Exportfs commands, NFS client issues, using VSFTPD to build FTP

One: Exportfs command

Common options are [-aruv]
-A: Mount or uninstall all
-R: Re-mount
-U: Uninstalling a directory
-V: Show shared Directories
With the Exportfs command, after changing the/etc/exports configuration file, you do not have to restart the NFS service directly with this EXPORTFS
Can. Next we do an experiment, first change the server configuration file:
#vim/etc/exports
Add a line:
/TMP/192.168.0.0/24 (Rw,sync,no_root_squash) #no_root_squash indicates that the root user is not qualified
Then execute the command on the server:
#exportfs-arv
Exporting 192.168.0.0/24:/tmp
Exporting 192.168.0.0/24:/home

Two: NFS Client issues

Before the Client mounts NFS, we need to look at which directories are shared by the server, which requires the
Showmount command, but this command is nfs-utils the package, so you also need to install Nfs-utils:
#yum Install-y Nfs-utils
can now see which directories are shared on the server side:
#showmount-E 192.168.0.10
Export list for 192.168.0.10:
/home 1 92.168.0.0/24
Description: Where 192.168.0.10 is an NFS server-side IP. The
can see the NFS shared information we just configured on the server. SHOWMOUNT-E plus IP can see the sharing of NFS
, in the above example, you can see that the 192.168.0.10 share directory is/home, and the trusted host is
192.168.0.0/24 this network segment.
The following command mounts NFS on the client:
#mount-t nfs-o nfsvers=3 192.168.137.10:/home//mnt/

Description: After-O followed by Mount option, if not-onfsvers=3 the file owner and group in the Mount directory are
Nobody, if the specified nfsvers=3 display 501, so try to add this option, to avoid the confusion of permissions.
#df-H
File system capacity has been used with available percent mount points
/dev/sda3 14G 6.4G 6.7G 50%/
Tmpfs 160M 0 160M 0%/dev/shm
/DEV/SDA1 97M 27M 66M 29%/boot
/DEV/SDB5 989M 19M 920M 3%/Home
192.168.0.10:/home/
989M 19M 920M 3%/mnt
With the df-h command you can see more than one/mnt partition, which is the NFS shared directory.
The Mount command was used in the previous command to Mount NFS, but there are some assertions about mount, the NFS service.
Of The first is to use-t NFS to specify that the mount Type is NFS. In addition, when using NFS, one of the most common options is-O
Nolock, that is, when the NFS service is mounted, the lock is not added. Execute on the client:
#mkdir/test
#mount-T nfs-o nolock 192.168.0.10:/tmp//test/
We can also write the NFS directory you want to mount to the/etc/fstab file on the client, just perform the
Mount-a can be. Add a line in/etc/fstab:
192.168.0.10:/tmp//test NFS Nolock 0 0
Since it has just been mounted, uninstall it first:
#umount/test/
Then execute:
#mount-A
This can also be mounted, and the boot will be automatically mounted.

Three: Using VSFTPD to build FTP

(1) Installation vsftpd
#yum install-y vsftpd Db4-utils
Two packages are installed here, and the dependent packages are installed. Where db4-utils is used to generate a password vault file.
(2) Create an account
VSFTPD default is can support the use of System account system login, but that does not xxx full, so I suggest you refer to
The following method uses the virtual account system.
Establish the system account associated with the virtual account
#useradd virftp-s/sbin/nologin
Create a virtual account-related file
#vim/etc/vsftpd/vsftpd_login//contents are as follows:
Test1
123456
Test2
ABCdef
Change the permissions for this file to increase the security level
#chmod 600/etc/vsftpd/vsftpd_login
The password file used by VSFPTD is definitely not plaintext and needs to generate the corresponding library file
#db_load-T-t hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db
Create virtual account related directories and configuration files
#mkdir/etc/vsftpd/vsftpd_user_conf
#cd/etc/vsftpd/vsftpd_user_conf
(3) Create and user-corresponding profiles
#vim test1//contents are as follows:

Local_root=/home/virftp/test1
Anonymous_enable=no
Write_enable=yes
local_umask=022
Anon_upload_enable=no
Anon_mkdir_write_enable=no
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
Max_per_ip=5
local_max_rate=50000
Description
Local_root is the home directory of the account, anonymous_enable is used to limit whether to allow anonymous account login, if
No indicates that anonymous account login is not allowed, Write_enable=yes indicates writable, local_umask specifies umask value,
Anon_upload_enable whether anonymous accounts are allowed to upload files, anon_mkdir_write_enable whether to allow anonymous accounts
Number can be written. The above is the key configuration parameter, the other temporarily does not care. The steps to create a test2 account are the same as test1.
#mkdir/home/virftp/test1
#chown-R virftp:virftp/home/virftp
#vim/etc/pam.d/vsftpd//Add two lines at the beginning
Auth sufficient/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Sufficient/lib/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Description: My Linux is a 32-bit system, so the library file path is/lib/security/pam_userdb.so, if your
The system is 64, then your library file is in/lib64/security/pam_userdb.so.
(4) Modify the global configuration file/etc/vsftpd.conf
#vim/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes Change to Anonymous_enable=no
#anon_upload_enable =yes to Anon_upload_enable=no
#anon_mkdir_write_enable =yes to Anon_mkdir_write_enable=no
Add again:
Chroot_local_user=yes
Guest_enable=yes
Guest_username=virftp
Virtual_use_local_privs=yes
User_config_dir=/etc/vsftpd/vsftpd_user_conf
Finally start the VSFTPD service
#/etc/init.d/vsftpd start
If the service does not start, it is likely that the previous PURE-FTPD service has not been shut down. The test process and the previous
PURE-FTPD the same. Also, if the user is not logged in, please check the/var/log/secure log.

500,530 Troubleshooting experience with VSFTP deployment
[Email protected] ~]# lftp [email protected]
Password:
lftp [email protected]:~> ls
LS: Login failed: Oops:cannot change directory:/home/virftp/test
The cause of this failure is the local_root=/home/virftp/test I wrote in the test user's config file.
And the home directory I built was test1.
[Email protected] vsftpd_user_conf]# ls/home/virftp/
Test1

Oops:cannot Change Directory:/home/xxxxlogin failed.
When you log in after installing the VSFTP service, you may encounter cannot change directory, followed by an error in the directory of the lander, because the SE setting causes the FTP to be turned off.
Using commands

Getsebool Ftpd_disable_trans

You can view the current status if not on

Then the input command

Setsebool Ftpd_disable_trans 1

Of course, you can add the-p parameter so that you don't need to enter this command every time you start

Setsebool-p Ftpd_disable_trans 1

Service VSFTPD Restart

Similarly, you can do this if the SMB service also encounters the same problem.

Setsebool-p Samba_enable_home_dirs=1
SELinux issues can also be adjusted using the SELinux management in the management tool
You can also choose to close SELinux directly
Setenforce 0--This is temporarily closed
Permanently close modify/etc/selinux/config
Selinux=disable

Login failed: Oops:bad bool value in config file For:anonymous_enablev
Login time to prompt this 500 fault is the user configuration file in the Anonymous_enablev after the line has a space, remove it;
And the start-up time out of this 500 fault is the global configuration file in the Anonymous_enablev after the line there are spaces, remove it.

530 Login Incorrect
The operating system does not match the library file in the/ETC/PAM.D/VSFTPD configuration file. 64-bit system, select/lib64/security/pam_userdb.so
32-bit selection/lib/security/pam_userdb.so
There is also the attention of your iptables whether there is interception.

Exportfs commands, NFS client issues, using VSFTPD to build FTP