Exportfs commands, NFS client issues, FTP introduction, using VSFTPD to build FTP services

Exportfs command

The EXPORTFS command is used to manage the list of file systems for the current NFS share.

Common options

• -A: Uninstall all or mount all
• -R: Re-mount
• -U: Uninstalling a directory

• -V: Show shared directory

• Common combination: Exportfs-arv
• After the server changes the configuration file, do not restart the service, directly execute the command can make the changed configuration file take effect.

Note: All mount points need to be uninstalled before restarting the NFS service, or a program error will occur, and the system will be dragged down by severe.

The above operations are done on the service side!

Test

In the/etc/exports configuration file on the server side, add a row. Share the/tmp/directory separately to 192.168.159.132 this IP. [[email protected] ~]# vim/etc/exports....../tmp 192.168.159.132 (Rw.sync,no_root_squash) re-makes the configuration file effective: [[email]  protected] ~]# exportfs-arvexporting 192.168.159.132:/tmpexporting 192.168.159.0/24:/home/ Nfstestdir Check whether the client has access to the server-side file: [[email protected] ~]# showmount-e 192.168.159.131Export list for 192.168.159.131:/ Home/nfstestdir 192.168.159.0/24/tmp 192.168.159.132//found that the NFS service was not restarted and the configuration is in effect mount the TMP directory to the MNT directory on the client [[email p Rotected] ~]# mount-t NFS 192.168.159.131:/tmp//mnt/[[email protected] ~]# df-h file system capacity used available% mounted Point...... 192.168.159.131:/tmp 16G 5.2G 11G 33%/mnt//now the/mnt/directory on the client server is the server's/tmp/directory to create the file under the client's/mnt/directory and view the files under the directory to see the newly created file 1 . txt and 2.txt files belong to the main group are root[[email protected] ~]# touch/mnt/1.txt[[email protected] ~]# ls-l/mnt Total dosage 0- Rw-r--r--. 1 root root 0 January 21:15 1.txt again look at the server/tmp/directory, 1.txt files belong to the group and the owner is also root[[email protected] ~]# ls-l/tmp/total consumption 0-rw-r--r--. 1 root root 0 January 21:15 1.txt

• This is because No_root_squash is used in the server-side configuration file, so the root user is unconstrained and, under the mount point on the client, it is unrestricted to use the root user in the local disk (typically, there is no limit to the number of root users.) ）

NFS Client Issues

• This issue occurs with NFS version 4
• When a client mounts a shared directory, whether it is a root user or a normal user, a new file is created with the owner and group nobody
• Add-o nfsvers=3 when client mounts
• Both the client and the server need
• vim/etc/idmapd.conf//
• Change "#Domain = local.domain.edu" to "Domain = xxx.com" (xxx.com here, define it arbitrarily), and then restart the RPCIDMAPD service

In CENTOS6, there are more problems with this issue for NFS version 4.

• Issue: After the client mounts the shared directory, whether it is a root user or a normal user, the owner or group is nobody when the new file is created, although it has been defined that the No_root_squash does not restrict the root user, After the final creation of the file, it is found that the owner and the group are not root or limited to 1000, but instead show the nobody, which is the problem with the NFS 4 version, especially on the CENTOS6 system

• Workaround:

  • Method One: When the client mounts, plus-o nfsvers=3, meaning that the version of NFS is specified as 3, not in the 4 version

    • Mount-t nfs-o nfsvers=3 192.168.202.130:/tmp//mnt/
      • If you do not want to uninstall, the direct mount, you can use Mount-t nfs-oremount,nfsvers=3 192.168.202.130:/tmp//mnt/(if the first to mount)
  • Method Two: Change the configuration file vim/etc/idmapd.conf, "#Domain = local.domain.edu" to "Domain = xxx.com" (Here xxx.com, feel free to define it), and then restart the RPCIDMAPD service
    • In the CNETOS7, itself is no RPCIDMAPD service, only need to restart the Rpcbind service can be

Introduction to FTP

FTP (File Transfer Protocol) Files Transfer protocol for controlling two-way transmission of files over the Internet. The primary role of FTP is to have users connect to a remote computer (which runs an FTP server program) to see what files are on the remote computer, and then copy the files from the remote computer to the local computer, or transfer the local files to the remote computer.
This service is used more in small companies, because the security of the FTP service is poor, so the large companies do not use the service.

Using VSFTPD to build an FTP service

VSFTPD package on CentOS

• Installation

  [email protected] ~]# Yum install-y vsftpd

• Create user

  VSFTPD can log on using a system-level user, but it is not secure, so you need to create a virtual user with VSFTPD. Create a system here the role of a normal user is to enable VSFTPD virtual users to map and then complete the transfer of data.

  [Email protected] ~]# useradd-s/sbin/nologin virftp

• Edit a virtual user's password file

  [Email protected] ~]# Vim/etc/vsftpd/vsftpd_login
  TestUser1
  123456
  User1
  112233
  Note that the odd behavior in the configuration file is user name, even behavior password.

