Linux System Engineer Technology (Engineer)-------fourth day

Two virtual machines, all to be detected

1. is yum available

2. Firewall default zone modified to trusted

3. Whether the IP address is configured

####################################################

? Samba file Share (shared folder)

? Samba Software Project

– Purpose: Provide shared folders for clients

– Protocol: SMB (TCP 139), CIFS (TCP 445)

? Required Packages: Samba

? System Services: SMB

First, to build basic samba services

1. Install the Samba package

2. Create a shared account for samba. Same user name as system, different password

[Email protected] ~]# useradd-s/sbin/nologin Harry

[Email protected] ~]# useradd-s/sbin/nologin Kenji

[Email protected] ~]# useradd-s/sbin/nologin Chihiro

[Email protected] ~]# pdbedit-a Harry?? #添加samba帐号, set the password

[Email protected] ~]# pdbedit-a Kenji?? #添加samba帐号, set the password

[Email protected] ~]# pdbedit-a Chihiro? #添加samba帐号, set the password

[Email protected] ~]# pdbedit-l???? #列出所有有效的samba帐号

3. Modify the service configuration file/etc/samba/smb.conf

?

??? Add: Vim? Last-line mode?? set? nu? Add line Numbers

? ? 89 lines????? workgroup = Staff

? ? 321 lines?? [Common]?????????????? #共享名

? ? 322 lines???? path =/common??? #共享实际路径

[Email protected] ~]# Mkdir/common

[Email protected] ~]# echo haha >/common/abc.txt

4. Restart the SMB service, set to boot from

Virtual Machine Desktop0

? Required Packages: Samba-client

[Email protected] ~]# smbclient-l//172.25.0.11

Enter Root ' s password:?

[Email protected] ~]# smbclient-u Harry//172.25.0.11/common

Enter Harry ' s password:?

Domain=[staff] Os=[unix] Server=[samba 4.1.1]

SMB: \> ls

Nt_status_access_denied Listing \*

Idea: Client access to server-side resources

? ? 1. Are firewalls restricted

? ? 2. Access control of the service itself

? Is 3.SELinux limited?

? SELinux: Boolean value? (function switch)--------columns such as on and Off,no and yes

? Getsebool Viewing the SELinux switch

[Email protected] ~]# Getsebool-a | grep Samba

Samba_export_all_ro--off

SAMBA_EXPORT_ALL_RW--off

? Setsebool Control SELinux Switch

– Require the-P option for permanent setup

[Email protected] ~]# Setsebool? samba_export_all_ro=on

[Email protected] ~]# Getsebool-a | grep Samba

Virtual Machine Desktop0

[Email protected] ~]# smbclient-u Harry//172.25.0.11/common

Enter Harry ' s password:?

Domain=[staff] Os=[unix] Server=[samba 4.1.1]

SMB: \> ls

? Required Packages: cifs-utils-----Client

? _netdev: After you turn on the network service, change to the device

1. Install the package cifs-utils

2. Modify/etc/fstab

172.25.0.11/common/mnt/samba cifs User=harry,pass=123,_netdev 0? 0

#mkdir/mnt/samba CIFS

3. mount-a? verification

?? df? -H

########################################################

? Share read and write by Samba

1. Modify the configuration file/etc/samba/smb.conf

? [DevOps]

?? path =/devops

?? Write List = Chihiro

[Email protected]/]# Mkdir/devops

[Email protected]/]# echo Hahaxixi >/devops/123.tx

2. Restart the SMB service

3. Client Authentication:

[Email protected] ~]# smbclient?-l? 172.25.0.11

Enter Root ' s password:?

4. Client Mount Verification

[Email protected] ~]# Mkdir/mnt/dev

[Email protected] ~]# Vim/etc/fstab?

172.25.0.11/devops/mnt/dev cifs User=chihiro,pass=123,_netdev 0? 0

[Email protected] ~]# mount-a

[Email protected] ~]# df-h

##################################################

Other operations for reading and writing to samba shares

Idea: Client access to server-side resources

? ? 1. Are firewalls restricted

? ? 2. Access control of the service itself

? Is 3.SELinux limited?

? ? 4. Server-side directory local permissions

I. Modify server-side SELinux boolean value, open read/write

[Email protected]/]# Getsebool-a | grep Samba

[Email protected]/]# Setsebool Samba_export_all_rw=on

[Email protected]/]# Getsebool-a | grep Samba

Second, directory local permissions

[Email protected]/]# ls-ld/devops/

[[email protected]/]# setfacl-m u:chihiro:rwx/devops/-----Pointer for one person, chmod is available for all people

[Email protected]/]# Getfacl? /devops/

Third, client authentication

[Email protected] ~]# Touch/mnt/dev/test.txt

########################################################

? multiuser multi-user access (Learn)

–multiuser, provides differentiated support for multiple user identities on clients

–SEC=NTLMSSP, providing NT LAN management security support

Client Completion:

[Email protected]/]# vim?/etc/fstab

172.25.0.11/devops/mnt/dev cifs USER=KENJI,PASS=123,_NETDEV,MULTIUSER,SEC=NTLMSSP 0? 0

[Email protected]/]# umount/mnt/dev/

[Email protected]/]# mount-a

[Email protected]/]# df-h

[Email protected]/]# su-student

[Email protected] dev]$ Cd/mnt/dev

[Email protected] dev]$ cifscreds add-u Chihiro 172.25.0.11

Password:?

