溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
1、建立samba共享,共享目錄為/data,要求:(描述完整的過程)
1)共享名為shared,工作組為magedu;
2)添加組develop,添加用戶gentoo,centos和ubuntu,其中gentoo和centos以develop為附加組,ubuntu不屬于develop組;密碼均為用戶名;
3)添加samba用戶gentoo,centos和ubuntu,密碼均為“mageedu”;
4)此samba共享shared僅允許develop組具有寫權限,其他用戶只能以只讀方式訪問;
5)此samba共享服務僅允許來自于172.16.0.0/16網絡的主機訪問;
以 centos7.2環境來搭建
[root@localhost ~]# yum -y install samba ###安裝samba服務
[root@localhost ~]# mkdir /data ###創建共享目錄
[root@localhost ~]# useradd gentoo ###添加用戶
[root@localhost ~]# useradd centos
[root@localhost ~]# useradd ubuntu
[root@localhost ~]# echo "gentoo"|passwd --stdin gentoo
[root@localhost ~]# echo "centos"|passwd --stdin centos
[root@localhost ~]# echo "ubuntu"|passwd --stdin ubuntu
[root@localhost ~]# groupadd develop ###添加develop組
[root@localhost ~]# usermod -aG developgentoo ###gentoo附加組為develop
[root@localhost ~]# usermod -aG developcentos ###centos附加組為develop
###添加samba用戶
[root@localhost ~]# smbpasswd -a gentoo
[root@localhost ~]# smbpasswd -a centos
[root@localhost ~]# smbpasswd -a ubuntu
[root@localhost ~]# pdbedit -L ###列出所有samba用戶
[root@localhost ~]# setfacl -mg:develop:rwx /data ###設置develop組具有寫權限
[root@localhost ~]# vim /etc/samba/smb.conf ###編輯配置文件
[global]
workgroup = magedu ###所屬工作組
hosts allow = 192.168.0.0/16 ###僅允許192.168.0.0/16網絡主機訪問
[shared] ###共享名
comment = data dir ###注釋信息
path = /data ###路徑
browseable = yes ###能夠被用戶看到
read only = yes ###只讀
write list = @develop ###擁有寫權限的組
[root@localhost ~]# testparm ###測試
[root@localhost ~]# systemctl reloadsmb.service ###重載服務
###客戶端測試
[root@localhost ~]# smbclient//192.168.0.188/shared -U gentoo
Enter gentoo's password:
Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4]
smb: \> lcd /etc/
smb: \> put fstab
putting file fstab as \fstab (12.6 kb/s)(average 12.6 kb/s) ###gentoo用戶可上傳
[root@localhost ~]# smbclient//192.168.0.188/shared -U centos
Enter centos's password:
Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4]
smb: \> lcd /etc
smb: \> put php.ini
putting file php.ini as \php.ini (1102.8kb/s) (average 1102.8 kb/s) ###centos用戶可上傳
[root@localhost ~]# smbclient//192.168.0.188/shared -U ubuntu
Enter ubuntu's password:
Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4]
smb: \> lcd /etc
smb: \> put resolv.conf
NT_STATUS_ACCESS_DENIED opening remote file\resolv.conf ###ubuntu用戶無法上傳
至此結束
2、搭建一套文件vsftp文件共享服務,共享目錄為/ftproot,要求:(描述完整的過程)
1)基于虛擬用戶的訪問形式;
2)匿名用戶只允許下載,不允許上傳;
3)禁錮所有的用戶于其家目錄當中;
4)限制最大并發連接數為200:;
5)匿名用戶的最大傳輸速率512KB/s
6)虛擬用戶的賬號存儲在mysql數據庫當中。
7)數據庫通過NFS進行共享。
以CentOS7.2環境來搭建
(1) 編譯安裝pam_mysql-0.7RC1.tar.gz
[root@localhost ~]# yum -y install vsftpd ###安裝vsftpd
[root@localhost dylan]# yum -y groupinstall"Development Tools" "Server Platform Development"
[root@localhost dylan]# yum -y installmariadb-server mariadb-devel openssl-devel pam-devel
[root@localhost dylan]# tar -xfpam_mysql-0.7RC1.tar.gz
[root@localhost dylan]# cdpam_mysql-0.7RC1/
[root@localhost pam_mysql-0.7RC1]#./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr--with-pam-mods-dir=/lib64/security
[root@localhost pam_mysql-0.7RC1]# make
[root@localhost pam_mysql-0.7RC1]# makeinstall
(2) 配置并創建所需庫表
[root@localhost pam_mysql-0.7RC1]# mysql-uroot -pxiaozhang ###配置mysql數據庫
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.52-MariaDB MariaDBServer
Copyright (c) 2000, 2016, Oracle, MariaDBCorporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' toclear the current input statement.
