Two virtual machines, all to be detected
1. is yum available
2. Firewall default zone modified to trusted
3. Whether the IP address is configured
####################################################
Samba file Share (shared folder)
? Samba Software Project
– Purpose: Provide shared folders for clients
– Protocol: SMB (TCP 139), CIFS (TCP 445)
? Required Packages: Samba
? System Services: SMB
First, to build basic samba services
1. Install the Samba package
2. Create a shared account for samba. Same user name as system, different password
[Email protected] ~]# useradd-s/sbin/nologin Harry
[Email protected] ~]# useradd-s/sbin/nologin Kenji
[Email protected] ~]# useradd-s/sbin/nologin Chihiro
[[email protected] ~]# pdbedit-a Harry #添加samba帐号, set the password
[[email protected] ~]# pdbedit-a Kenji #添加samba帐号, set password
[[email protected] ~]# pdbedit-a Chihiro #添加samba帐号, set password
[Email protected] ~]# pdbedit-l #列出所有有效的samba帐号
3. Modify the service configuration file/etc/samba/smb.conf
Added: Vim last line mode set Nu Add line number
89 Rows Workgroup = Staff
321 rows [Common] #共享名
322 line Path =/common #共享实际路径
[Email protected] ~]# Mkdir/common
[Email protected] ~]# echo haha >/common/abc.txt
4. Restart the SMB service, set to boot from
Virtual Machine Desktop0
? Required Packages: Samba-client
[Email protected] ~]# smbclient-l//172.25.0.11
Enter Root ' s password:
[Email protected] ~]# smbclient-u Harry//172.25.0.11/common
Enter Harry ' s password:
Domain=[staff] Os=[unix] Server=[samba 4.1.1]
SMB: \> ls
Nt_status_access_denied Listing \*
Idea: Client access to server-side resources
1. Are firewalls restricted
2. Access control of the service itself
3.SELinux is limited
SELinux: Boolean value (switch of function)
? Getsebool Viewing the SELinux switch
[Email protected] ~]# Getsebool-a | grep Samba
Samba_export_all_ro--off
SAMBA_EXPORT_ALL_RW--off
? Setsebool Control SELinux Switch
– Require the-P option for permanent setup
[Email protected] ~]# Setsebool Samba_export_all_ro=on
[Email protected] ~]# Getsebool-a | grep Samba
Virtual Machine Desktop0
[Email protected] ~]# smbclient-u Harry//172.25.0.11/common
Enter Harry ' s password:
Domain=[staff] Os=[unix] Server=[samba 4.1.1]
SMB: \> ls
? Required Packages: Cifs-utils
_netdev: After you turn on the network service, change to the device
1. Install the package cifs-utils
2. Modify/etc/fstab
172.25.0.11/common/mnt/samba CIFS User=harry,pass=123,_netdev 0 0
3. Mount-a Verification
Df-h
########################################################
Share read and write by Samba
1. Modify the configuration file/etc/samba/smb.conf
[DevOps]
Path =/devops
Write list = Chihiro
[Email protected]/]# Mkdir/devops
[Email protected]/]# echo Hahaxixi >/devops/123.txt
2. Restart the SMB service
3. Client Authentication:
[Email protected] ~]# smbclient-l 172.25.0.11
Enter Root ' s password:
4. Client Mount Verification
[Email protected] ~]# Mkdir/mnt/dev
[Email protected] ~]# Vim/etc/fstab
172.25.0.11/devops/mnt/dev CIFS User=chihiro,pass=123,_netdev 0 0
[Email protected] ~]# mount-a
[Email protected] ~]# df-h
##################################################
Other operations for reading and writing to samba shares
Idea: Client access to server-side resources
1. Are firewalls restricted
2. Access control of the service itself
3.SELinux is limited
4. Server-side directory local permissions
I. Modify server-side SELinux boolean value, open read/write
[Email protected]/]# Getsebool-a | grep Samba
[Email protected]/]# Setsebool Samba_export_all_rw=on
[Email protected]/]# Getsebool-a | grep Samba
Second, directory local permissions
[Email protected]/]# ls-ld/devops/
[Email protected]/]# setfacl-m u:chihiro:rwx/devops/
[Email protected]/]# getfacl/devops/
Third, client authentication
[Email protected] ~]# Touch/mnt/dev/test.txt
########################################################
