Tenth week job "Linux Micro Jobs"

First, the establishment of samba sharing, shared directory for/data, requirements: (describe the complete process)
1) share named GKFX, workgroup for magedu;
2) Add group develop, add user Gentoo,centos and Ubuntu, where Gentoo and CentOS develop as additional group, Ubuntu does not belong to develop group; passwords are user names;
3) Add Samba users Gentoo,centos and Ubuntu, passwords are "mageedu";
4) This Samba share shared only allows the develop group to have write permission, and other users can only access it in read-only mode;
5) This Samba sharing service only allows host access from the 172.16.0.0/16 network;

[[email protected] /]# groupadd develop        # Add Group develop[[email protected] /]# useradd -g develop gentoo          #添加用户 [[email protected] /]# useradd -g develop  Centos[[email protected] /]# useradd ubuntu[[email protected] /]# echo  gentoo | passwd --stdin gentoo        # Set user password [[email protected] /]# echo centos | passwd --stdin centos[[ email protected] /]# echo ubuntu | passwd --stdin ubuntu[[email  protected] /]# smbpasswd -a gentoo        # Add Samba user [[email protected] /]# smbpasswd -a centos[[email protected] /]#  smbpasswd -a ubuntu[[email protected] /]# vim /etc/samba/smb.conf           #修改配置文件         hosts allow = 10.18.11.          #添加ip白名单         [share]         comment = share         path = /share         #设置共享路径          public = no        # Set whether shared directories allow anonymous access         writable = yes          #设置为有写入权限             write  list = +develop         #设置具有写入权限的用户列表          [[email protected] ~]# smbclient //10.18.11.29/share -u centos          #使用centos用户有写权限Enter  centos ' s password: domain=[mygroup] os=[ windows 6.1] server=[samba 4.2.10]smb: \> ls  .                                     D         0  SAT OCT 22 17:20:02 2016 &NBSP, ....                                   DR         0  Sat Oct 22 17:20:02 2016                  77931220 blocks of size 1024. 71904540 blocks  availablesmb: \> lcd /etcsmb: \> put passwdputting file  passwd as \passwd  (946.6 kb/s)   (average 946.6 kb/s)      [[email protected] ~]# smbclient //10.18.11.29/share -u ubuntu          #使用ubuntu用户没有写权限Enter  ubuntu ' S password: domain=[mygroup] os =[windows 6.1] server=[samba 4.2.10]smb: \> lcd smb: \> lcd  /etcsmb: \> put fstab nt_status_access_denied opening remote file  \fstab

Second, build a set of files Vsftp file sharing service, shared directory for/ftproot, requirements: (describe the complete process)
1) based on the virtual user's access form;
2) Anonymous users are allowed to download only, do not allow uploading;
3) Imprison all users in their home directory;
4) Limit the maximum number of concurrent connections to 200:;
5) Maximum transfer rate for anonymous users 512kb/s
6) The virtual user's account is stored in the MySQL database.
7) The database is shared via NFS.

The experimental environment is as follows

Ip	Use
10.18.11.29	Mysql+vsftp
10.18.11.30	Nfs

1. Install NFS Server

[[email protected] /]# yum install nfsutil* rpcbind         #安装nfs和rpcbind服务所需软件包 [[email protected] /]# mkdir /nfs          #创建共享文件夹 [[email protected] ~]# groupadd -g 1001  mysql         #添加mysql组 [[Email protected] ~]# useradd  -u 1001 -g 1001 mysql         #添加mysql用户 [[ email protected] ~]# chown mysql:mysql /nfs          #修改/nfs is MySQL, ready for datadir to be mounted on the MySQL server [[email protected] /]# vim /etc/exports          #编辑/etc/exports file, add permissions/nfs 10.18.11.29 (rw,sync,fsid=0,no_ Root_squash) [[email protected] /]# systemctl start rpcbind.service         # #启动rpcbind服务 [[email protected] /]# systemctl start nfs-server.service          #启动nfs服务

2. Client Mount NFS Folder

[Email protected]/]# mkdir/mysqldata #创建挂载路径 [[email protected]/]# mount-t NFS 10.18.11.30:/nfs/mysqldata #挂载nfs目录到/mysqldata