MariaDB [(none)]> create databasevsftpd; ###創建vsftpd庫
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> use vsftpd;
Database changed
MariaDB [vsftpd]> create table users( ###創建表結構
-> id int auto_increment not null primary key,
-> name char(30) not null,
-> password char(48) binary not null);
Query OK, 0 rows affected (0.02 sec)
MariaDB [vsftpd]> insert intousers(name,password) values('tom',password('xiaozhang')); ###表中插入兩條數據
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert intousers(name,password) values('jerry',password('xiaozhang1'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> grant select onvsftpd.* to vsftpd@localhost identified by 'xiaozhang';
###授權vsftpd用戶
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> grant select onvsftpd.* to vsftpd@'127.0.0.1' identified by 'xiaozhang'
;Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
(3)創建pam配置文件并創建系統虛擬用戶vuser
[root@localhost dylan]# vim /etc/pam.d/vsftpd.mysql ###創建vsftpd.mysql作為pam認證文件
auth required pam_mysql.so user=vsftpdpasswd=xiaozhang host=localhost db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=xiaozhang host=localhostdb=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@localhost dylan]# useradd -s /sbin/nologin-d /ftproot vuser ###創建系統虛擬用戶vuser
[root@localhost dylan]# chmod go+rx/ftproot/
(4)修改vsftpd配置文件
anonymous_enable=YES ###啟用虛擬用戶
local_enable=YES ###啟用本地用戶
write_enable=YES ###允許用戶有寫權限
anon_upload_enable=NO ###匿名用戶不允許上傳
chroot_local_user=YES ###禁錮所有的用戶于其家目錄當中
max_clients=200 ###限制最大并發連接數為200
anon_max_rate=512000 ###匿名用戶的最大傳輸速率512KB/s
guest_enable=YES ###激活虛擬用戶
guest_username=vuser ###創建vuser用戶作為虛擬對應用戶
pam_service_name=vsftpd.mysql ###vsftpd.mysql作為pam認證文件
(5)測試
[root@localhost ~]# ftp 192.168.0.104 ###ftp遠程連接
Connected to 192.168.0.104 (192.168.0.104).
220 (vsFTPd 3.0.2)
Name (192.168.0.104:root): tom
331 Please specify the password.
Password:
500 OOPS: vsftpd: refusing to run withwritable root inside chroot()
Login failed.
421 Service not available, remote serverhas closed connection ###連接失敗
[root@localhost ~]# chmod -w /ftproot ###去掉服務端家目錄的寫權限
[root@localhost ~]# mkdir /ftproot/{pub,upload} ###創建家目錄兩個目錄
[root@localhost ~]# ftp 192.168.0.104 ###重新連接
Connected to 192.168.0.104 (192.168.0.104).
220 (vsFTPd 3.0.2)
Name (192.168.0.104:root): tom
331 Please specify the password.
Password:
230 Login successful. ###登陸成功
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ###查看目錄
227 Entering Passive Mode(192,168,0,104,150,82).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Jul 05 02:11 pub
drwxr-xr-x 2 0 0 6 Jul 05 02:11 upload
226 Directory send OK. ###測試成功
(6)另:如果想upload目錄匿名用戶可上傳文件,需:
[root@localhost ~]# chown vuser/ftproot/upload/
[root@localhost ~]# vim/etc/vsftpd/vsftpd.conf
anon_upload_enable=YES ###開啟匿名用戶上傳即可
[root@localhost ~]# systemctl restartvsftpd.service
如果兩個虛擬用戶,一個可上傳,一個不可上傳,需這樣配置:
主配置文件中支持每一個虛擬用戶可以有自己的單獨的配置文件這樣的方式解決
[root@localhost ~]# mkdir /etc/vsftpd/vuser.conf.d ###創建配置目錄
[root@localhost ~]# vim/etc/vsftpd/vuser.conf.d/tom ###目錄中創建以虛擬用戶名為文件名文件
anon_upload_enable=YES ###添加此項,表示允許上傳
[root@localhost ~]# vim/etc/vsftpd/vuser.conf.d/jerry
anon_upload_enable=NO ###表示不允許上傳
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ###編輯主配置文件
#anonymous_enable=YES ###注釋此項
user_config_dir=/etc/vsftpd/vuser.conf.d/ ###添加用戶目錄
[root@localhost ~]# systemctl restartvsftpd.service ###重啟服務即可實現
(7)數據庫通過NFS進行共享
[root@localhost ~]# yum install nfs-utils-y ###安裝nfs-utils
[root@localhost ~]# systemctl startnfs.service
[root@localhost ~]# ss -tnl
LISTEN 0 64 :::2049 :::*
mysql數據目錄為datadir=/var/lib/mysql
[root@localhost ~]# vim/etc/exports.d/mydata.exports
/var/lib/mysql 192.168.0.0/16(rw,root_squash) ###讀寫權限及壓縮root用戶權限
[root@localhost ~]# exportfs -r ###導出共享目錄
[root@localhost ~]# showmount -e192.168.0.104 ###查看共享目錄
Export list for 192.168.0.104:
/var/lib/mysql 192.168.0.0/16
[root@localhost /]# mkdir /mydata/data -p ###客戶端創建掛載目錄
[root@localhost /]# mount -t nfs192.168.0.104:/var/lib/mysql /mydata/data ###客戶端掛載
[root@localhost /]# mount ###查看掛載信息
192.168.0.104:/var/lib/mysql on/mydata/data type nfs4(rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.104,local_lock=none,addr=192.168.0.104)
至此完成
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