[[email protected] dev]$ ls

[email protected] dev]$ Touch abc.txt

[[Email protected] dev]$ exit

#########################################################

Configure NFS Sharing-----------Network file system for Linux systems

? Network File system

– Purpose: Provide shared folders for clients

– Protocol: NFS (TCP/UDP 2049), RPC (TCP/UDP 111)

? Required Packages: Nfs-utils

? System Services: Nfs-server

Building basic read-only NFS services

1. On the virtual machine Server0, detect if the nfs-utils is installed

[Email protected]/]# rpm-q nfs-utils

2. Modify the configuration file/etc/exports

[Email protected]/]# Mkdir/public

[Email protected]/]# echo Hehelele >/public/nsd.txt

[Email protected]/]# Vim/etc/exports

/public? 172.25.0.0/24 (RO)

?

3. Restart Nfs-server service, set boot from

[Email protected]/]# systemctl restart? nfs-server

[R[email protected]/]# systemctl enable? nfs-server

4. Client? Access to the Nfs-server service

[Email protected]/]# Mkdir/mnt/nfs

[[email protected]/]# showmount-e 172.25.0.11-------See which shared services

[Email protected]/]# Vim/etc/fstab?

? 172.25.0.11:/public/mnt/nfs NFS? _netdev 0 0

[Email protected]/]# mount-a

[email protected]/]# ls?/mnt/nfs

#######################################################

? Read-Write Nfs-server service

I. Client root user Read and write

Service side:

[Email protected]/]# MKDIR/ABC

[Email protected]/]# echo 123 >/abc/a.txt

[Email protected]/]# Vim/etc/exports

? /abc? 172.25.0.0/24 (rw)

[Email protected]/]# systemctl restart Nfs-server

Client:

[Email protected]/]# Vim/etc/fstab?

172.25.0.11:/ABC/MNT/NSD NFS? _netdev 0 0

[Email protected]/]# MKDIR/MNT/NSD

[Email protected]/]# mount-a

[Email protected]/]# df-h

Service side:

[Email protected]/]# Vim/etc/exports

/abc? 172.25.0.0/24 (Rw,no_root_squash)?? #不压榨客户端root权限

[Email protected]/]# systemctl restart Nfs-server

Client:

[Email protected]/]# systemctl? Restart NFS? #重起客户端服务

[Email protected]/]# Touch/mnt/nsd/5.txt

Second, ordinary users

??

??? Client access to the service-side Nfs-server service for ordinary users

The server will determine the permissions of the local user with the same UID as the client.

? ? LDAP: Network user, provide user name

? ? Kerberos: Password authentication, implementation of "One-time password authentication, multiple free login" pass mechanism

Service side:

[Email protected]/]# Lab nfskrb5? setup

[[email protected]/]# grep ldapuser0/etc/passwd

[[email protected]/]# ID LDAPUSER0

1. Deploying a Kerberos encrypted key file

wget Http://172.25.254.254/pub/keytabs/server0.keytab-O/etc/krb5.keytab

[Email protected]/]# Ls/etc/krb5.keytab?

2. Modify the configuration file

[Email protected]/]# Vim/etc/exports

?/abc? 172.25.0.0/24 (rw,no_root_squash,sec=krb5p)------{sec=krb5p} indicates authentication of shared password to find Kerberos

3. Re-starting Nfs-server and Nfs-secure-server

# systemctl restart Nfs-server? nfs-secure-server

Client:

[Email protected]/]# Lab nfskrb5? setup

[[email protected]/]# grep ldapuser0/etc/passwd

[[email protected]/]# ID LDAPUSER0

1. Deploying a Kerberos encrypted key file

wget Http://172.25.254.254/pub/keytabs/desktop0.keytab-O/etc/krb5.keytab

[Email protected]/]# Ls/etc/krb5.keytab?

2. Modify/etc/fstab

172.25.0.11:/ABC/MNT/NSD NFS? _netdev,sec=krb5p 0 0

3. Restart NFS and Nfs-secure services

[Email protected]/]# Systemctl restart NFS? nfs-secure

4. Verifying the Mount

[Email protected]/]# UMOUNT/MNT/NSD

[Email protected]/]# mount-a

[Email protected]/]# Df-ah

? ? ? ? ?

?

Linux System Engineer Technology (Engineer)-------fourth day