Exportfs commands, NFS client issues, FTP introduction, using VSFTPD to build FTP

Exportfs command

The EXPORTFS command is used to manage the list of file systems for the current NFS share.
Common options
-A: Uninstall all or mount all
-R: Re-mount
-U: Uninstalling a directory
-V: Show shared directory
Common combination: Exportfs-arv
After the server changes the configuration file, do not restart the service, directly execute the command can make the changed configuration file take effect.
Note: Before restarting the NFS service, all mount points need to be uninstalled, or a program error will occur, and the system will be dragged down by severe.
The above operations are done on the service side!
Test
In the/etc/exports configuration file on the server side, add a row. Share the/tmp/directory separately to 192.168.1.107 this IP.

[Email protected] ~]# Vim/etc/exports
......
/tmp 192.168.1.107 (Rw.sync,no_root_squash)

Re-make the configuration file effective:
[Email protected] ~]# Exportfs-arv
Exporting 192.168.1.107:/tmp
Exporting 192.168.1.0/24:/home/nfstestdir

Check that the client has permission to access the server-side files:
[Email protected] ~]# showmount-e 192.168.1.107
Export list for 192.168.1.107
/home/nfstestdir 192.168.1.0/24
/tmp 192.168.1.107
The discovery does not restart the NFS service and the configuration is already in effect

Mount the TMP directory to the MNT directory on the client
[Email protected] ~]# mount-t NFS 192.168.1.107:/tmp//mnt/

[Email protected] ~]# df-h
File system capacity has been used with available% mount points
...... 192.168.159.131:/tmp 16G 5.2G 11G 33%/mnt
The/mnt/directory on the client server is now the/tmp/directory for server servers

Create a file in the client's/mnt/directory, and view the files in the directory, you can see the new files of the 1.txt and 2.txt files belong to the owner is root
[Email protected] ~]# Touch/mnt/1.txt
[Email protected] ~]# ls-l/mnt
Total dosage 0
-rw-r--r--. 1 root root 0 January 21:15 1.txt

Look at the server/tmp/directory, the genus and owner of the 1.txt file are also root
[Email protected] ~]# ls-l/tmp/
Total dosage 0
-rw-r--r--. 1 root root 0 January 21:15 1.txt
This is because No_root_squash is used in the server-side configuration file, so the root user is unconstrained and, under the mount point on the client, it is unrestricted to use the root user in the local disk (typically, there is no limit to the number of root users.) ）

NFS Client Issues

This issue occurs with NFS version 4
When a client mounts a shared directory, whether it is a root user or a normal user, a new file is created with the owner and group nobody
Add-o nfsvers=3 when client mounts
Both the client and the server need
vim/etc/idmapd.conf//
Change "#Domain = local.domain.edu" to "Domain = xxx.com" (xxx.com here, define it arbitrarily), and then restart the RPCIDMAPD service
In CENTOS6, there are more problems with this issue for NFS version 4.
Issue: After the client mounts the shared directory, whether it is a root user or a normal user, the owner or group is nobody when the new file is created, although it has been defined that the No_root_squash does not restrict the root user, After the final creation of the file, it is found that the owner and the group are not root or limited to 1000, but instead show the nobody, which is the problem with the NFS 4 version, especially on the CENTOS6 system

Workaround:
Method One: When the client mounts, plus-o nfsvers=3, meaning that the version of NFS is specified as 3, not in the 4 version
Mount-t nfs-o nfsvers=3 192.168.202.130:/tmp//mnt/
If you do not want to uninstall, the direct mount, you can use Mount-t nfs-oremount,nfsvers=3 192.168.202.130:/tmp//mnt/(if the first to mount)
Method Two: Change the configuration file vim/etc/idmapd.conf, "#Domain = local.domain.edu" to "Domain = xxx.com" (Here xxx.com, feel free to define it), and then restart the RPCIDMAPD service
In the CNETOS7, itself is no RPCIDMAPD service, only need to restart the Rpcbind service can be

Introduction to FTP

FTP (File Transfer Protocol) Files Transfer protocol for controlling two-way transmission of files over the Internet. The primary role of FTP is to have users connect to a remote computer (which runs an FTP server program) to see what files are on the remote computer, and then copy the files from the remote computer to the local computer, or transfer the local files to the remote computer.
This service is used more in small companies, because the security of the FTP service is poor, so the large companies do not use the service.

Using VSFTPD to build an FTP service

VSFTPD package on CentOS
Installation
[email protected] ~]# Yum install-y vsftpd

Create user

VSFTPD can log on using a system-level user, but it is not secure, so you need to create a virtual user with VSFTPD. Create a system here the role of a normal user is to enable VSFTPD virtual users to map and then complete the transfer of data.

[Email protected] ~]# useradd-s/sbin/nologin virftp

Edit a virtual user's password file

[Email protected] ~]# Vim/etc/vsftpd/vsftpd_login
TestUser1
123456
User1
112233
Note that the odd behavior in the configuration file is user name, even behavior password.

