站長新書 站長開講 首頁 最新文章 站長著作及審校 FreeBSD 筆記 Linux 筆記 Windows 筆記 虛擬化筆記 網管人雜誌 遊山玩水 關於本站
站長新書 VMware vSphere ICM 團購開跑了!!

Unit6-Network File Sharing Services

Lab

Lab1. FTP Server (vsftpd)

 #yum -y install vsftpd                          //安裝 vsftpd 相關套件
 #vi /etc/sysconfig/iptables-config
 IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"
 # vi /etc/sysconfig/iptables                    //開放 ftp 服務
 -A FW-RULES -p tcp -s 116.50.43.82/32 --dport 21 -j ACCEPT
 -A FW-RULES -p udp -s 116.50.43.82/32 --dport 21 -j ACCEPT
 #service iptables restart                       //重新啟動 iptables 服務
 #service vsftpd start                           //啟動 vsftpd 服務
 #chkconfig vsftpd on                            //設定 vsftpd 服務開機自動啟動
 #semanage fcontext -l |grep ftp
 #getsebool -a |grep ftp
 allow_ftpd_anon_write --> off
 #setsebool -P allow_ftpd_anon_write on          //開啟 SELiunx 設定讓匿名也能上傳
 #mkdir /var/ftp/incoming
 #chown root:ftp incoming ; chmod 730 incoming   //只能上傳但無法看到目錄內容
 #ls -Z
 drwx-wx---  root ftp user_u:object_r:public_content_t incoming
 drwxr-xr-x  root root system_u:object_r:public_content_t pub
 #chcon -t public_content_rw_t incoming
 #ls -Z
 drwx-wx---  root ftp  user_u:object_r:public_content_rw_t incoming
 drwxr-xr-x  root root system_u:object_r:public_content_t pub 
 #vi /etc/vsftpd/vsftpd.conf
 anonymous_enable=YES
 anon_upload_enable=YES                         //取消註解
 anon_umask=077                                 //自行新增
 chown_uploads=YES                              //取消註解
 chown_username=daemon                          //修改 name
 #service vsftpd restart
 #getsebool -a |grep ftp
 ftp_home_dir --> off
 #setsebool -P ftp_home_dir on                  //設定讓使用者可以登入家目錄 (但沒有 Chroot 限制)
 #chkconfig vsftpd on

Lab2. NFS Server

NFS Server Setting (192.168.0.100)

 #vi /etc/sysconfig/nfs     (grep "PORT" /etc/sysconfig/nfs)
 RQUOTAD_PORT=4001
 LOCKD_TCPPORT=4002
 LOCKD_UDPPORT=4002
 MOUNTD_PORT=4003
 STATD_PORT=4004
 #vi /etc/sysconfig/iptables  (111 portmap、2049 nfs)
 -A FW-RULES -p tcp -s 192.168.0.200/32 --dport 111 -j ACCEPT
 -A FW-RULES -p udp -s 192.168.0.200/32 --dport 111 -j ACCEPT
 -A FW-RULES -p tcp -s 192.168.0.200/32 --dport 4001:4004 -j ACCEPT
 -A FW-RULES -p udp -s 192.168.0.200/32 --dport 4001:4004 -j ACCEPT
 -A FW-RULES -p tcp -s 192.168.0.200/32 --dport 2049 -j ACCEPT
 -A FW-RULES -p udp -s 192.168.0.200/32 --dport 2049 -j ACCEPT
 #cat /etc/exports
 /nfsshare               192.168.0.200(rw,no_root_squash)
 #exportfs -rv
 exporting 192.168.0.200:/nfsshare
 #service portmap start ; chkconfig portmap on
 #service nfs start ; chkconfig nfs on
 #service portmap status ; service nfs status
 #chkconfig --list | grep -e portmap -e nfs
 nfs             0:off   1:off   2:on    3:on    4:on    5:on    6:off
 portmap         0:off   1:off   2:on    3:on    4:on    5:on    6:off
 #netstat –tnupl  (確定有沒有 Listen 111、2049、4001 ~ 4004)
 #rpcinfo –p localhsot
 #showmount –e localhost

NFS Client test (192.168.0.200)

 #rpcinfo -p 192.168.0.100
 #showmount -e 192.168.0.100
 /nfsshare 192.168.0.200
 #mount server:/nfsshare /mnt
 #df –h
 server:/nfsshare      4.9G  454M  4.2G  10% /mnt

MeFAQ

出現下列錯誤訊息,原因為 IPTables 設定有問題 (設好 nfs 後忘了重啟 nfs service)

 rpc mount export: RPC: Unable to receive; errno = No route to host

Lab3. Samba(CIFS)

 #yum -y install samba samba-client
 #semanage fcontext -l |grep samba
 #getsebool -a |grep samba
 #vi /etc/sysconfig/iptables
 -A FW-RULES -p tcp -s 192.168.0.100/32 --dport 445 -j ACCEPT
 -A FW-RULES -p udp -s 192.168.0.100/32 --dport 445 -j ACCEPT
 #smbpasswd -a weithenn                        //weithenn 必須有系統帳號才可順利新增 samba 帳號
 #pdbedit –L                                  //查看 samba 帳號資料庫
 weithenn:501:
 #smbclient -L localhost –N                   //列出 samba 分享哪些
 #setsebool -P samba_enable_home_dirs on       //SELinux
 #smbclient //server/bob -U bob                //到個人家目錄
 Password:
 Domain=[SERVER] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
 smb: \> ls                                    //可用 mget 下載檔案,用 mput 上傳檔案
 #service smb restart
 #chkconfig smb on

Lab4. 設定 Samba 分享資料夾

分享名稱為 depts 資料夾

 #cat /etc/samba/smb.conf                      //修改 samba 設定檔
 [depts]
         comment = Public Stuff
         path = /home/depts
         public = yes
         writable = yes
         write list = bob
 #smbclient //localhost/depts -U weithenn
 #smbclient //server/depts –U weithenn
 #setfacl -m u:bob:rwx /home/samba            //設定 ACLs (否則 bob 無法上傳檔案)
 #service smb restart
 #chkconfig smb on

分享名稱為 hr 資料夾

 #cat /etc/samba/smb.conf
 [hr]
         comment = Public Stuff
         path = /home/depts/hr
         public = no
         write list = @hr
         create mask = 0660
 #mkdir /home/depts/hr
 #chown root:hr /home/depts/hr
 #chmod 3770 /home/depts/hr
 #smbclient //server/depts/hr –U weithenn
 #service smb restart
 #chkconfig smb on
Go To Oddmuse OrgGo To FreeBSD OrgCreative Commons 2.5 Taiwansitestates.com