3. Install MySQL

[[email protected] ~]# Yum install-y mariadb mariadb-devel[[email protected] ~]# groupadd-g 1001 MySQL #添加mysql组 [ [Email protected] ~]# useradd-u 1001-g 1001 mysql #添加mysql用户 [[email protected] ~]# vim/etc/my.cnf #修改mysq L configuration file [Mysqld]datadir=/mysqldatasocket=/var/lib/mysql/mysql.sockcharacter-set = utf8user= mysql[[email protected]/]        # mysql_install_db--datadir= "/mysqldata/" #初始化mysql [[email protected]/]# systemctl status Mariadb.service #启动mysql

4. Create a Database

mariadb [(None)]> create database vsftpd;                mariadb [vsftpd]>  grant select on  vsftpd.* to [email protected] ' 10.18.11.29 '  identified by  ' magedu ';          #创建数据库用户, add query Permissions mariadb [vsftpd]> create table  users  (Id int auto_increment not null,name char ( binary not)  null,password char ()  binary not null,primary key (ID));          #在vsftpd数据库中创建表usersMariaDB  [vsftpd]> use vsftpdmariadb [ vsftpd]> flush privileges; Mariadb [vsftpd]> insert into users (Name,password)  values (' Vsftpd1 ', password (' Magedu '));         #插入用户vsftpd1      &NBsp;      query ok, 1 row affected  (0.02 SEC) mariadb [vsftpd]> select * from users;+----+---------+---------------------------- ---------------+| id | name    | password                                    |+----+---------+--------------------- ----------------------+|  1 | vsftpd1 | * 6b8ccc83799a26cd19d7ad9aeeadbcd30d8a8664 |+----+---------+-------------------------------------------+1  row in set  (0.00 SEC)

5. Pam-mysql Configuration

[[email protected] pam_mysql-0.7rc1]# vim/etc/pam.d/vsftpd #编辑配置文件, add the following two lines auth Required/lib64/security/pam_mysql. So user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users usercolumn=name Passwdcolumn=password crypt= 2account required/lib64/security/pam_mysql.so user=vsftpd passwd=magedu host=10.18.11.29 db=vsftpd table=users Usercolumn=name Passwdcolumn=password crypt=2

6. Modify VSFTP Configuration

[[Email protected] /]# useradd -s /sbin/nologin -d /var/ftproot vuser          #建立虚拟用户映射的系统用户及对应目录 [[Email protected] /]# chmod  go+rw /var/ftproot[[email protected] /]# vim /etc/vsftpd/vsftpd.conf           #修改vsftpd配置文件guest_enable =yes          #允许虚拟用户账号访问guest_username =vuser        # Gusest user mapping to vusermax_clients=200         #最多同时允许100个客户连接            anonymous_enable=YES          #允许匿名用户访问local_enable =yesanon_max_rate=512000        # Limit anonymous transfer rate to 512kb/s     anon_upload_enable=no          #anonymous是否具有上传的权限anon_mkdir_write_enable=no         #anonymous是否具有建立目录的权限anon_other_write_enable =no          #anonymous是否具有写入的权限chroot_local_user =yes          #对用户访问只限制在主目录不能访问其他目录user_config_dir =/etc/vsftpd/vusers    # Virtual Account Configuration Directory pam_service_name=vsftpd.mysql[[email protected] vusers]# vim /etc/vsftpd/vusers/ vsftpd1          #配置虚拟账号权限anon_upload_enable =yesanon_mkdir_write_ Enable=yesanon_other_write_enable=yes

7, running results

[[email protected] /]# ftp 10.18.11.29connected to 10.18.11.29  (10.18.11.29 ) .220  (vsftpd 3.0.2) name  (10.18.11.29:root): vsftpd1          #用虚拟账号登陆331  please specify the password. Password:230 login successful. Remote system type is unix. Using binary mode to transfer files.ftp> lcd /shell/local directory  now /shellftp> get test         #下载文件local:  test remote: test227 Entering Passive Mode  (10,18,11,29,195,159) .150  opening binary mode data connection for test  (0 bytes) .226  transfer complete.ftp> put case.sh         # Uploading Files Local: case.sh remote: case.sh227 entering passive mode  (10,18,11,29,234,27). 150 ok to send data.226 transfer complete.365  bytes sent in 9.2e-05 secs  (3967.39 kbytes/sec) ftp>

Tenth week job "Linux Micro Jobs"