Linux Learning Note 11

Source: Internet
Author: User
Tags create directory ldap command access openldap

2. Identify shared server shared directory
Smbclient-l//172.25.254.250
Enter root ' s password: direct carriage return
Domain=[mygroup] Os=[unix] Server=[samba 4.1.1]

Sharename Type Comment
---------       ----      -------
WESTOS1 Disk Test Share
Westos2 Disk Test Share
WESTOS3 Disk Test Share
Westos4 Disk Test Share
WESTOS5 Disk Test Share
WESTOS6 Disk Test Share
Westos7 Disk Test Share
Westos8 Disk Test Share
Westos9 Disk Test Share
WESTOS10 Disk Test Share
ipc$ IPC IPC Service (Samba Server Version 4.1.1)
Domain=[mygroup] Os=[unix] Server=[samba 4.1.1]

Server Comment
---------            -------

Workgroup Master
---------            -------

3. Accessing the Share
Command access)
Smbclient//172.25.254.250/westos
Enter Root ' s password:
Mount access)
Mount//172.25.254.250/westos/mnt-o Username=guest

4. Auto mount on Boot
Method one)
Vim/etc/fstab
172.25.254.250/westos/mnt CIFS desfaults,username=guest 0 0

Method Two)
Vim/etc/rc.d/rc.local
Mount//172.25.254.250/westos/mnt-o Username=guest


NFS Network File system access
1. Install access to shared files
Yum Install Nfs-utils-y

2. Identify shares
Mount 172.25.254.250:/nfsshare/nfs1/mnt

3. Auto Mount
Method one)
Vim/etc/fstab
172.25.254.250:/nfsshare/nfs.1/mnt NFS Defaults 0 0

Method Two)
Vim/etc/rc.d/rc.local
Mount 172.254.25.250:/nfsshare/nfs1/mnt

chmod 755/etc/rc.d/rc.local

AutoFS Automatic Mount Service
1. Service function
Shared server resources are also wasted when you use mount mount sharing when not in use
AutoFS can be implemented automatically when used, automatically unload when idle


2. Installation Services
Yum Install Autofs-y
Systemctl Start AutoFS

3. Access
Cd/net/172.25.254.250/nfsshare/nfs1

4. Set Idle unload time
Vim/etc/autofs.conf
Timeout = 3 (set to 3 seconds after the system automatically uninstalls the network device; default is 300)

5. Implementing a custom shared mount point
Vim/etc/auto.master
Final custom mount point Upper directory sub-configuration file
13/mnt/etc/auto.nfs


Vim Sub-configuration file
Final mount point Network shared directory
Vim/etc/auto.nfs
Pub1 172.25.254.250:/NFSSHARE/NFS1
* 172.25.254.250:/nfsshare/& designated person to share mount point

Systemctl Restart AutoFS Restart Service



LDAP Network account
What is 1.LDSP?
LDAP Directory service authentication is similar to Windows Active Directory, which is a way to record data

Software required by 2.LDAP clients
Yum SSSD krb5-workstation-y

3. How to turn on LDAP user authentication
Authconfig-tui
Mkdir/etc/openldap/cacerts
cd/etc/openldap/cacerts/
wget HTTP://172.25.254.254/PUB/EXAMPLE-CA.CRT Obtaining a certificate

650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/8A/48/wKiom1gsTIzD3ylAAAN1sPNhrdQ221.png-wh_500x0-wm_3 -wmp_4-s_3401558981.png "style=" Float:none; "title=" screenshot from 2016-11-12 06-25-06.png "alt=" Wkiom1gstizd3ylaaan1spnhrdq221.png-wh_50 "/>

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M01/8A/45/wKioL1gsTI6xdshFAAQw_p7KtvA017.png-wh_500x0-wm_3 -wmp_4-s_3714637154.png "style=" Float:none; "title=" screenshot from 2016-11-12 06-25-36.png "alt=" Wkiol1gsti6xdshfaaqw_p7ktva017.png-wh_50 "/>

650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8A/45/wKioL1gsTJHDNNHHAAXgksGTgF0629.png-wh_500x0-wm_3 -wmp_4-s_1260639689.png "style=" Float:none; "title=" screenshot from 2016-11-12 06-27-07.png "alt=" Wkiol1gstjhdnnhhaaxgksgtgf0629.png-wh_50 "/>

< testing >
Getent passwd Ldapuser1
If the display user information is displayed correctly, it proves successful

List all Users
Vim/etc/sssd/sssd.conf
Enumrate = True to list hidden users
Systemctl Restart Sssd.service

