How to Use NFS and FTP in Linux
I. NFS
1. Introduction to NFS
NFS stands for network file system. network file system: nfs depends on network bandwidth.
NFS allows a system to share directories and files with others on the network. NFS users and programs can access files on the remote system just like accessing local files.
If there are three machines A, B, and C, they need to access the same directory. The traditional method is to put these images in A, B, C. however, to use NFS, you only need to put it on A and share A with B and C. B and C access the directory on A through the network.
2. install and configure the NFS service
Two packages (nfs-utils and rpcbind) need to be installed)
# Yum install-y nfs-utils will install the dependency package rpcbind at the same time
Input the following content on the machine that provides nfs service vim/etc/exports
/Home/192.168.20.0/24 (rw, sync, all_squash, anonuid = 501, anongid = 501)
It consists of three parts:
/Home/the first part is the local directory to be shared
The second part of 192.168.20.0/24 is that the host that is allowed to access can be an IP address or an IP segment.
(Rw, sync, all_squash, anonuid = 501, anongid = 501) The third part is some permission options in parentheses. Permission-based read/write synchronization limits all users, and the uid and gid must both be 501501 accounts.
An error occurs when the nfs service starts rpcbind and nfs is started again.
/Etc/init. d/rpcbind start
/Etc/init. d/nfs start
3. Descriptions of NFS configuration options
Rw readable and writable
Ro read-only
In sync Mode, data in the memory is always written to the disk.
Async does not synchronize the data in the memory into the disk periodically
No_root_squash squash refers to squeeze and literal meaning that root permissions are not squashed. With this option, the root user will have the highest permission to the shared directory, just like operating the local directory.. Not recommended
Root_squash corresponds to the above options. The root user's permission to the shared directory is not high. Only the permissions of common users limit the root user's permission.
All_squash no matter who the NFS user is, his identity will be limited to a specified normal user identity
Anonuid/anongid must be used together with root_squash and all_squash to specify the uid and gid after the User-Defined NFS is used, provided that the uid and gid exist in the local/etc/passwd.
4. mount NFS on the client
The nfs package # yum install-y nfs-utils must also be installed on the client machine.
Check iptables to clear iptables.
Disable selinux Firewall
View the directories shared by the server # showmount-e 192.168.20.30nfs Server IP Address
When the client uses showmount-e, an error is reported, indicating that the RPC program is not registered.
[Root @ yong ~] # Showmount-e 192.168.20.30
Clnt_create: RPC: Program not registered
The error occurs because the Starting sequence of the rpcbind service and NFS service is incorrect. Stop the service first, restart the rpcbind service, and then start the nfs service.
[Root @ localhost ~] #/Etc/init. d/nfs stop
[Root @ localhost ~] #/Etc/init. d/rpcbind stop
The execution is displayed correctly after the restart.
[Root @ localhost ~] #/Etc/init. d/rpcbind start
[Root @ localhost ~] #/Etc/init. d/nfs start
[Root @ yong ~] # Showmount-e 192.168.20.30
Export list for 192.168.20.30:
/Home 192.168.20.0/24
Mount the nfs command of the server on the client
Mount-t nfs-o nolock, nfsvers = 3 192.168.20.30:/home // mnt/
// If-onolock is not added, nfsvers = 3, the file owner and group in the Mount directory are both nobodies. If nfsvers = 3 is specified, the system displays root.
-O nolock: The nfsvers version is 3. The default value is 4.
Df-h to view mounting information
Test nfs
The shared/home directory on the server allows access from machines in the 192.168.20.0 network segment. The identity of the nfs user is 501.
[Root @ localhost home] # cat/etc/exports
/Home/192.168.20.0/24 (rw, sync, all_squash, anonuid = 501, anongid = 501)
[Root @ localhost/] # ls-ld home/
Drwxr-xr-x. 8 root 4096 11:33 home/
[Root @ localhost home] # ls-ld
Rwxr-xr-x 2 root 4096 May 15 15:54 logs
Drwx ------. 3 mysql 4096 May 11 14:47 mysql
Drwx ------. 4 php-fpm 4096 May 13 14:24 php-fpm
Drwx ------ 2 test 4096 May 22 11:40 test
[Root @ localhost home] # mkdir 111
[Root @ localhost home] # chmod 777 111
Create a new folder on the client machine. Mount the/home directory of the nfs server to the nfs directory. Then run df-h to view the mounted nfs.
