N22-第十三周作業

1、建立samba共享，共享目錄為/data，要求：（描述完整的過程）
  1)共享名為shared，工作組為magedu；
  2)添加組develop，添加用戶gentoo,centos和ubuntu，其中gentoo和centos以develop為附加組，ubuntu不屬于develop組；密碼均為用戶名；
  3)添加samba用戶gentoo,centos和ubuntu，密碼均為“mageedu”；
  4)此samba共享shared僅允許develop組具有寫權限，其他用戶只能以只讀方式訪問；
  5)此samba共享服務僅允許來自于172.16.0.0/16網絡的主機訪問；

添加用戶和組：

[root@localhost ~]# groupadd develop

[root@localhost ~]# useradd -G develop gentoo
[root@localhost ~]# useradd -G develop centos
[root@localhost ~]# useradd -G develop ubuntu

設置用戶密碼：

[root@localhost ~]# echo "gentoo" |passwd –stdin gentoo

[root@localhost ~]# echo "centos" |passwd –stdin centos

[root@localhost ~]# echo "ubuntu" |passwd –stdin ubuntu

添加samba用戶：

[root@localhost samba]# smbpasswd -a gentoo
New SMB password:
Retype new SMB password:
Added user gentoo.
[root@localhost samba]# smbpasswd -a centos
New SMB password:
Retype new SMB password:
Added user centos.
[root@localhost samba]# smbpasswd -a ubuntu
New SMB password:
Retype new SMB password:
Added user ubuntu.

修改共享目錄/data/的acl：

[root@localhost ~]# setfacl -m g:develop:rwx /data/

編輯samba配置文件：

[root@localhost ~]# vim /etc/samba/smb.conf

workgroup = magedu    

hosts allow = 172.16.0.0/16

[shared]
        comment = test
        pahth = /data
        browseable = yes

        guest ok = yes

        writable = no
        write list = @develop

重新加載samba服務：

[root@localhost ~]# systemctl reload smb.service

測試centos用戶：

[root@localhost ~]# smbclient //192.168.1.120/shared -U centos
Enter centos's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> put fstab
putting file fstab as \fstab (254.9 kb/s) (average 254.9 kb/s)
測試gentoo用戶：

root@localhost ~]# smbclient //192.168.1.120/shared -U gentoo
Enter centos's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> put crontab
putting file crontab as \crontab (146.8 kb/s) (average 146.8 kb/s)

測試ubuntu用戶：

[root@localhost ~]# smbclient //192.168.1.120/shared -U ubuntu
Enter ubuntu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.10]
smb: \> get fstab
getting file \fstab of size 783 as fstab (191.2 KiloBytes/sec) (average 191.2 KiloBytes/sec)
smb: \> put hosts
NT_STATUS_ACCESS_DENIED opening remote file \hosts

2、搭建一套文件vsftp文件共享服務，共享目錄為/ftproot,要求：（描述完整的過程）
1)基于虛擬用戶的訪問形式；

2)匿名用戶只允許下載，不允許上傳；

3)禁錮所有的用戶于其家目錄當中；

4)限制最大并發連接數為200:；

5)匿名用戶的最大傳輸速率512KB/s

6)虛擬用戶的賬號存儲在mysql數據庫當中。
7)數據庫通過NFS進行共享。
安裝mariadb-server和vsftpd

[root@localhost ~]# yum install mariadb-server

[root@localhost ~]# yum install vsftpd

編譯安裝pam-mysql:

[root@localhost ~]#yum groupinstall "Development Tools" "Server Platform Development"

[root@localhost ~]#yum install pam-devel openssl-devel mariadb-devel

[root@localhost pam_mysql-0.7RC1]#  ./configure –prefix=/user/local/pam-mysql –with-openssl –with-mysql=/usr –with-pam=/usr –with-pam-mods-dir=/usr/lib64/security

[root@localhost pam_mysql-0.7RC1]#  make && make install

查看是否安裝成功：

[root@localhost ~]# ls /lib64/security/ |grep pam_mysql
pam_mysql.la
pam_mysql.so
在mariadb數據庫上創建虛擬用戶：

[root@localhost pam_mysql-0.7RC1]# systemctl start mariadb.service

[root@localhost ~]# mysql
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> use vsftpd
Database changed
MariaDB [vsftpd]> create table users(
    -> id int auto_increment not null primary key,
    -> name char(30) not null,
    -> password char(48) binary not null );
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('tom',password('magedu'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> insert into users (name,password) values ('jerry',password('magedu.com'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@localhost identified by 'magedu';
Query OK, 0 rows affected (0.01 sec)
MariaDB [vsftpd]> grant select on vsftpd.* to vsftpd@'127.0.0.1' identified by 'magedu';
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [vsftpd]> exit
Bye

創建虛擬用戶的映射用戶：

[root@localhost ~]# useradd -s /sbin/nologin -d /ftproot vuser

[root@localhost ~]# chmod go+rx /ftproot

[root@localhost ~]# chmod -w /ftproot
編輯vsftpd配置文件：
[root@localhost ~]# vim /etc/vsftpd//vsftpd.conf

anonymous_enable=YES 

local_enable=YES
write_enable=YES
anon_upload_enable=NO

chroot_local_user=YES
max_clients=200

anon_max_rate=512000

guest_enable=YES
guest_username=vuser
pam_service_name=vsftpd.mysql
啟動vsftpd服務：

[root@localhost ~]# systemctl start vsftpd.service
在另一臺主機上驗證：

[root@localhost ~]# ftp 192.168.1.120
Connected to 192.168.1.120 (192.168.1.120).
220 (vsFTPd 3.0.2)
Name (192.168.1.120:root): tom
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
共享數據庫：

[root@localhost ~]# vim /etc/exports

/mydata/data        192.168.1.0/24（rw）

[root@localhost ~]#exportfs -r