users to upload, NO
Anon_mkdir_write_enable=no//Whether to allow anonymous users to create directories and write, NO
idle_session_timeout=600//When we connect FTP idle time more than 600 seconds need to log back in
DATA_CONNECTION_TIMEOUT=120//Data transfer time-out 120 seconds
MAX_CLIENTS=10//maximum number of connected clients 10
#mkdir/home/virftp/testuser1//Create a virtual user home directory
#touch/home/virftp/testuser1/aming.txt//Create a Aming.txt file
#chown-R virftp:virftp/home/virftp//Modify Permissions
#vim/etc/pam.d/vsftpd//Add the following two lines to the second line
Auth sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
#ls/lib64/security/pam_userdb.so//must ensure that this file is present
/lib64/security/pam_userdb.so
#vim/etc/vsftpd/vsftpd.conf//Edit Vsftp's master configuration file
Modify Anonymous_enable=yes to Anonymous_enable=no
Modify #anon_upload_enable=yes to Anon_upload_enable=no
Modify #anon_mkdir_write_enable=yes to Anon_mkdir_write_enable=no
Then add the following on the last line:
Chroot_local_user=yes
Guest_enable=yes
GUEST_USERNAME=VIRFTP//define which system user to map to
Virtual_use_local_privs=yes//In order to tell the service we are now using a virtual user
user_config_dir=/etc/vsftpd/vsftpd_user_conf//This line defines the path where the virtual user's configuration file resides
Allow_writeable_chroot=yes
#systemctl start vsftpd//Start VSFTPD Service
#ps aux |grep vsftp//See if the process exists
#netstat-LNTP//Can see that the FTP listening port is 21 port
It is recommended to use the FileZilla Client tool on Windows, which is a very handy piece of software!
#yum install-y lftp//install Linux client software lftp
#lftp[email protected]
Password: Enter password
Lftp[email protected]:~> LS//View the previously created file
-rw-r--r--1 1015 1017 0 June 14:15 Aming.txt
Lftp[email protected]:/>? Use? To see which commands are supported
Lftp[email protected]:/> get Aming.txt//Use the Get command to download files to the current directory
Both scenarios use FTP
The first, the use of the Xshell
Open the Xshell terminal, fill in the following
Enter user name root, password to log in
sftp:/root>cd/tmp/
Sftp:/tmp>ls
Sftp:/tmp>get mysql.sql//get a mysql.sql file
The get down file is saved on the desktop by default and can be set here
The second type: in Xshell, press Ctrl+alt+f
Click Download Xftp, you need to open it to the page to download a plugin to install
EXPORTFS Command NFS Client problem FTP introduction using VSFTPD to build FTP