12345678910 [root @ yong ~] # Mkdir nfs
[Root @ yong ~] # Mount-t nfs 192.168.20.30:/home // root/nfs/
[Root @ yong ~] # Df-h
Filesystem Size Used Avail Use % Mounted on
/Dev/mapper/VolGroup-lv_root
19 GB 2.9G 15G 17%/
Tmpfs 250 M 0 250 M 0%/dev/shm
/Dev/sda1 477 M 46 M 407 M 11%/boot
/Dev/sdb2 6.0G 93 M 5.6G 2%/data
192.168.20.30:/home/18G 2.1G 15G 13%/root/nfs
The ls-l column lists the owner and group of the files in the shared directory as nobody. Create a directory in the nfs directory or the file prompts that the permission is denied.
[Root @ yong nfs] # ls-l
Drwxr-xr-x 2 nobody 4096 May 15 logs
Drwx ------ 3 nobody 4096 May 11 14:47 mysql
Drwx ------ 4 nobody 4096 May 13 14:24 php-fpm
Drwx ------ 2 nobody 4096 May 22 test
[Root @ yong nfs] # mkdir abc
Mkdir: cannot create directory 'abc': Permission denied
[Root @ yong nfs] # touch 1.txt
Touch: cannot touch '1.txt ': Permission denied
Create the 111 directory in the server/home directory and set the permission to 777. The client enters the 111 directory and the owner and group of the files that can be created by creating directories or files are nobodoy.
12 [root @ yong 111] # ls-l
-Rw-r -- 1 nobody 0 May 22 13:40 1.txt
Unmount and remount add parameter-o nolock, if nfsvers = 3 is displayed, the root user enters the 111 directory and the master and group permissions of the newly created file are 501. Because the client already has 501, the corresponding account is user1, so the account is shown as user1.
[Root @ yong ~] # Umount/root/nfs/
[Root @ yong ~] # Mount-t nfs-o nolock, nfsvers = 3 192.168.20.30:/home // root/nfs/
[Root @ yong nfs] # ls-l
Drwxrwxrwx 2 root 4096 May 22 111
Drwxr-xr-x 2 root 4096 May 15 logs
Drwx ------ 3 500 testgroup 4096 May 11 mysql
Drwx ------ 4 user1 user1 4096 May 13 14:24 php-fpm
Drwx ------ 2 php-fpm 4096 May 22 11: 40 test
[Root @ yong nfs] # cd 111
[Root @ yong 111] # touch 2.txt
[Root @ yong 111] # ls-l
-Rw-r -- 1 user1 user1 0 May 22 2015 2.txt
[Root @ yong 111] # id-u user1
501
5. Use of the exportfs command
-A: Mount or detach all
-R remount
-U Uninstall a directory
-V: Display shared directories
/Home/192.168.20.0/24 (rw, sync, no_root_squash) does not limit that the master Group of the user created by the root user client is root.
You can modify the permission to delete files.
Run the command # exportfs-arv to make the/etc/exports configuration file take effect after changing the/etc/exports configuration file.
We can also write the nfs directory to be mounted to the/etc/fstab file on the client, 192.168.20.10:/tmp // test nfs nolock 0 0, and then mount-
In the experiment, changing nfs configuration on the server does not suppress root permissions.
1234 [root @ localhost home] # cat/etc/exports
/Home/192.168.20.0/24 (rw, sync, no_root_squash)
[Root @ localhost home] # exportfs-arv
Exporting 192.168.20.0/24:/home
Mounting nfs on the client does not specify whether the account displayed in the nfsvers version is still nobody, but you can directly create a file with the root permission.
[Root @ yong ~] # Mount-t nfs 192.168.20.30:/home // root/nfs/
[Root @ yong ~] # Cd nfs/
[Root @ yong nfs] # touch 1.txt
[Root @ yong nfs] # ls-l
Drwxrwxrwx 2 nobody 4096 May 22 14:25 111
-Rw-r -- 1 nobody 0 May 22 2015 1.txt
Unmount nfs: Specify the Mounting Parameter again. After mounting, the account is root.
