Linux System Learning Day-<< Engineer Technology >>

Two virtual machines, all to be detected

1. is yum available
2. Firewall default zone modified to trusted
3. Whether the IP address is configured

####################################################

Samba file Share (shared folder)

? Samba Software Project
– Purpose: Provide shared folders for clients
– Protocol: SMB (TCP 139), CIFS (TCP 445)

? Required Packages: Samba
? System Services: SMB

First, to build basic samba services
1. Install the Samba package
2. Create a shared account for samba. Same user name as system, different password

[Email protected] ~]# useradd-s/sbin/nologin Harry
[Email protected] ~]# useradd-s/sbin/nologin Kenji
[Email protected] ~]# useradd-s/sbin/nologin Chihiro

[[email protected] ~]# pdbedit-a Harry #添加samba帐号, set the password
[[email protected] ~]# pdbedit-a Kenji #添加samba帐号, set password
[[email protected] ~]# pdbedit-a Chihiro #添加samba帐号, set password

[Email protected] ~]# pdbedit-l #列出所有有效的samba帐号

3. Modify the service configuration file/etc/samba/smb.conf

Added: Vim last line mode set Nu Add line number

89 Rows Workgroup = Staff
321 rows [Common] #共享名
322 line Path =/common #共享实际路径

[Email protected] ~]# Mkdir/common
[Email protected] ~]# echo haha >/common/abc.txt

4. Restart the SMB service, set to boot from

Virtual Machine Desktop0
? Required Packages: Samba-client

[Email protected] ~]# smbclient-l//172.25.0.11
Enter Root ' s password:

[Email protected] ~]# smbclient-u Harry//172.25.0.11/common
Enter Harry ' s password:
Domain=[staff] Os=[unix] Server=[samba 4.1.1]
SMB: \> ls
Nt_status_access_denied Listing \*

Idea: Client access to server-side resources
1. Are firewalls restricted
2. Access control of the service itself
3.SELinux is limited

SELinux: Boolean value (switch of function)

? Getsebool Viewing the SELinux switch
[Email protected] ~]# Getsebool-a | grep Samba
Samba_export_all_ro--off
SAMBA_EXPORT_ALL_RW--off

? Setsebool Control SELinux Switch
– Require the-P option for permanent setup
[Email protected] ~]# Setsebool Samba_export_all_ro=on
[Email protected] ~]# Getsebool-a | grep Samba

Virtual Machine Desktop0
[Email protected] ~]# smbclient-u Harry//172.25.0.11/common
Enter Harry ' s password:
Domain=[staff] Os=[unix] Server=[samba 4.1.1]
SMB: \> ls

? Required Packages: Cifs-utils

_netdev: After you turn on the network service, change to the device

1. Install the package cifs-utils
2. Modify/etc/fstab

172.25.0.11/common/mnt/samba CIFS User=harry,pass=123,_netdev 0 0

3. Mount-a Verification
Df-h

########################################################
Share read and write by Samba

1. Modify the configuration file/etc/samba/smb.conf

[DevOps]
Path =/devops
Write list = Chihiro

[Email protected]/]# Mkdir/devops
[Email protected]/]# echo Hahaxixi >/devops/123.txt
2. Restart the SMB service
3. Client Authentication:
[Email protected] ~]# smbclient-l 172.25.0.11
Enter Root ' s password:

4. Client Mount Verification
[Email protected] ~]# Mkdir/mnt/dev
[Email protected] ~]# Vim/etc/fstab
172.25.0.11/devops/mnt/dev CIFS User=chihiro,pass=123,_netdev 0 0
[Email protected] ~]# mount-a
[Email protected] ~]# df-h

##################################################
Other operations for reading and writing to samba shares

Idea: Client access to server-side resources
1. Are firewalls restricted
2. Access control of the service itself
3.SELinux is limited
4. Server-side directory local permissions

I. Modify server-side SELinux boolean value, open read/write
[Email protected]/]# Getsebool-a | grep Samba
[Email protected]/]# Setsebool Samba_export_all_rw=on
[Email protected]/]# Getsebool-a | grep Samba

Second, directory local permissions
[Email protected]/]# ls-ld/devops/
[Email protected]/]# setfacl-m u:chihiro:rwx/devops/
[Email protected]/]# getfacl/devops/

Third, client authentication
[Email protected] ~]# Touch/mnt/dev/test.txt

########################################################
Multiuser multi-user access (Learn)

