文件服务器
1.要求
ZZSRV2.BIGCLOUD.LOCAL使用Samba、FTP、NFS来提供文件服务。
此服务器上单独安装1块100GB的磁盘,使用LVM来进行卷管理:
VG名称:DATAVG
使用全部的100GB物理磁盘
创建三个LV
LV名称 | 大小 | 文件系统 | MountPoint | 用途 |
LVSMB | 40GB | ext4 | /smb | SAMBA |
LVFTP | 30GB | ext4 | /ftp | FTP目录 |
LVNFS | 20GB | ext4 | /nfs | NFS目录 |
上述所有卷要求服务器启动时自动挂载
1.1 SAMBA
共享名 | 路径 | 权限 | 备注 |
SHAREDOCS | /smb/docs | 公司所有人员包括来宾均可以访问 | |
RDDOCS | /smb/tech | 仅允许研发组的用户进行读写访问 |
备注:研发组的组名为RD,目前的Alice、Jack、Tom三个人
1.2 FTP
路径 | 权限 | 备注 |
/ftp/open | 公司所有人员包括来宾均可以访问 | 只读 |
/ftp/private | 仅允许Alice、Jack、Tom三个人访问 | Alice、Jack只允许下载, Tom可以上传 |
2.实验环境:
# uname -a
Linux zzsrv1.bigcloud.local3.10.0-123.el7.x86_64 #1 SMP Mon Jun 30 12:09:22 UTC 2014 x86_64 x86_64 x86_64GNU/Linux
# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)
3.实验步骤
3.1 磁盘配置
首先添加一个100G的硬盘
查看磁盘信息
# fdisk -l
Disk /dev/sda: 42.9 GB, 42949672960 bytes,83886080 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk label type: dos
Disk identifier: 0x0003c31b
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 83886079 41430016 8e Linux LVM
Disk /dev/sdb: 107.4 GB, 107374182400bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
对sdb分区
# fdisk /dev/sdb
# fdisk -l /dev/sdb
Disk /dev/sdb: 107.4 GB, 107374182400bytes, 209715200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes /512 bytes
I/O size (minimum/optimal): 512 bytes / 512bytes
Disk label type: dos
Disk identifier: 0x4b2d2a4e
Device Boot Start End Blocks Id System
/dev/sdb1 2048 209715199 104856576 8e Linux LVM
3.2 LVM配置
创建pv
# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created
创建vg--DATAVG
# vgcreate DATAVG /dev/sdb1
Volume group "DATAVG" successfully created
创建三个lv--LVSMB、LVFTP、LVNFS
# lvcreate -n LVSMB -L 40G DATAVG
Logical volume "LVSMB" created
# lvcreate -n LVFTP -L 30G DATAVG
Logical volume "LVFTP" created
# vgdisplay DATAVG
---Volume group ---
VG Name DATAVG
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 3
VGAccess read/write
VGStatus resizable
MAXLV 0
CurLV 2
Open LV 0
MaxPV 0
CurPV 1
ActPV 1
VGSize 100.00 GiB
PESize 4.00 MiB
Total PE 25599
Alloc PE / Size 17920 /70.00 GiB
Free PE / Size 7679 / 30.00 GiB
VGUUID 3nOyTr-IUnZ-TGFQ-E4id-84rL-XfW9-lu1tbj
# lvcreate -n LVNFS -l 7679 DATAVG
Logical volume "LVNFS" created
3.3 文件系统配置
格式化LV
#mkfs.ext4 /dev/DATAVG/LVSMB
# mkfs.ext4/dev/DATAVG/LVFTP
# mkfs.ext4/dev/DATAVG/LVNFS
创建3个挂载点
# mkdir /smb
# mkdir /ftp
# mkdir /nfs
设置为开机自动挂载
# vi /etc/fstab
在最后添加3行如下
/dev/DATAVG/LVSMB /smb ext4 defaults 0 0
/dev/DATAVG/LVFTP /ftp ext4 defaults 0 0
/dev/DATAVG/LVNFS /nfs ext4 defaults 0 0
挂载LV
# mount /smb
# mount /ftp
# mount /nfs
查看挂载信息
# mount
/dev/mapper/DATAVG-LVSMB on /smb type ext4(rw,relatime,data=ordered)
/dev/mapper/DATAVG-LVFTP on /ftp type ext4(rw,relatime,data=ordered)
/dev/mapper/DATAVG-LVNFS on /nfs type ext4(rw,relatime,data=ordered)
3.4 SAMBA配置
3.4.1安装samba包
#yum -y install samba samba-client samba-common
3.4.2 配置samba
创建共享目录
# mkdir -p /smb/docs
# mkdir -p /smb/tech
配置内核参数
# ulimit -n 16384
# vi /etc/security/limits.conf
在最后加入
* - nofile 16384
# cd /etc/samba
修改之前先备份
# cp smb.conf smb.conf.origin
# vi /etc/samba/smb.conf
在配置文件中删除原有内容,添加如下内容
[global]
workgroup=BIGCLOUD
netbios name=zzsrv2
server string=Samba Server
security=user
map to guest=Bad User
[SHAREDOCS]
path=/smb/docs
readonly=yes
browseable=yes
