Tenth week job "Linux Micro Jobs"

Source: Internet
Author: User
Tags crypt stdin

First, the establishment of samba sharing, shared directory for/data, requirements: (describe the complete process)
1) share named GKFX, workgroup for magedu;
2) Add group develop, add user Gentoo,centos and Ubuntu, where Gentoo and CentOS develop as additional group, Ubuntu does not belong to develop group; passwords are user names;
3) Add Samba users Gentoo,centos and Ubuntu, passwords are "mageedu";
4) This Samba share shared only allows the develop group to have write permission, and other users can only access it in read-only mode;
5) This Samba sharing service only allows host access from the 172.16.0.0/16 network;

[[email protected] /]# groupadd develop        # Add Group develop[[email protected] /]# useradd -g develop gentoo          #添加用户 [[email protected] /]# useradd -g develop  Centos[[email protected] /]# useradd ubuntu[[email protected] /]# echo  gentoo | passwd --stdin gentoo        # Set user password [[email protected] /]# echo centos | passwd --stdin centos[[ email protected] /]# echo ubuntu | passwd --stdin ubuntu[[email  protected] /]# smbpasswd -a gentoo        # Add Samba user [[email protected] /]# smbpasswd -a centos[[email protected] /]#  smbpasswd -a ubuntu[[email protected] /]# vim /etc/samba/smb.conf           #修改配置文件         hosts allow = 10.18.11.          #添加ip白名单         [share]         comment = share         path = /share         #设置共享路径          public = no        # Set whether shared directories allow anonymous access         writable = yes          #设置为有写入权限             write  list = +develop         #设置具有写入权限的用户列表          [[email protected] ~]# smbclient //10.18.11.29/share -u centos          #使用centos用户有写权限Enter  centos ' s password: domain=[mygroup] os=[ windows 6.1] server=[samba 4.2.10]smb: \> ls  .                                     D         0  SAT OCT 22 17:20:02 2016 &NBSP, ....                                   DR         0  Sat Oct 22 17:20:02 2016                  77931220 blocks of size 1024. 71904540 blocks  availablesmb: \> lcd /etcsmb: \> put passwdputting file  passwd as \passwd  (946.6 kb/s)   (average 946.6 kb/s)      [[email protected] ~]# smbclient //10.18.11.29/share -u ubuntu          #使用ubuntu用户没有写权限Enter  ubuntu ' S password: domain=[mygroup] os =[windows 6.1] server=[samba 4.2.10]smb: \> lcd smb: \> lcd  /etcsmb: \> put fstab nt_status_access_denied opening remote file  \fstab


Second, build a set of files Vsftp file sharing service, shared directory for/ftproot, requirements: (describe the complete process)
1) based on the virtual user's access form;
2) Anonymous users are allowed to download only, do not allow uploading;
3) Imprison all users in their home directory;
4) Limit the maximum number of concurrent connections to 200:;
5) Maximum transfer rate for anonymous users 512kb/s
6) The virtual user's account is stored in the MySQL database.
7) The database is shared via NFS.

The experimental environment is as follows


Ip
Use
10.18.11.29
Mysql+vsftp
10.18.11.30
Nfs

1. Install NFS Server

[[email protected] /]# yum install nfsutil* rpcbind         #安装nfs和rpcbind服务所需软件包 [[email protected] /]# mkdir /nfs          #创建共享文件夹 [[email protected] ~]# groupadd -g 1001  mysql         #添加mysql组 [[Email protected] ~]# useradd  -u 1001 -g 1001 mysql         #添加mysql用户 [[ email protected] ~]# chown mysql:mysql /nfs          #修改/nfs is MySQL, ready for datadir to be mounted on the MySQL server [[email protected] /]# vim /etc/exports          #编辑/etc/exports file, add permissions/nfs 10.18.11.29 (rw,sync,fsid=0,no_ Root_squash) [[email protected] /]# systemctl start rpcbind.service         # #启动rpcbind服务 [[email protected] /]# systemctl start nfs-server.service          #启动nfs服务

2. Client Mount NFS Folder

[Email protected]/]# mkdir/mysqldata #创建挂载路径 [[email protected]/]# mount-t NFS 10.18.11.30:/nfs/mysqldata #挂载nfs目录到/mysqldata