1234567 [root @ yong ~] # Umount/root/nfs/
[Root @ yong ~] # Mount-t nfs-o nolock, nfsvers = 3 192.168.20.30:/home // root/nfs/
[Root @ yong ~] # Cd nfs/
[Root @ yong nfs] # touch 1.txt
[Root @ yong nfs] # ls-l
Drwxrwxrwx 2 root 4096 May 22 111
-Rw-r -- 1 root 0 May 22 2015 1.txt
Ii. ftp
1. What is ftp
FTP is short for the File Transfer Protocol, and the Chinese abbreviation is "File Transfer Protocol" for controlling the two-way transmission of files on the Internet.
The main function of FTP is to allow users to connect to a remote computer. These computers run the FTP server program to check which files are available on the remote computer and then copy the files from the remote computer to the local computer or the computer files are sent to the remote computer.
In CentOS or RedHat Linux, the built-in ftp software is vsftpd.
2. Use pure-ftpd to build the FTP service
Pure-ftpd official http://www.pureftpd.org/project/pure-ftpd
Pure-ftpd is a server Tool
Install the epel extension source and then install the pure-ftpd package.
# Yum install-y epel-release
# Yum install-y pure-ftpd
Yum list allows you to view the source of the package
123 [root @ pma ~] # Yum list | grep pure-ftpd
Pure-ftpd.i686 1.0.30-1. el6 epel
Pure-ftpd-selinux.i686 1.0.30-1. el6 epel
Pure-ftpd configuration template reference
Cat/etc/pure-ftpd/pure-ftpd.conf
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 50
Daemonize yes
MaxClientsPerIP 8
VerboseLog no
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous yes
SyslogFacility ftp
DontResolve yes
MaxIdleTime 15
PureDB/etc/pure-ftpd/pureftpd. pdb
LimitRecursion 3136 8
AnonymousCanCreateDirs no
MaxLoad 4
AntiWarez yes
Umask 133: 022
MinUID 10
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload no
CustomerProof yes
Generate random string username length is 5 no special characters no numbers no uppercase letters password no special characters then redirect to a file
If there is no mkpasswd command, you need to install the keep CT package # yum install-y keep CT
User = 'mkpasswd-l 5-s 0-d 0-C 0'
Pass = 'mkpasswd-s 0'
Echo $ user $ pass>/tmp/ftp. pass
12 [root @ localhost ~] # Cat/tmp/ftp. pass
Zwdlc EEoz14swg
Create an ftp service directory for sharing
# Mkdir/data/ftp
# Echo-e "$ pass \ n $ pass" | pure-pw useradd $ user-u test-d/data/ftp/
Pure-pw creates a user
-U test maps a user that must exist in a user system. Map created random users to users in the system
Pure-pw mkdb # create a password file to save the user and password to a binary file. Path in the path specified by PureDB in the/etc/pure-ftpd/pure-ftpd.conf configuration file
[Root @ localhost ~] # Ls-l/etc/pure-ftpd/pureftpd. pdb
-Rw ------- 1 root 2141 May 22 15:24/etc/pure-ftpd/pureftpd. pdb
Pure-pw list # list users
[Root @ localhost ~] # Pure-pw list
Zwdlc/data/ftp /./
Pure-pw userdel $ user # delete an account
/Etc/init. d/pure-ftpd start # start service listening port 21
Install the lftp package on the ftp Client # yum install-y lftp
Enter the command # lftp username @ ftp Server IP Address
The username is the random username created by the server. The ftp Server IP address is entered and the password is used to log on to the ftp server.
Put File Upload to ftp Server
Download the get file to the local Client Directory
[Root @ yong nfs] # lftp [email protected]
Password:
Lftp [email protected]:/> get nginx-1.6.2.tar.gz
804164 bytes transferred
2. Configure the ftp service in vsftp
Server Installation yum install-y vsftpd db4-utils
Create the system account useradd virftp-s/sbin/nologin associated with the virtual account
The file vim/etc/vsftpd/vsftpd_login related to creating a virtual account is as follows:
Test1
123456
Test2
Abcdef
Chmod 600/etc/vsftpd/vsftpd_login
Generate the corresponding database file db_load-T-t hash-f/etc/vsftpd/vsftpd_login/etc/vsftpd/vsftpd_login.db
The db_load command can convert user text files into db databases and use hash encryption.
Option-T allows applications to translate text files into databases. This option is required to store the virtual user information in a file, so that the Vsftpd application can load user data through text.
If option-T is specified, you must append the sub-option-t. The sub-option-t is appended after the-T option to specify the type of the database for translation loading.