–multiuser, provides differentiated support for multiple user identities on clients
–SEC=NTLMSSP, providing NT LAN management security support

Client Completion:
[Email protected]/]# Vim/etc/fstab
172.25.0.11/devops/mnt/dev CIFS USER=KENJI,PASS=123,_NETDEV,MULTIUSER,SEC=NTLMSSP 0 0

[Email protected]/]# umount/mnt/dev/
[Email protected]/]# mount-a
[Email protected]/]# df-h

[Email protected]/]# su-student
[Email protected] dev]$ Cd/mnt/dev
[Email protected] dev]$ cifscreds add-u Chihiro 172.25.0.11
Password:
[[email protected] dev]$ ls
[email protected] dev]$ Touch abc.txt
[[Email protected] dev]$ exit

#########################################################
Configure NFS Sharing

? Network File system
– Purpose: Provide shared folders for clients
– Protocol: NFS (TCP/UDP 2049), RPC (TCP/UDP 111)

? Required Packages: Nfs-utils
? System Services: Nfs-server

Building basic read-only NFS services
1. On the virtual machine Server0, detect if the nfs-utils is installed
[Email protected]/]# rpm-q nfs-utils

2. Modify the configuration file/etc/exports
[Email protected]/]# Mkdir/public
[Email protected]/]# echo Hehelele >/public/nsd.txt
[Email protected]/]# Vim/etc/exports

/public 172.25.0.0/24 (RO)

3. Restart Nfs-server service, set boot from
[Email protected]/]# systemctl restart Nfs-server
[Email protected]/]# Systemctl enable Nfs-server

4. Client access to the Nfs-server service
[Email protected]/]# Mkdir/mnt/nfs
[Email protected]/]# showmount-e 172.25.0.11
[Email protected]/]# Vim/etc/fstab

172.25.0.11:/public/mnt/nfs NFS _netdev 0 0

[Email protected]/]# mount-a
[Email protected]/]# Ls/mnt/nfs
#######################################################

Read-Write Nfs-server service

I. Client root user Read and write
Service side:
[Email protected]/]# MKDIR/ABC
[Email protected]/]# echo 123 >/abc/a.txt
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (rw)

[Email protected]/]# systemctl restart Nfs-server

Client:
[Email protected]/]# Vim/etc/fstab
172.25.0.11:/ABC/MNT/NSD NFS _netdev 0 0

[Email protected]/]# MKDIR/MNT/NSD
[Email protected]/]# mount-a
[Email protected]/]# df-h

Service side:
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (Rw,no_root_squash) #不压榨客户端root权限

[Email protected]/]# systemctl restart Nfs-server

Client:

[Email protected]/]# Systemctl restart NFS #重起客户端服务
[Email protected]/]# Touch/mnt/nsd/5.txt

Second, ordinary users

Client access to the service-side Nfs-server service,
The server will determine the permissions of the local user with the same UID as the client.

LDAP: Network user, providing user name
Kerberos: Password authentication, implementation of "One-time password authentication, multiple free login" pass mechanism

Service side:
[Email protected]/]# Lab NFSKRB5 Setup
[[email protected]/]# grep ldapuser0/etc/passwd
[[email protected]/]# ID LDAPUSER0

1. Deploying a Kerberos encrypted key file
wget Http://172.25.254.254/pub/keytabs/server0.keytab-O/etc/krb5.keytab
[Email protected]/]# Ls/etc/krb5.keytab

2. Modify the configuration file
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (rw,no_root_squash,sec=krb5p)

3. Re-starting Nfs-server and Nfs-secure-server
# systemctl Restart Nfs-server nfs-secure-server

Client:
[Email protected]/]# Lab NFSKRB5 Setup
[[email protected]/]# grep ldapuser0/etc/passwd
[[email protected]/]# ID LDAPUSER0

1. Deploying a Kerberos encrypted key file
wget Http://172.25.254.254/pub/keytabs/desktop0.keytab-O/etc/krb5.keytab

[Email protected]/]# Ls/etc/krb5.keytab

2. Modify/etc/fstab
172.25.0.11:/ABC/MNT/NSD NFS _netdev,sec=krb5p 0 0

3. Restart NFS and Nfs-secure services
[[email protected]/]# Systemctl restart NFS Nfs-secure

4. Verifying the Mount
[Email protected]/]# UMOUNT/MNT/NSD
[Email protected]/]# mount-a
[Email protected]/]# Df-ah

Linux System Learning Day-<< Engineer Technology >>