3. Install MySQL

[[email protected] ~]# Yum install-y mariadb mariadb-devel[[email protected] ~]# groupadd-g 1001 MySQL #添加mysql组 [ [Email protected] ~]# useradd-u 1001-g 1001 mysql #添加mysql用户 [[email protected] ~]# vim/etc/my.cnf #修改mysq L configuration file [Mysqld]datadir=/mysqldatasocket=/var/lib/mysql/mysql.sockcharacter-set = utf8user= mysql[[email protected]/]        # mysql_install_db--datadir= "/mysqldata/" #初始化mysql [[email protected]/]# systemctl status Mariadb.service #启动mysql

4. Create a Database

mariadb [(None)]> create database vsftpd;                mariadb [vsftpd]>  grant select on  vsftpd.* to [email protected] ' 10.18.11.29 '  identified by  ' magedu ';          #创建数据库用户, add query Permissions mariadb [vsftpd]> create table  users  (Id int auto_increment not null,name char ( binary not)  null,password char ()  binary not null,primary key (ID));          #在vsftpd数据库中创建表usersMariaDB  [vsftpd]> use vsftpdmariadb [ vsftpd]> flush privileges; Mariadb [vsftpd]> insert into users (Name,password)  values (' Vsftpd1 ', password (' Magedu '));         #插入用户vsftpd1      &NBsp;      query ok, 1 row affected  (0.02 SEC) mariadb [vsftpd]> select * from users;+----+---------+---------------------------- ---------------+| id | name    | password                                    |+----+---------+--------------------- ----------------------+|  1 | vsftpd1 | * 6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 |+----+---------+-------------------------------------------+1  row in set  (0.00 SEC)

5. Pam-mysql Configuration

[[email protected] pam_mysql-0.7rc1]# vim/etc/pam.d/vsftpd #编辑配置文件, add the following two lines auth Required/lib64/security/pam_mysql. So user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users usercolumn=name Passwdcolumn=password crypt= 2account required/lib64/security/pam_mysql.so user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

6. Modify VSFTP Configuration

[[Email protected] /]# useradd -s /sbin/nologin -d /var/ftproot vuser          #建立虚拟用户映射的系统用户及对应目录 [[Email protected] /]# chmod  go+rw /var/ftproot[[email protected] /]# vim /etc/vsftpd/vsftpd.conf           #修改vsftpd配置文件guest_enable =yes          #允许虚拟用户账号访问guest_username =vuser        # Gusest user mapping to vusermax_clients=200         #最多同时允许100个客户连接            anonymous_enable=YES          #允许匿名用户访问local_enable =yesanon_max_rate=512000        # Limit anonymous transfer rate to 512kb/s     anon_upload_enable=no          #anonymous是否具有上传的权限anon_mkdir_write_enable=no         #anonymous是否具有建立目录的权限anon_other_write_enable =no          #anonymous是否具有写入的权限chroot_local_user =yes          #对用户访问只限制在主目录不能访问其他目录user_config_dir =/etc/vsftpd/vusers    # Virtual Account Configuration Directory pam_service_name=vsftpd.mysql[[email protected] vusers]# vim /etc/vsftpd/vusers/ vsftpd1          #配置虚拟账号权限anon_upload_enable =yesanon_mkdir_write_ Enable=yesanon_other_write_enable=yes

7, running results

[[email protected] /]# ftp 10.18.11.29connected to 10.18.11.29  (10.18.11.29 ) .220  (vsftpd 3.0.2) name  (10.18.11.29:root): vsftpd1          #用虚拟账号登陆331  please specify the password. Password:230 login successful. Remote system type is unix. Using binary mode to transfer files.ftp> lcd /shell/local directory  now /shellftp> get test         #下载文件local:  test remote: test227 Entering Passive Mode  (10,18,11,29,195,159) .150  opening binary mode data connection for test  (0 bytes) .226  transfer complete.ftp> put case.sh         # Uploading Files Local: case.sh remote: case.sh227 entering passive mode  (10,18,11,29,234,27). 150 ok to send data.226 transfer complete.365  bytes sent in 9.2e-05 secs  (3967.39 kbytes/sec) ftp>


Tenth week job "Linux Micro Jobs"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.