guest ok=yes
[RDDOCS]
path = /smb/tech/
public = no
writable = yes
write list = @RD
valid users = @RD
创建用户
# useradd alice
# useradd jack
# useradd tom
# useradd RD
修改3个用户的附加组为RD组
# usermod -a -G RD alice
# usermod -a -G RD jack
# usermod -a -G RD tom
查看
# id alice
uid=1001(alice) gid=1001(alice)groups=1001(alice),1004(RD)
创建三个samba用户
# smbpasswd -a alice
# smbpasswd -a jack
# smbpasswd -a tom
将共享目录/smb/tech的属组改为RD
# chown RD:RD /smb/tech
修改权限
# chmod 770 /smb/tech
# ll -d /smb/tech
drwxrwx--- 2 RD RD 4096 Aug 20 23:21/smb/tech
重启samba服务
# systemctl restart smb
设置samba为自动启动
# systemctl enable smb
# testparm
Load smb config files from/etc/samba/smb.conf
Processing section "[SHAREDOCS]"
Processing section "[RDDOCS]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your servicedefinitions
[global]
workgroup = BIGCLOUD
server string = Samba Server
map to guest = Bad User
idmap config * : backend = tdb
[SHAREDOCS]
path = /smb/docs
guest ok = Yes
[RDDOCS]
path = /smb/tech/
valid users = @RD
write list = @RD
read only = No
3.4.3 测试
在linux上测试:
# smbclient -L localhost -U alice@P@ssw0rd
Enter alice@P@ssw0rd's password:
Anonymous login successful
Domain=[BIGCLOUD] OS=[Unix] Server=[Samba4.1.1]
Sharename Type Comment
--------- ---- -------
SHAREDOCS Disk
RDDOCS Disk
IPC$ IPC IPC Service (Samba Server)
Anonymous login successful
Domain=[BIGCLOUD] OS=[Unix] Server=[Samba4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
在windows上测试:
sharedocs文件夹不需登录即可访问,而rddocs只有RD组用户登录才能访问:
3.5 FTP配置
3.5.1安装ftp包
#yum -y install ftp vsftpd
# rpm -qa |grep db4-utils
# yum -y install db4-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
No package db4-utils available.
Error: Nothing to do
# find / -name "db_load"
/usr/bin/db_load
# rpm -qf /usr/bin/db_load
libdb-utils-5.3.21-17.el7.x86_64
# rpm -qc vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
3.5.2 配置公共访问的目录(公司所有人员包括来宾均可以访问/ftp/open)
# mkdir /ftp/open
创建测试文件
# echo opentest > /ftp/open/open.txt
# echo filetest > /tmp/filetest1.txt
# touch /ftp/open/anontest.txt
# cd /etc/vsftpd
# cp vsftpd.conf vsftpd.conf.origin
创建密码明文文件,存放用户名和密码
# vi /etc/vsftpd/vftpuser.txt
alice
P@ssw0rd
jack
P@ssw0rd
tom
P@ssw0rd
根据明文创建密码DB文件
# db_load -T -t hash -f /etc/vsftpd/vftpuser.txt /etc/vsftpd/vftpuser.db
查看DB文件
# file /etc/vsftpd/vftpuser.db
/etc/vsftpd/vftpuser.db: Berkeley DB (Hash,version 9, native byte-order)
创建vsftpd的guest账户
# useradd -d /ftp/private -s /sbin/nologinvftpuser
修改pam.d文件
# vi /etc/pam.d/vsftpd
将auth和account行注释掉,添加最后2行
#%PAM-1.0 session optional pam_keyinit.so force revoke #auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed #auth required pam_shells.so #auth include password-auth #account include password-auth session required pam_loginuid.so session include password-auth auth required pam_userdb.so db=/etc/vsftpd/vftpuser account required pam_userdb.so db=/etc/vsftpd/vftpuser |
# vi /etc/vsftpd/vsftpd.conf
在最后添加
anon_root=/ftp/open
virtual_use_local_privs=YES
guest_enable=YES
guest_username=vftpuser
chroot_local_user=YES
allow_writeable_chroot=YES
启动ftp服务
# systemctl start vsftpd
3.5.3 配置只有固定的人可访问的目录(只允许alice、jack、tom访问/ftp/private)
创建目录
# mkdir /ftp/private
创建vftpd的guest用户
# useradd -d /ftp/private -s /sbin/nologinvftpuser
useradd: warning: the home directoryalready exists.