Hash is encrypted using the hash code.
-The f parameter is followed by a text file containing the user name and password. The content of the file is: Odd-line user name, even-line Password
If you need db_load to change the password file and restart the ftp service to make it take effect
Create a directory related to the virtual account and the configuration file mkdir/etc/vsftpd/vsftpd_user_conf
Cd/etc/vsftpd/vsftpd_user_conf create the configuration file corresponding to the user
The content of vim test1 is as follows:
Local_root =/home/virftp/test1
Anonymous_enable = NO
Write_enable = YES
Local_umask = 022
Anon_upload_enable = NO
Anon_mkdir_write_enable = NO
Idle_session_timeout = 600
Data _ connection_timeout = 120
Max_clients = 10
Max_per_ip = 5
Local_max_rate = 50000
Mkdir/home/virftp/test1
Modify the permission chown-R virftp: virftp/home/virftp
Vim/etc/pam. d/vsftpd add two lines at the beginning of the user authentication configuration file
Auth sufficient/lib/security/pam_userdb.so db =/etc/vsftpd/vsftpd_login // if it is a 64-bit system, change it to/lib64/security/pam_userdb.so
Account sufficient/lib/security/pam_userdb.so db =/etc/vsftpd/vsftpd_login // if it is a 64-bit system, change it to/lib64/security/pam_userdb.so
Modify the vsftpd main configuration file.
Vim/etc/vsftpd. conf
Change anonymous_enable = YES to anonymous_enable = NO anonymous user
# Change anon_upload_enable = YES to anon_upload_enable = NO. Anonymous upload prohibited
# Change anon_mkdir_write_enable = YES to anon_mkdir_write_enable = NO. Creating directories anonymously is forbidden.
Add more
Chroot_local_user = YES
Guest_enable = YES
Guest_username = virftp
Virtual_use_local_privs = YES
User_config_dir =/etc/vsftpd/vsftpd_user_conf
Start vsftpd service/etc/init. d/vsftpd start
When the vsftp service is started, the following error occurs: The variable value in the line guest_enable, the main configuration file of vsftp. conf. The reason is that there is a space at the end of this line. No space at the end of all configuration files can be used to delete spaces before the service starts normally.
[Root @ localhost vsftpd_user_conf] #/etc/init. d/vsftpd start
Start vsftpd500 OOPS: bad bool value in config file for: guest_enable for vsftpd
Client lab Verification
Install the lftp package yum install-y lftp on the ftp Client
Log on to the lftp test1 @ ftp Server IP Address
When the client accesses the ftp server, the client can log on even if the wrong password is entered. However, if ls is executed, the system prompts that the logon fails and the correct password is used to log on to the ftp server.
[Root @ localhost ~] # Lftp
[Email protected]
Password:
Lftp [email protected]: ~> Ls
Ls: Logon Failed: 530 Login incorrect.
Lftp [email protected]: ~> Exit
[Root @ localhost ~] # Lftp [email protected]
Password:
Lftp [email protected]: ~> Ls
-Rw-r -- 1 0 0 0 May 24 15:21 1.txt
Put upload a file ls View File owner, group is 501 view on the ftp server shows as virftp account corresponding uid is 501
12345678910 lftp [email protected]:/> put 1. SQL
1851 bytes transferred
Lftp [email protected]:/> ls-l
-Rw-r -- 1 501 501 1851 May 24 1. SQL
-Rw-r -- 1 0 0 0 May 24 15:21 1.txt
[Root @ bkjia test1] # ls-l
-Rw-r -- 1 virftp 1851 May 24 23:23 1. SQL
-Rw-r -- 1 root 0 May 24 23:21 1.txt
[Root @ bkjia ~] # Tail-1/etc/passwd
Virftp: x: 501: 501:/home/virftp:/sbin/nologin
-------------------------------------- Split line --------------------------------------
Install NFS server in Ubuntu 12.04
Install and configure the NFS server to share the Ubuntu 12.04 and ARM files.
Build an nfs server in Ubuntu
File Server NFS configuration details
Build an NFS Network File System server in Ubuntu
Heartbeat_ldirector + LB + NFS for HA, LB, and file sharing
How to Configure NFS server in CentOS 5.5
Install and use NFS in Ubuntu 12.10
-------------------------------------- Split line --------------------------------------
This article permanently updates the link address: