First, the establishment of samba sharing, shared directory for/data, requirements: (describe the complete process)
1) share named GKFX, workgroup for magedu;
2) Add group develop, add user Gentoo,centos and Ubuntu, where Gentoo and CentOS develop as additional group, Ubuntu does not belong to develop group; passwords are user names;
3) Add Samba users Gentoo,centos and Ubuntu, passwords are "mageedu";
4) This Samba share shared only allows the develop group to have write permission, and other users can only access it in read-only mode;
5) This Samba sharing service only allows host access from the 172.16.0.0/16 network;
[[email protected] /]# groupadd develop # Add Group develop[[email protected] /]# useradd -g develop gentoo #添加用户 [[email protected] /]# useradd -g develop Centos[[email protected] /]# useradd ubuntu[[email protected] /]# echo gentoo | passwd --stdin gentoo # Set user password [[email protected] /]# echo centos | passwd --stdin centos[[ email protected] /]# echo ubuntu | passwd --stdin ubuntu[[email protected] /]# smbpasswd -a gentoo # Add Samba user [[email protected] /]# smbpasswd -a centos[[email protected] /]# smbpasswd -a ubuntu[[email protected] /]# vim /etc/samba/smb.conf #修改配置文件 hosts allow = 10.18.11. #添加ip白名单 [share] comment = share path = /share #设置共享路径 public = no # Set whether shared directories allow anonymous access writable = yes #设置为有写入权限 write list = +develop #设置具有写入权限的用户列表 [[email protected] ~]# smbclient //10.18.11.29/share -u centos #使用centos用户有写权限Enter centos ' s password: domain=[mygroup] os=[ windows 6.1] server=[samba 4.2.10]smb: \> ls . D    0  SAT OCT 22 17:20:02 2016 &NBSP, .... DR 0 Sat Oct 22 17:20:02 2016 77931220 blocks of size 1024. 71904540 blocks availablesmb: \> lcd /etcsmb: \> put passwdputting file passwd as \passwd (946.6 kb/s) (average 946.6 kb/s) [[email protected] ~]# smbclient //10.18.11.29/share -u ubuntu #使用ubuntu用户没有写权限Enter ubuntu ' S password: domain=[mygroup] os =[windows 6.1] server=[samba 4.2.10]smb: \> lcd smb: \> lcd /etcsmb: \> put fstab nt_status_access_denied opening remote file \fstab
Second, build a set of files Vsftp file sharing service, shared directory for/ftproot, requirements: (describe the complete process)
1) based on the virtual user's access form;
2) Anonymous users are allowed to download only, do not allow uploading;
3) Imprison all users in their home directory;
4) Limit the maximum number of concurrent connections to 200:;
5) Maximum transfer rate for anonymous users 512kb/s
6) The virtual user's account is stored in the MySQL database.
7) The database is shared via NFS.
The experimental environment is as follows
Ip
|
Use
|
10.18.11.29
|
Mysql+vsftp
|
10.18.11.30
|
Nfs
|
1. Install NFS Server
[[email protected] /]# yum install nfsutil* rpcbind #安装nfs和rpcbind服务所需软件包 [[email protected] /]# mkdir /nfs #创建共享文件夹 [[email protected] ~]# groupadd -g 1001 mysql #添加mysql组 [[Email protected] ~]# useradd -u 1001 -g 1001 mysql #添加mysql用户 [[ email protected] ~]# chown mysql:mysql /nfs #修改/nfs is MySQL, ready for datadir to be mounted on the MySQL server [[email protected] /]# vim /etc/exports #编辑/etc/exports file, add permissions/nfs 10.18.11.29 (rw,sync,fsid=0,no_ Root_squash) [[email protected] /]# systemctl start rpcbind.service # #启动rpcbind服务 [[email protected] /]# systemctl start nfs-server.service #启动nfs服务
2. Client Mount NFS Folder
[Email protected]/]# mkdir/mysqldata #创建挂载路径 [[email protected]/]# mount-t NFS 10.18.11.30:/nfs/mysqldata #挂载nfs目录到/mysqldata
3. Install MySQL
[[email protected] ~]# Yum install-y mariadb mariadb-devel[[email protected] ~]# groupadd-g 1001 MySQL #添加mysql组 [ [Email protected] ~]# useradd-u 1001-g 1001 mysql #添加mysql用户 [[email protected] ~]# vim/etc/my.cnf #修改mysq L configuration file [Mysqld]datadir=/mysqldatasocket=/var/lib/mysql/mysql.sockcharacter-set = utf8user= mysql[[email protected]/] # mysql_install_db--datadir= "/mysqldata/" #初始化mysql [[email protected]/]# systemctl status Mariadb.service #启动mysql
4. Create a Database
mariadb [(None)]> create database vsftpd; mariadb [vsftpd]> grant select on vsftpd.* to [email protected] ' 10.18.11.29 ' identified by ' magedu '; #创建数据库用户, add query Permissions mariadb [vsftpd]> create table users (Id int auto_increment not null,name char ( binary not) null,password char () binary not null,primary key (ID)); #在vsftpd数据库中创建表usersMariaDB [vsftpd]> use vsftpdmariadb [ vsftpd]> flush privileges; Mariadb [vsftpd]> insert into users (Name,password) values (' Vsftpd1 ', password (' Magedu ')); #插入用户vsftpd1      &NBsp; query ok, 1 row affected (0.02 SEC) mariadb [vsftpd]> select * from users;+----+---------+---------------------------- ---------------+| id | name | password |+----+---------+--------------------- ----------------------+| 1 | vsftpd1 | * 6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 |+----+---------+-------------------------------------------+1 row in set (0.00 SEC)
5. Pam-mysql Configuration
[[email protected] pam_mysql-0.7rc1]# vim/etc/pam.d/vsftpd #编辑配置文件, add the following two lines auth Required/lib64/security/pam_mysql. So user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users usercolumn=name Passwdcolumn=password crypt= 2account required/lib64/security/pam_mysql.so user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2
6. Modify VSFTP Configuration
[[Email protected] /]# useradd -s /sbin/nologin -d /var/ftproot vuser #建立虚拟用户映射的系统用户及对应目录 [[Email protected] /]# chmod go+rw /var/ftproot[[email protected] /]# vim /etc/vsftpd/vsftpd.conf #修改vsftpd配置文件guest_enable =yes #允许虚拟用户账号访问guest_username =vuser # Gusest user mapping to vusermax_clients=200 #最多同时允许100个客户连接 anonymous_enable=YES #允许匿名用户访问local_enable =yesanon_max_rate=512000 # Limit anonymous transfer rate to 512kb/s anon_upload_enable=no #anonymous是否具有上传的权限anon_mkdir_write_enable=no #anonymous是否具有建立目录的权限anon_other_write_enable =no #anonymous是否具有写入的权限chroot_local_user =yes #对用户访问只限制在主目录不能访问其他目录user_config_dir =/etc/vsftpd/vusers # Virtual Account Configuration Directory pam_service_name=vsftpd.mysql[[email protected] vusers]# vim /etc/vsftpd/vusers/ vsftpd1 #配置虚拟账号权限anon_upload_enable =yesanon_mkdir_write_ Enable=yesanon_other_write_enable=yes
7, running results
[[email protected] /]# ftp 10.18.11.29connected to 10.18.11.29 (10.18.11.29 ) .220 (vsftpd 3.0.2) name (10.18.11.29:root): vsftpd1 #用虚拟账号登陆331 please specify the password. Password:230 login successful. Remote system type is unix. Using binary mode to transfer files.ftp> lcd /shell/local directory now /shellftp> get test #下载文件local: test remote: test227 Entering Passive Mode (10,18,11,29,195,159) .150 opening binary mode data connection for test (0 bytes) .226 transfer complete.ftp> put case.sh # Uploading Files Local: case.sh remote: case.sh227 entering passive mode (10,18,11,29,234,27). 150 ok to send data.226 transfer complete.365 bytes sent in 9.2e-05 secs (3967.39 kbytes/sec) ftp>
Tenth week job "Linux Micro Jobs"