未加星标

22期第十三周课堂练习

字体大小 | |
[系统(linux) 所属分类 系统(linux) | 发布者 店小二03 | 时间 2017 | 作者 红领巾 ] 0人收藏点击收藏

1、建立samba共享,共享目录为/data,要求:(描述完整的过程)

1)共享名为shared,工作组为magedu;

2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;

3)添加samba用户gentoo,centos和ubuntu,密码均为“mageedu”;

4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;

5)此samba共享服务仅允许来自于172.16.0.0/16网络的主机访问;

[[email protected] ~]#yum info samba.x86_64 #查看samba包的信息
[[email protected] ~]#yum -y install samba.x86_64 #安装samba服务
[[email protected] ~]#rpm -ql samba #查看samba安装后的文件
[[email protected] ~]#groupadd develop #添加develop组
[[email protected] ~]#useradd -G develop gentoo #添加gentoo用户并给它指定附加组develop
[[email protected] ~]#useradd -G develop centos #添加centos用户并给它指定附加组develop
[[email protected] ~]#useradd ubuntu #添加ubuntu用户
[[email protected] ~]#echo "gentoo" | passwd --stdin gentoo #添加密码
[[email protected] ~]#echo "centos" | passwd --stdin centos
[[email protected] ~]#echo "ubuntu" | passwd --stdin ubuntu
[[email protected] ~]#smbpasswd -a centos #为samba服务添加centos用户,此处需要输入密码我设置为centos
[[email protected] ~]#smbpasswd -a gentoo #此处需要输入密码我设置为gentoo
[[email protected] ~]#smbpasswd -a ubuntu #此处需要输入密码我设置为ubuntu
[[email protected] ~]#mkdir /data #建分享目录
[[email protected] ~]#chmod g+w /data #修改分享目录的组写权限
[[email protected] ~]#chown :develop /data #修改分享目录的数组
[[email protected] ~]# ll -d /data/
drwxrwxr-x 3 root develop 4096 Jan 3 20:31 /data/
[[email protected] ~]#vim /etc/samba/smb.conf
hosts allow = 172.16. //仅允许来自于172.16.0.0/16网络的主机访问
workgroup = magedu //工作组为magedu
security = user // 使用SANBA服务自我管理的账号和密码进行用户认证; 用户必须OS用户,但密码非为OS用户的密码;而是用访问samba服务的专用密码;
passdb backend = tdbsam
[share]
comment = myshare
path = /data
browseable = yes
write list = @develop
测试:
[[email protected] ~]# smbclient //192.168.180.130/share -U centos
Enter centos's password:
Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> mkdir test
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (786.1 kb/s) (average 786.1 kb/s)
[[email protected] ~]# smbclient //192.168.180.130/share -U gentoo
Enter centos's password:
Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> mkdir test
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (786.1 kb/s) (average 786.1 kb/s)
[[email protected] ~]# smbclient //192.168.180.130/share -U gentoo
Enter gentoo's password:
Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> lcd /etc/yum
yum/ yum.conf yum.repos.d/
smb: \> lcd /etc/yum.repos.d/
smb: \> put local.repo
putting file local.repo as \local.repo (24.4 kb/s) (average 24.4 kb/s)
smb: \>
[[email protected] ~]# smbclient //192.168.180.130/share -U ubuntu
Enter ubuntu's password:
Domain=[MAGEDU] OS=[Unix] Server=[Samba 3.6.9-164.el6]
smb: \> lcd /etc
smb: \> lcd yum.repos.d
smb: \> !ls
CentOS-Base.repo.bak CentOS-Media.repo epel.repo.bak local.repo
CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo
smb: \> put local.repo
NT_STATUS_ACCESS_DENIED opening remote file \local.repo

2、搭建一套文件vsftp文件共享服务,共享目录为/ftproot,要求:(描述完整的过程)

1)基于虚拟用户的访问形式;

2)匿名用户只允许下载,不允许上传;

3)禁锢所有的用户于其家目录当中;

4)限制最大并发连接数为200:;

5)匿名用户的最大传输速率512KB/s

6)虚拟用户的账号存储在mysql数据库当中。

7)数据库通过NFS进行共享。

1.安装开发包
#yum -y groupinstall "Development Tools" "Server Platform Development"
2.安装依赖包
#yum -y install pam-devel openssl-devel
3.编译安装pam_mysql
#./configure --with-mysql=/usr/local/mysql --with-openssl=/usr --with-pam=/usr --with-pam-mods-dir=/lib64/security
#make && make install
4.创建本地用户用于虚拟用户的映射
[email protected] ~]# useradd -s /sbin/nologin -d /ftproot vuser
[[email protected] ~]# chmod go+rx /ftproot
[[email protected] ~]# chmod -w /ftproot
5.编辑vsftpd配置文件:
[[email protected] ~]# vim /etc/vsftpd//vsftpd.conf
anonymous_enable=YES //开启匿名访问
local_enable=YES //启用本地认证
write_enable=YES //启用写入权限
anon_upload_enable=NO //禁用匿名用户上传
chroot_local_user=YES //锁定用户的目录
max_clients=200 //最大并发数
anon_max_rate=512000 //限制匿名用户传输速率
guest_enable=YES //启用来宾账户
guest_username=vuser //来宾账户映射本地用户
pam_service_name=vsftpd.mysql //pam文件
6.对mysql进行授权
[email protected] ~]# mysql
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(
-> id int auto_increment not null primary key,
-> name char(30) not null,
-> password char(48) binary not null );
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('test1',password('123456'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('test2',password('123456'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to [email protected] identified by '123456';
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'127.0.0.1' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> exit
Bye
7.编辑vsftpd.mysql
[[email protected] pam.d]vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=mageedu host=localhost db=vsftpd table=users
usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=mageedu host=localhost db=vsftpd table=users
usercolumn=name passwdcolumn=password crypt=2
8.测试
[[email protected] pam.d]# ftp 192.168.180.130
Connected to 192.168.180.130 (192.168.180.130).
220 (vsFTPd 2.2.2)
Name (192.168.180.130:root): test1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.
[[email protected] pam.d]# ftp 192.168.180.130
Connected to 192.168.180.130 (192.168.180.130).
220 (vsFTPd 2.2.2)
Name (192.168.180.130:root): test2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
9.配置nfs
[[email protected] pam.d]# service nfs restart
Shutting down NFS daemon: [ OK ]
Shutting down NFS mountd: [ OK ]
Shutting down NFS quotas: [ OK ]
Shutting down RPC idmapd: [ OK ]
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
Starting RPC idmapd: [ OK ]
10.导出目录
[[email protected] data]# cat /etc/exports
/mydata/data 192.168.180.0/24(rw)
[[email protected] data]# mount -t nfs 192.168.180.130:/mydata/data /media

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

分页:12
转载请注明
本文标题:22期第十三周课堂练习
本站链接:http://www.codesec.net/view/521926.html
分享请点击:


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(44)