Multiuser multi-user access (Learn)
–multiuser, provides differentiated support for multiple user identities on clients
–SEC=NTLMSSP, providing NT LAN management security support
Client Completion:
[Email protected]/]# Vim/etc/fstab
172.25.0.11/devops/mnt/dev CIFS USER=KENJI,PASS=123,_NETDEV,MULTIUSER,SEC=NTLMSSP 0 0
[Email protected]/]# umount/mnt/dev/
[Email protected]/]# mount-a
[Email protected]/]# df-h
[Email protected]/]# su-student
[Email protected] dev]$ Cd/mnt/dev
[Email protected] dev]$ cifscreds add-u Chihiro 172.25.0.11
Password:
[[email protected] dev]$ ls
[email protected] dev]$ Touch abc.txt
[[Email protected] dev]$ exit
#########################################################
Configure NFS Sharing
? Network File system
– Purpose: Provide shared folders for clients
– Protocol: NFS (TCP/UDP 2049), RPC (TCP/UDP 111)
? Required Packages: Nfs-utils
? System Services: Nfs-server
Building basic read-only NFS services
1. On the virtual machine Server0, detect if the nfs-utils is installed
[Email protected]/]# rpm-q nfs-utils
2. Modify the configuration file/etc/exports
[Email protected]/]# Mkdir/public
[Email protected]/]# echo Hehelele >/public/nsd.txt
[Email protected]/]# Vim/etc/exports
/public 172.25.0.0/24 (RO)
3. Restart Nfs-server service, set boot from
[Email protected]/]# systemctl restart Nfs-server
[Email protected]/]# Systemctl enable Nfs-server
4. Client access to the Nfs-server service
[Email protected]/]# Mkdir/mnt/nfs
[Email protected]/]# showmount-e 172.25.0.11
[Email protected]/]# Vim/etc/fstab
172.25.0.11:/public/mnt/nfs NFS _netdev 0 0
[Email protected]/]# mount-a
[Email protected]/]# Ls/mnt/nfs
#######################################################
Read-Write Nfs-server service
I. Client root user Read and write
Service side:
[Email protected]/]# MKDIR/ABC
[Email protected]/]# echo 123 >/abc/a.txt
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (rw)
[Email protected]/]# systemctl restart Nfs-server
Client:
[Email protected]/]# Vim/etc/fstab
172.25.0.11:/ABC/MNT/NSD NFS _netdev 0 0
[Email protected]/]# MKDIR/MNT/NSD
[Email protected]/]# mount-a
[Email protected]/]# df-h
Service side:
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (Rw,no_root_squash) #不压榨客户端root权限
[Email protected]/]# systemctl restart Nfs-server
Client:
[Email protected]/]# Systemctl restart NFS #重起客户端服务
[Email protected]/]# Touch/mnt/nsd/5.txt
Second, ordinary users
Client access to the service-side Nfs-server service,
The server will determine the permissions of the local user with the same UID as the client.
LDAP: Network user, providing user name
Kerberos: Password authentication, implementation of "One-time password authentication, multiple free login" pass mechanism
Service side:
[Email protected]/]# Lab NFSKRB5 Setup
[[email protected]/]# grep ldapuser0/etc/passwd
[[email protected]/]# ID LDAPUSER0
1. Deploying a Kerberos encrypted key file
wget Http://172.25.254.254/pub/keytabs/server0.keytab-O/etc/krb5.keytab
[Email protected]/]# Ls/etc/krb5.keytab
2. Modify the configuration file
[Email protected]/]# Vim/etc/exports
/ABC 172.25.0.0/24 (rw,no_root_squash,sec=krb5p)
3. Re-starting Nfs-server and Nfs-secure-server
# systemctl Restart Nfs-server nfs-secure-server
Client:
[Email protected]/]# Lab NFSKRB5 Setup
[[email protected]/]# grep ldapuser0/etc/passwd
[[email protected]/]# ID LDAPUSER0
1. Deploying a Kerberos encrypted key file
wget Http://172.25.254.254/pub/keytabs/desktop0.keytab-O/etc/krb5.keytab
[Email protected]/]# Ls/etc/krb5.keytab
2. Modify/etc/fstab
172.25.0.11:/ABC/MNT/NSD NFS _netdev,sec=krb5p 0 0
3. Restart NFS and Nfs-secure services
[[email protected]/]# Systemctl restart NFS Nfs-secure
4. Verifying the Mount
[Email protected]/]# UMOUNT/MNT/NSD
[Email protected]/]# mount-a
[Email protected]/]# Df-ah
Linux System Learning Day-<< Engineer Technology >>