Configure permissions for password files when you are finished configuring
[Email protected] ~]# chmod 600/etc/vsftpd/vsftpd_login

Convert a password file in text form to a computer-recognized binary file

[Email protected] ~]# db_load-t-t hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db
[Email protected] ~]# ls-l/etc/vsftpd/
......
-RW-------. 1 root root 30 January 15:08 Vsftpd_login
-rw-r--r--. 1 root root 12288 January 15:12 vsftpd_login.db
A vsftpd_login.db file was generated and this file is not cat-

Create a virtual user profile

To create a configuration file directory:
[Email protected] ~]# mkdir/etc/vsftpd/vsftpd_user_conf

Switch to the new directory:
[Email protected] ~]# cd/etc/vsftpd/vsftpd_user_conf/

Create a profile for the first user:
[Email protected] vsftpd_user_conf]# vim TestUser1
The profile name of the virtual user is consistent with the virtual user name.
Place the following content in the configuration file.
Local_root=/home/virftp/testuser1
Define a virtual user home directory
Anonymous_enable=no
Whether to allow anonymous users to log on
Write_enable=yes
Whether it can be written
local_umask=022
Define default permissions when creating a new file
Anon_upload_enable=no
Whether to allow anonymous users to upload files
Anon_mkdir_write_enable=no
Whether to allow anonymous users to create directory files
idle_session_timeout=600
Idle user retention time, 600 seconds no operation automatic disconnection.
data_connection_timeout=120
Data transfer time-out period
max_client=10
Maximum number of client connections

Create a virtual user home directory

To create a virtual user home directory:
[Email protected] vsftpd_user_conf]# Mkdir/home/virftp/testuser1

Create a file that you can see when you log in
[Email protected] vsftpd_user_conf]# Touch/home/virftp/testuser1/testftp.txt

Modify the owner group of the virtual user home directory:
[Email protected] vsftpd_user_conf]# chown-r virftp:virftp/home/virftp

Edit the VSFTPD certification file:
[Email protected] vsftpd_user_conf]# VIM/ETC/PAM.D/VSFTPD
This is the authentication file when you log in to FTP.
Add the following two lines of code to the beginning of the file
#%pam-1.0
Auth sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login
Account Sufficient/lib64/security/pam_userdb.so Db=/etc/vsftpd/vsftpd_login

These two lines of code are used to specify the user password file location

In CENTOS6 because of the distinction between 32-bit and 64 versions, note whether the file is in Lib32 or lib64. If it is 32 bits, the path writes lib64, causing the service to fail to start.

Edit the VSFTPD master configuration file

[Email protected] vsftpd_user_conf]# vim/etc/vsftpd/vsftpd.conf?
......
Anonymous_enable=no
Change from Yes to No. Do not allow anonymous users to log on
Anon_upload_enable=no
Cancel the previous comment and change it from Yes to No. Anonymous users are not allowed to upload files.
Anon_mkdir_write_enable=no
Cancel the previous comment and change it from Yes to No. Do not allow directory creation
......
At the end of the file, add the following:
Chroot_local_user=yes
Guest_enable=yes
Guest_username=virftp
Turn on mappings for virtual users and system users
Virtual_use_local_privs=yes
Tell the service to use a virtual user
User_config_dir=/etc/vsftpd_user_conf
Define a virtual user profile path
Allow_writeable_chroot=yes

Start the service

Start the service:
[Email protected] vsftpd_user_conf]# systemctl start vsftpd

To view a process:
[[Email protected] vsftpd_user_conf]# PS aux | grep vsftp
Root 2795 0.0 0.0 53216 572? Ss 16:11 0:00/usr/sbin/vsftpd/etc/vsftpd/vsftpd.conf
Root 2797 0.0 0.0 112680 976 pts/0 r+ 16:11 0:00 grep--color=auto vsftp
Process already exists

To view the listening port:
[Email protected] vsftpd_user_conf]# NETSTAT-LNTP
Active Internet connections (only servers)
Proto recv-q send-q Local address Foreign address State Pid/program name?
TCP6 0 0::: +:::* LISTEN 2795/vsftpd

VSFTPD Service Monitor 21 port
The FTP service listens on port 21, sshd listens on port 22, and Telnet listens on port 23.

Test

To install the FTP client under Linux:
[email protected] ~]# Yum install-y lftp

To log on to the FTP client using a virtual user:
[Email protected] ~]# lftp [email protected]
Password:

lftp [email protected]:~> ls
Drwxr-xr-x 2 1004 1005 07:24 TestUser1
lftp [email protected]:/> ls testuser1
-rw-r--r--1 1004 1005 0 Jan 07:24 testftp.txt
Use the LS command to see what files are in the virtual user's home directory, and to discover the files that were created before.
LS Error 500, no off SELinux

lftp [email protected]:/>?
？ You can see which commands are supported by FTP.

Transfer the Testftp.txt to this machine:
lftp [email protected]:/> get testuser1/testftp.txt
lftp [Email protected]:/> quit
[[email protected] ~]# ls
Testftp.txt

The directory that accepts the file is the current directory, which is the directory into the FTP service.
Common command put, get

The FTP service can be tested on Windows using FileZilla software.

Using Xshell to implement FTP functionality

O method One: Using SFTP
New session → name custom → protocol Select sftp→ host for remote host ip→ port number default 22.
To connect to a remote host, you can log in to FTP using a common user name password.
Right-click Remote Connection Properties, SFTP can set the downloaded file storage location
Method Two: Use Xftp
Quit current session in Xshell use key combination: Ctrl+alt+f, prompt to download, download and install to use

Exportfs commands, NFS client issues, FTP introduction, using VSFTPD to build FTP