First, NFS
NFS is the abbreviation for the network file system, which is the web filesystem.
Server for NFS Installation
1, the main software for NFS server is Rpcbind (version of Rhel 5 is called Portmap) and Nfs-utils
Rpcbind: Is the RPC main program, responsible for NFS port monitoring.
Nfs-utils: Is the NFS main program
We can only install it with Yum or RPM.
2. Start NFS
[[Email protected] ~]# service nfs start Start NFS service: [OK] Start NFS mountd: [OK] Start nfs Daemon Process: [OK] starting RPC idmapd: [OK]
3. NFS Server Configuration
# Edit NFS server-side configuration [[email protected] data]# vim/etc/exports# configuration: The directory to be shared by the server allows access to the shared directory's computers (options)/data 192.168.1.* (Rw,sync,all_ SQUASH,ANONUID=500,ANONGID=500)
No need to restart the NFS service when the configuration changes require it to take effect
[[email protected] data]# exportfs-arvexporting 192.168.1.*:/data#-All, to all shared directories #-R Reload Config #-V to display the current shared directory and their configuration #-U cancels a or multiple shared directories
examples of common client options:
Client Options
|
Description
|
Ro
|
Clients can access only read-only files in the shared directory, cannot write, delete, create
|
rw
|
Read-Write to shared directory
|
Sync
|
Synchronous write, good for data security, but less efficient
|
Async
|
Asynchronous writes, high efficiency, but poor security for data
|
All_squash
|
Regardless of the identity of the user who logged on to NFS, it maps its UID and GID to anonymous users and User groups are generally nfsnobody
|
No_all_squash
|
Retain user's original UID and GID, do not map
|
Anonuid=id |
Specifies that the NFS server uses the UID in the/etc/passwd file as the user of the value as an anonymous user
|
Anongid=id
|
Specifies that server for NFS uses the GID in the/etc/passwd file as the anonymous user group for the value of the user |
Root_squash
|
If the user who logs on to NFS uses the shared directory is root, the user's permissions Mapping to anonymous users
|
No_root_squash
|
If the user who logs on to the NFS server uses the shared directory is root, then it retains its root permissions, not mapped to anonymous users, not recommended for use, affect security
|
4, the use of the client
Clients who want to use the shared Directory for NFS also need to install and start the Rpcbind service on the client
# View the List of NFS server-side shared directories [[email protected] mnt]# showmount-e 192.168.1.10Export list for 192.168.1.10:/data 192.168.1.*# Mount shared directory # Mount Format: Mount [options] NFS server IP or host name: Shared directory mount point # Common options:-T NFS Specifies the file system type to mount Nfs[[email protected] ~]# mount-t NFS 192.168.1.10:/da Ta/mnt[[email protected] ~]# df-t nfsfilesystem 1k-blocks used Available use% mounted on192.168.1.10:/data/ 16180224 1676544 13675008 11%/mnt
Second, FTP
PUER-FTP: is an efficient, simple, secure FTP Server software that features many, use
1, Puer-ftp
pure-ftp can be compiled and installed with the source package, can also be installed through the Yum source, the source is installed here will not speak, today we install with Yum
# yum install the extension source before installing [[Email protected] ~]# yum install -y epel-release[[email protected] ~]# yum list |grep pure-ftpdpure-ftpd.i686 1.0.30-1.el6 epelpure-ftpd-selinux.i686 1.0.30-1.el6 epel[[email protected] ~]# yum install -y pure-ftpd# Editing a configuration file [[email protected] ~]# vim /etc/pure-ftpd/pure-ftpd.conf# default parameters do not need to modify what, you can directly use, There are some places to pay attention to CHROOTEVERYONE   &NBsp; yesbrokenclientscompatibility nomaxclientsnumber 50daemonize Yesmaxclientsperip 8verboselog nodisplaydotfiles yesanonymousonly nonoanonymous noSyslogFacility ftpdontresolve yesMaxIdleTime 15# data types, Here we use pureftpd.pdb, this function needs to open puredb /etc/pure-ftpd/ pureftpd.pdbpamauthentication yeslimitrecursion 10000 8AnonymousCanCreateDirs noMaxLoad 4AntiWarez yesumask 133:022minuid 500useftpusers noAllowUserFXP noAllowAnonymousFXP noprohibitdotfileswrite noprohibitdotfilesread noAutoRename noAnonymousCantUpload yesAltLog clf:/var/log/pureftpd.logmaxdiskusage 99CustomerProof yes
2, creating a virtual user for a connection
# Create a System user [[email protected] ~]# useradd -s /sbin/nologin testftp# After creating an anonymous user, and putting this user on a dependency to the specified system user, specify the anonymous user home directory [[Email protected] ~]# pure-pw useradd ftp_ user1 -u testftp -d /data/ftpuser1password:enter it again:# Lists the anonymous users and their home directories that have been created [[email protected] ~]# pure-pw listftp1 /data/www/./ftp_user1 /data/ftpuser1/./# generate Database [[email protected] ~]# pure-pw mkdb# Start pureftpd[[email protected] ~]# /etc/init.d/pure-ftpd Start is starting pure-ftpd: [OK]
3. Login and access on the client
The client needs to install LFTP, to log on to work
[[email protected] ~]# yum install-y lftp# format lftp Anonymous user @ftp server address [[email protected] ~]# lftp [email protected] Password: lftp [EMA Il protected]:~> lsdrwxr-xr-x 2 0 0 4096 may 11:12. Drwxr-xr-x 2 0 0 4096 May 24 11:12.
