转至:https://blog.51cto.com/rylan/1945602
1.建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为magedu;
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“mageedu”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问;
以 centos7.2环境来搭建:
[root@localhost ~]# yum -y install samba ###安装samba服务 [root@localhost ~]# mkdir /data ###创建共享目录 [root@localhost ~]# useradd gentoo ###添加用户 [root@localhost ~]# useradd centos [root@localhost ~]# useradd ubuntu [root@localhost ~]# echo "gentoo"|passwd --stdin gentoo [root@localhost ~]# echo "centos"|passwd --stdin centos [root@localhost ~]# echo "ubuntu"|passwd --stdin ubuntu [root@localhost ~]# groupadd develop ###添加develop组 [root@localhost ~]# usermod -aG developgentoo ###gentoo附加组为develop [root@localhost ~]# usermod -aG developcentos ###centos附加组为develop
添加samba用户
[root@localhost ~]# smbpasswd -a gentoo [root@localhost ~]# smbpasswd -a centos [root@localhost ~]# smbpasswd -a ubuntu [root@localhost ~]# pdbedit -L ###列出所有samba用户 [root@localhost ~]# setfacl -mg:develop:rwx /data ###设置develop组具有写权限
编辑配置文件
[root@localhost ~]# vim /etc/samba/smb.conf [global] workgroup = magedu ###所属工作组 hosts allow = 192.168.0.0/16 ###仅允许192.168.0.0/16网络主机访问 [shared] ###共享名 comment = data dir ###注释信息 path = /data ###路径 browseable = yes ###能够被用户看到 read only = yes ###只读 write list = @develop ###拥有写权限的组 [root@localhost ~]# testparm ###测试 [root@localhost ~]# systemctl reloadsmb.service ###重载服务
客户端测试
[root@localhost ~]# smbclient//192.168.0.188/shared -U gentoo Enter gentoo's password: Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4] smb: \> lcd /etc/ smb: \> put fstab putting file fstab as \fstab (12.6 kb/s)(average 12.6 kb/s) ###gentoo用户可上传 [root@localhost ~]# smbclient//192.168.0.188/shared -U centos Enter centos's password: Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4] smb: \> lcd /etc smb: \> put php.ini putting file php.ini as \php.ini (1102.8kb/s) (average 1102.8 kb/s) ###centos用户可上传 [root@localhost ~]# smbclient//192.168.0.188/shared -U ubuntu Enter ubuntu's password: Domain=[MAGEDU] OS=[Windows 6.1]Server=[Samba 4.4.4] smb: \> lcd /etc smb: \> put resolv.conf NT_STATUS_ACCESS_DENIED opening remote file\resolv.conf ###ubuntu用户无法上传
至此结束!
2.搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)
1)基于虚拟用户的访问形式;
2)匿名用户只允许下载,不允许上传;
3)禁锢所有的用户于其家目录当中;
4)限制最大并发连接数为200:;
5)匿名用户的最大传输速率512KB/s
6)虚拟用户的账号存储在mysql数据库当中。
7)数据库通过NFS进行共享。
以CentOS7.2环境来搭建
(1) 编译安装pam_mysql-0.7RC1.tar.gz
[root@localhost ~]# yum -y install vsftpd ###安装vsftpd [root@localhost dylan]# yum -y groupinstall"Development Tools" "Server Platform Development" [root@localhost dylan]# yum -y installmariadb-server mariadb-devel openssl-devel pam-devel [root@localhost dylan]# tar -xfpam_mysql-0.7RC1.tar.gz [root@localhost dylan]# cdpam_mysql-0.7RC1/ [root@localhost pam_mysql-0.7RC1]#./configure --with-mysql=/usr --with-openssl=/usr --with-pam=/usr--with-pam-mods-dir=/lib64/security [root@localhost pam_mysql-0.7RC1]# make [root@localhost pam_mysql-0.7RC1]# make install
(2) 配置并创建所需库表
[root@localhost pam_mysql-0.7RC1]# mysql-uroot -pxiaozhang ###配置mysql数据库 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 11 Server version: 5.5.52-MariaDB MariaDBServer Copyright (c) 2000, 2016, Oracle, MariaDBCorporation Ab and others. Type 'help;' or '\h' for help. Type '\c' toclear the current input statement. MariaDB [(none)]> create databasevsftpd; ###创建vsftpd库 Query OK, 1 row affected (0.01 sec) MariaDB [(none)]> use vsftpd; Database changed MariaDB [vsftpd]> create table users( ###创建表结构 -> id int auto_increment not null primary key, -> name char(30) not null, -> password char(48) binary not null); Query OK, 0 rows affected (0.02 sec) MariaDB [vsftpd]> insert intousers(name,password) values('tom',password('xiaozhang')); ###表中插入两条数据 Query OK, 1 row affected (0.00 sec) MariaDB [vsftpd]> insert intousers(name,password) values('jerry',password('xiaozhang1')); Query OK, 1 row affected (0.01 sec) MariaDB [vsftpd]> grant select onvsftpd.* to vsftpd@localhost identified by 'xiaozhang'; ###授权vsftpd用户 Query OK, 0 rows affected (0.00 sec) MariaDB [vsftpd]> grant select onvsftpd.* to vsftpd@'127.0.0.1' identified by 'xiaozhang' ;Query OK, 0 rows affected (0.00 sec) MariaDB [vsftpd]> flush privileges; Query OK, 0 rows affected (0.01 sec)