Auto-mount Home Directory
Yum Install Autofs-y
Vim/etc/auto.master
/home/guests/ect/auto.ldap

Vim/etc/auto.ldap
* 172.25.254.254:/home/guests/&

Systemctl Restart AutoFS
Systemctl Enable AutoFS


Script mode
Script content)
#!/bin/bash
echo "Install software ing ..."
Yum Install SSSD krb5-workstation autofs-y &>/dev/null

echo "Config LDAP auth client ing."
Authconfig \
--ENABLELDAP \
--ENABLEKRB5 \
--disableldapauth \
--ENABLELDAPTLS \
--LDAPLOADCACERT=HTTP://172.25.254.254/PUB/EXAMPLE-CA.CRT \
--ldapserver= "classroom.example.com" \
--ldapbasedn= "dc=example,dc=com" \
--krb5realm= "example.com" \
--krb5kdc= "classroom.example.com" \
--krb5adminserver= "classroom.example.com" \
--ENABLESSSD \
--enablesssdauth \
--update


echo "Config LDAP user\ ' s home directory ing:"
Echo/home/guests/etc/auto.ldap >>/etc/auto.master
echo "* 172.25.254.254:/home/guests/&" >>/etc/auto.ldap
Systemctl Restart AutoFS
Systemctl Enable AutoFS &>/dev/null

echo "All are successfully"


9.FTP Service
2. Installation
Yum Install Vsftpd-y
Systemctl Start VSFTPD
Systemctl Enable VSFTPD
Setenforce 0
Lftp IP Login

[[email protected] ~]# firewall-cmd--permanent--add-service=ftp Add ftp to the firewall, you can
Perform
Success
[Email protected] ~]# Firewall-cmd--reload
Success
[[email protected] ~]# firewall-cmd--list-all List of services available
Public (default, active)
Interfaces:eth0
Sources
services:dhcpv6-client ftp SSH
Ports
Masquerade:no
Forward-ports:
Icmp-blocks:
Rich rules:

3.VSFTPD File Information
/var/ftp Default Publishing Directory
/ETC/VSFTPD Configuration Directory

Chgrp ftp/var/ftp

chmod 775/var/ftp


Configuration parameters for 4.VSFTPD Services
1) anonymous user settings
vim/etc/vsftpd/vsftpd.conf
Anonymous_enable=yes | no               Your name User login restrictions

< anonymous user upload;
vim/etc/vsftpd/vsftpd.conf
Write_enable=yes
Anon_upload_enable=yes

 anon_ root=/directry                     Anonymous User home directory modify
 anon_world_readable_only=no | yes       Anonymous user download
 anon_mkdir_write_enable=yes | no       Anonymous user Create directory
 anon_other_write_enable=yes | no       Anonymous user Delete
 anon_umask=xxx                          Anonymous user upload file default permissions modify

anon_max_rate=102400 speed limit
Max_clients=1 limited number of visitors


2. Local User settings
Local_enable=yes Open Local User Login
Write_enable=yes allow read and write

Local User Home Directory modification
Local_root=/directory
Local User upload file permissions
Local_umask=xxx
Restrict Local users ' browsing/directory
All users locked in their home directory
Chroot_local_user=yes
chmod u-w/home/* Change Permissions


User blacklist
Chroot_local_user=no
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd/chroot_list

User Whitelist
Chroot_local_user=yes
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd/chroot_list

< Restrict local login >
Vim/etc/vsftpd/ftpusers
Vim/etc/vsftpd/user_list

User White list settings
Userlist_deny=no
Users can log in to FTP on the/etc/vsftpd/user_list list

< virtual user creation >
Vim/etc/vsftpd/userfile creating a virtual user file
Db_load-t-T Hash-f/etc/vsftpd/userfile/etc/vsftpd/userfile.db encryption
Rm-rf/etc/vsftpd/userfile deleting the original file

VIM/ETC/PAM.D/ASD file name arbitrary

Account Required Pam_userdb.so Db=/etc/vsftpd/userfile

Auth Required pam_userdb.so Db=/etc/vsftpd/userfile


Vim/etc/vsftpd/vsftpd.conf

Pam_service_name=ckvsftpd

Guest_enable=yes


Virtual Account identity designation)

Guest_username=asd

chmod u-w/home/ftpuser


Virtual Account home directory independent settings)

Vim/etc/vsftpd/vsftpd.conf

local_root=/ftpuserhome/$USER

user_sub_tokrn= $USER


Mkdir/ftpuserhome

Chgrp Ftpuser/ftpuserhome

chmod g+s/ftpusername

Linux Learning Note 11

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.