Not copying any file from skel directoryinto it.
修改/ftp/private目录的属主和属组
# chown vftpuser:vftpuser /ftp/private
修改权限
# chmod 700 /ftp/private
# ll -ld /ftp/private
drwx------ 2 vftpuser vftpuser 4096 Aug 2103:00 /ftp/private
# vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
# vi /etc/vsftpd/chroot_list
alice
jack
tom
创建一个配置文件目录
# mkdir /etc/vsftpd/vftpd_user_conf
# cd /etc/vsftpd/vftpd_user_conf
分别为3个用户创建一个文件
# vi alice
write_enable=NO
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# vi jack(内容同alice一样)
# vi tom
write_enable=YES
anon_world_readable_only=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# vi /etc/vsftpd/vsftpd.conf
在配置文件最后增加一行
user_config_dir=/etc/vsftpd/vftpd_user_conf
# systemctl restart vsftpd
3.5.4 测试
匿名用户登录可以下载
# ftp localhost
...........
Name(localhost:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode(|||58297|).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Aug 20 16:18 anontest.txt
-rw-r--r-- 1 0 0 9 Aug 20 16:17open.txt
226 Directory send OK.
ftp> lcd /tmp
Local directory now /tmp
ftp> get open.txt
local: open.txt remote: open.txt
229 Entering Extended Passive Mode(|||11728|).
150 Opening BINARY mode data connection foropen.txt (9 bytes).
226Transfer complete.
9 bytes received in 7e-05 secs (128.57Kbytes/sec)
ftp> bye
221 Goodbye.
alice用户可以下载,不可以上传
# cd /tmp
# ftp localhost
.........
Name (localhost:root): alice
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode(|||46306|).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 37 Aug 20 20:03test1
226 Directory send OK.
ftp> get test1
local: test1 remote: test1
229 Entering Extended Passive Mode(|||35448|).
150 Opening BINARY mode data connection fortest1 (37 bytes).
226 Transfer complete.
37 bytes received in 7.4e-05 secs (500.00Kbytes/sec)
ftp> put private1
local: private1 remote: private1
229 Entering Extended Passive Mode(|||61661|).
550 Permissiondenied.
jack用户可以下载,不可以上传
# ftp localhost
..........
Name (localhost:root): jack
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode(|||32394|).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 37 Aug 20 20:03test1
226 Directory send OK.
ftp> get test1
local: test1 remote: test1
229 Entering Extended Passive Mode(|||43956|).
150 Opening BINARY mode data connection fortest1 (37 bytes).
226 Transfer complete.
37 bytes received in 6.5e-05 secs (569.23Kbytes/sec)
ftp> put private2
local: private2 remote: private2
229 Entering Extended Passive Mode(|||53640|).
550 Permissiondenied.
tom用户可以下载也可以上传
# ftp localhost
.........
Name (localhost:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode(|||10339|).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 37 Aug 20 20:03 test1
226 Directory send OK.
ftp> put private1
local: private1 remote: private1
229 Entering Extended Passive Mode(|||45878|).
150 Ok to send data.
226 Transfer complete.
ftp> ls
229 Entering Extended Passive Mode(|||58936|).
150 Here comes the directory listing.
-rw-r--r-- 1 1005 1005 0 Aug 20 20:12private1
-rw-r--r-- 1 0 0 37 Aug 20 20:03test1
226 Directory send OK.