  Configure permissions for password files when you are finished configuring
  [Email protected] ~]# chmod 600/etc/vsftpd/vsftpd_login

• Converts a password file in text form to a computer-recognized binary file

  [[email protected] ~]# db_load-t-t hash-f/etc/vsftpd/vsftpd_login/etc/ Vsftpd/vsftpd_login.db
  [[email protected] ~]# ls-l/etc/vsftpd/
  ...
  -rw-------. 1 root root 30 January 15:08 vsftpd_login
  -rw-r--r--. 1 root root 12288 January 15:12 vsftpd_login.db
  // A vsftpd_login.db file was generated that is not a cat

• Create a virtual user profile

  Create a profile directory:
  [[email protected] ~]# mkdir/etc/vsftpd/vsftpd_user_conf

  Switch to new directory:
  [[email protected] ~]# cd/etc/vsftpd/vsftpd_user_conf/

  Create profile for first User:
  [[email  Protected] vsftpd_user_conf]# vim TestUser1
  //The profile name of the virtual user is consistent with the virtual user name.
  //Put the following content in the configuration file.
  Local_root=/home/virftp/testuser1
  //define Virtual User home directory
  Anonymous_enable=no
  //Allow anonymous user login
  write_enable= YES
  //writable
  local_umask=022
  //define default permissions when creating new files
  Anon_upload_enable=no
  //Whether anonymous users are allowed to upload files
  Anon_mkdir_ Write_enable=no
  //Whether anonymous users are allowed to create directory files
  idle_session_timeout=600
  //idle user retention time, 600 seconds no operation automatically disconnects.
  data_connection_timeout=120
  //Data transfer timeout
  max_client=10
  //client maximum number of connections

• Create virtual user home directory

  Create virtual User home directory:
  [[email protected] vsftpd_user_conf]# mkdir/home/virftp/testuser1

  Create a file that you can see at logon
  [[email protected] vsftpd_user_conf]# touch/home/virftp/testuser1/testftp.txt

  Modify the owner group of the virtual user home directory:
  [[email protected] vsftpd_user_conf]# chown-r virftp:virftp/home/virftp

  Edit VSFTPD's Authentication file:
  [[email protected] vsftpd_user_conf]# vim/etc/pam.d/vsftpd
  //This is the authentication file when you log in to FTP.
  //Add the following two lines of code to the beginning of the file
  #%pam-1.0
  Auth sufficient/lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
  Account sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

  //These two lines of code are used to specify the user password file location

  // In CENTOS6 because of the distinction between 32-bit and 64 versions, note whether the file is in Lib32 or lib64. If it is 32 bits, the path writes lib64, causing the service to fail to start.

• Edit vsftpd master configuration file

  [[email protected] vsftpd_user_conf]# vim/etc/vsftpd/vsftpd.conf
  ...
  Anonymous_enable=no
  //changed from Yes to NO. Anonymous users are not allowed to log on to
  Anon_upload_enable=no
  //Cancel the previous comment and change from Yes to NO. Anonymous users are not allowed to upload files.
  Anon_mkdir_write_enable=no
  //cancels the previous comment and is changed from Yes to NO. Create directory
  is not allowed ...
  at the end of the file, add the following:
  Chroot_local_user=yes
  Guest_enable=yes
  guest_username=virftp
  //Turn on mappings for virtual users and system users
  Virtual_use_local_privs=yes
  //Tell service to use virtual user
  User_config_dir=/etc/vsftpd_user_conf
  //define Virtual User profile path
  Allow_writeable_chroot=yes

• Start service

  Start service:
  [[email protected] vsftpd_user_conf]# systemctl start vsftpd

  View process:
  [[ Email protected] vsftpd_user_conf]# PS aux | grep vsftp
  Root 2795 0.0 0.0 53216 572? Ss 16:11 0:00/usr/sbin/vsftpd/etc/vsftpd/vsftpd.conf
  Root 2797 0.0 0.0 112680 976 pts/0 r+ 16:11 0:00 grep--color=au To VSFTP
  //process already exists

  View listening port:
  [[email protected] vsftpd_user_conf]# netstat-lntp
  Active Internet connections (servers)
  Proto recv-q send-q Local address Foreign address State pid/program name
  TCP6 0 0::: 21 :::* LISTEN 2795/vsftpd

  //VSFTPD service listening 21 port
  //FTP service listening 21 port; sshd listening 22 port; Telnet listening on 23 port.

• Test

  To install the FTP client under Linux:
  [email protected] ~]# Yum install-y lftp

  To log on to the FTP client using a virtual user:
  [Email protected] ~]# lftp [email protected]
  Password:

  lftp [email protected]:~> ls
  Drwxr-xr-x 2 1004 1005 07:24 TestUser1
  lftp [email protected]:/> ls testuser1
  -rw-r--r--1 1004 1005 0 Jan 07:24 testftp.txt
  Use the LS command to see what files are in the virtual user's home directory, and to discover the files that were created before.
  LS Error 500, no off SELinux

  lftp [email protected]:/>?
  ？ You can see which commands are supported by FTP.

  Transfer the Testftp.txt to this machine:
  lftp [email protected]:/> get testuser1/testftp.txt
  lftp [Email protected]:/> quit
  [[email protected] ~]# ls
  Testftp.txt

  The directory that accepts the file is the current directory, which is the directory into the FTP service.
  Common command put, get

The FTP service can be tested on Windows using FileZilla software.

• Using Xshell to implement FTP functionality

  • Method One: Using SFTP

  New session → name custom → protocol Select sftp→ host for remote host ip→ port number default 22.

  To connect to a remote host, you can log in to FTP using a common user name password.

  Right-click Remote Connection Properties, SFTP can set the downloaded file storage location

  • Method Two: Use Xftp
    To exit the current session in Xshell use the key combination: Ctrl+alt+f, prompt to download, download after installation can be used.

Exportfs commands, NFS client issues, FTP introduction, using VSFTPD to build FTP services