VSFTPD: Secure, stable, high-performance open source FTP server Software
Virtual user authentication
1. Yum installs vsftpd and db4-utils
[[email protected] ~]# yum install -y vsftpd db4-utils[[email Protected] ~]# /etc/init.d/vsftpd start for vsftpd start vsftpd: [Determine][[email protected] ~]# useradd virftp -s /sbin/nologin[[email protected] ~]# vim /etc/vsftpd/vsftpd_loginhp1lenovo2[[email protected] ~]# chmod 600 / etc/vsftpd/vsftpd_login[[email protected] ~]# db_load -t -t hash -f / etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db[[email protected] ~]# mkdir /etc/vsftpd/vsftpd_user_conf[[email protected] ~]# cd /etc/vsftpd/vsftpd_user_conf[[ Email protected] vsftpd_usEr_conf]# vim hplocal_root=/data/virftp/hpanonymous_enable=nowrite_enable=yeslocal_umask=022anon_ Upload_enable=noanon_mkdir_write_enable=noidle_session_timeout=600data_connection_timeout=120max_clients=10max _per_ip=5local_max_rate=50000[[email protected] vsftpd_user_conf]# lshp lenovo[[ Email protected] vsftpd_user_conf]# mkdir -p /data/virftp/hp[[email protected] vsftpd_user_conf]# mkdir -p /data/virftp/lenovo[[email protected] vsftpd_user_ Conf]# chown -r virftp.virftp /data/virftp/hp/[[email protected] vsftpd_user_ Conf]# chown -r virftp.virftp /data/virftp/lenovo/[[email protected] vsftpd_user _conf]# vim /etc/pam.d/vsftpd# Added content auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginaccount sufficient /lib64/security/pam_userdb.so db=/etc/ vsftpd/vsftpd_login[[email protected] vsftpd_user_conf]# vim /etc/vsftpd/vsftpd.conf# Modified Content anonymous_enable= YES to anonymous_enable=no#anon_upload_enable=yes instead of anon_upload_enable=no#anon_mkdir_write_enable=yes Change to anon_mkdir_write_enable=NO# add content chroot_local_user=yesguest_enable=yesguest_username= virftpvirtual_use_local_privs=yesuser_config_dir=/etc/vsftpd/vsftpd_user_conf[[email protected] ~]# service vsftpd restart Close vsftpd: [OK] for vsftpd start vsftpd: [OK]
For iptables settings you need to develop a default 21 listening port in the Set data transfer port
Example:
[[email protected] ~]# vim/etc/vsftpd/vsftpd.conf# Add content pasv_min_port=6000pasv_max_port=7000[[email protected] ~]# Iptables-i input-p TCP--dport 6000:7000-j accept[[email protected] os]# service vsftpd restart off VSFTPD: [OK] start vsftpd for vsftpd: [OK]
This article is from the "topspeed_king" blog, make sure to keep this source http://mylinuxlife.blog.51cto.com/4706737/1654913
Linux Learning Notes-25th lesson-NFS and FTP