(3)创建pam配置文件并创建系统虚拟用户vuser
[root@localhost dylan]# vim /etc/pam.d/vsftpd.mysql ###创建vsftpd.mysql作为pam认证文件 auth required pam_mysql.so user=vsftpdpasswd=xiaozhang host=localhost db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=xiaozhang host=localhostdb=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 [root@localhost dylan]# useradd -s /sbin/nologin-d /ftproot vuser ###创建系统虚拟用户vuser [root@localhost dylan]# chmod go+rx/ftproot/
(4)修改vsftpd配置文件
anonymous_enable=YES ###启用虚拟用户 local_enable=YES ###启用本地用户 write_enable=YES ###允许用户有写权限 anon_upload_enable=NO ###匿名用户不允许上传 chroot_local_user=YES ###禁锢所有的用户于其家目录当中 max_clients=200 ###限制最大并发连接数为200 anon_max_rate=512000 ###匿名用户的最大传输速率512KB/s guest_enable=YES ###激活虚拟用户 guest_username=vuser ###创建vuser用户作为虚拟对应用户 pam_service_name=vsftpd.mysql ###vsftpd.mysql作为pam认证文件
(5)测试
[root@localhost ~]# ftp 192.168.0.104 ###ftp远程连接 Connected to 192.168.0.104 (192.168.0.104). 220 (vsFTPd 3.0.2) Name (192.168.0.104:root): tom 331 Please specify the password. Password: 500 OOPS: vsftpd: refusing to run withwritable root inside chroot() Login failed. 421 Service not available, remote serverhas closed connection ###连接失败 [root@localhost ~]# chmod -w /ftproot ###去掉服务端家目录的写权限 [root@localhost ~]# mkdir /ftproot/{pub,upload} ###创建家目录两个目录 [root@localhost ~]# ftp 192.168.0.104 ###重新连接 Connected to 192.168.0.104 (192.168.0.104). 220 (vsFTPd 3.0.2) Name (192.168.0.104:root): tom 331 Please specify the password. Password: 230 Login successful. ###登陆成功 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ###查看目录 227 Entering Passive Mode(192,168,0,104,150,82). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 6 Jul 05 02:11 pub drwxr-xr-x 2 0 0 6 Jul 05 02:11 upload 226 Directory send OK. ###测试成功
(6)另:如果想upload目录匿名用户可上传文件,需:
[root@localhost ~]# chown vuser/ftproot/upload/ [root@localhost ~]# vim/etc/vsftpd/vsftpd.conf anon_upload_enable=YES ###开启匿名用户上传即可 [root@localhost ~]# systemctl restartvsftpd.service 如果两个虚拟用户,一个可上传,一个不可上传,需这样配置: 主配置文件中支持每一个虚拟用户可以有自己的单独的配置文件这样的方式解决 [root@localhost ~]# mkdir /etc/vsftpd/vuser.conf.d ###创建配置目录 [root@localhost ~]# vim/etc/vsftpd/vuser.conf.d/tom ###目录中创建以虚拟用户名为文件名文件 anon_upload_enable=YES ###添加此项,表示允许上传 [root@localhost ~]# vim/etc/vsftpd/vuser.conf.d/jerry anon_upload_enable=NO ###表示不允许上传 [root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ###编辑主配置文件 #anonymous_enable=YES ###注释此项 user_config_dir=/etc/vsftpd/vuser.conf.d/ ###添加用户目录 [root@localhost ~]# systemctl restartvsftpd.service ###重启服务即可实现
(7)数据库通过NFS进行共享
[root@localhost ~]# yum install nfs-utils-y ###安装nfs-utils [root@localhost ~]# systemctl startnfs.service [root@localhost ~]# ss -tnl LISTEN 0 64 :::2049 :::* mysql数据目录为datadir=/var/lib/mysql [root@localhost ~]# vim/etc/exports.d/mydata.exports /var/lib/mysql 192.168.0.0/16(rw,root_squash) ###读写权限及压缩root用户权限 [root@localhost ~]# exportfs -r ###导出共享目录 [root@localhost ~]# showmount -e192.168.0.104 ###查看共享目录 Export list for 192.168.0.104: /var/lib/mysql 192.168.0.0/16 [root@localhost /]# mkdir /mydata/data -p ###客户端创建挂载目录 [root@localhost /]# mount -t nfs192.168.0.104:/var/lib/mysql /mydata/data ###客户端挂载 [root@localhost /]# mount ###查看挂载信息 192.168.0.104:/var/lib/mysql on/mydata/data type nfs4(rw,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.104,local_lock=none,addr=192.168.0.104)
至此完成!