一、搭建php-fpm工作方式的LAMP环境,实现wordpress正常访问
系统环境:CentOS 7.2
安装包:httpd,mariadb-server,php-fpm,php-mysql
搭建步骤:
1、安装mariadb-server,并配置相关参数
[root@lampsrv ~]# yum install -y mariadb-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
Installed:
mariadb-server.x86_64 1:5.5.60-1.el7_5
Dependency Installed:
mariadb.x86_64 1:5.5.60-1.el7_5 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7
perl-DBI.x86_64 0:1.627-4.el7 perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
Dependency Updated:
mariadb-libs.x86_64 1:5.5.60-1.el7_5
Complete!
[root@lampsrv ~]# vi /etc/my.cnf.d/server.cnf
[root@lampsrv ~]# cat /etc/my.cnf.d/server.cnf
......
[mysqld]
skip_name_resolve=ON #跳过将IP反解为主机名
innodb_file_per_table=ON
......
[root@lampsrv ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@lampsrv ~]# systemctl start mariadb.service
[root@lampsrv ~]# mysql_secure_installation #数据库安全初始化
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
测试连接:
[root@lampsrv ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
创建wordpress数据库及其管理用户:
MariaDB [(none)]> CREATE DATABASE wp_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON wp_db.* TO 'wpuser'@'192.168.%.%' IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
测试wpuser用户登录数据库:
[root@lampsrv ~]# mysql -uwpuser -h192.168.112.128 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wp_db |
+--------------------+
2 rows in set (0.00 sec)
2、安装php-fpm、php-mysql,并启动服务
[root@lampsrv ~]# yum install -y php-fpm php-mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package php-fpm.x86_64 0:5.4.16-46.el7 will be installed
--> Processing Dependency: php-common(x86-64) = 5.4.16-46.el7 for package: php-fpm-5.4.16-46.el7.x86_64
......
Installed:
php-fpm.x86_64 0:5.4.16-46.el7 php-mysql.x86_64 0:5.4.16-46.el7
Dependency Installed:
libzip.x86_64 0:0.10.1-8.el7 php-common.x86_64 0:5.4.16-46.el7 php-pdo.x86_64 0:5.4.16-46.el7
Dependency Updated:
openssl.x86_64 1:1.0.2k-16.el7 openssl-libs.x86_64 1:1.0.2k-16.el7
Complete!
[root@lampsrv ~]# mkdir /var/lib/php/session
[root@lampsrv ~]# chown apache:apache /var/lib/php/session
[root@lampsrv ~]# ll -d /var/lib/php/session
drwxr-xr-x 2 apache apache 6 Dec 9 02:11 /var/lib/php/session
[root@lampsrv ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@lampsrv ~]# systemctl start php-fpm
3、安装httpd,并配置虚拟主机
[root@lampsrv ~]# yum install -y httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
......
Installed:
httpd.x86_64 0:2.4.6-88.el7.centos
Dependency Installed:
httpd-tools.x86_64 0:2.4.6-88.el7.centos mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@lampsrv ~]# mkdir /app/vhosts -pv
mkdir: created directory ‘/app’
mkdir: created directory ‘/app/vhosts’
[root@lampsrv ~]# vi /etc/httpd/conf.d/vhosts.conf
[root@lampsrv ~]# cat /etc/httpd/conf.d/vhosts.conf
DirectoryIndex index.php
<VirtualHost *:80>
ServerName www.mywp.com
DocumentRoot /app/vhosts/wordpress
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/app/vhosts/wordpress/$1
<Directory "/app/vhosts/wordpress">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
语法检查:
[root@lampsrv ~]# httpd -t
Syntax OK
4、下载并解压wordpress,并启动httpd服务:
[root@lampsrv ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
--2018-12-09 02:15:05-- https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
Resolving cn.wordpress.org (cn.wordpress.org)... 198.143.164.252
Connecting to cn.wordpress.org (cn.wordpress.org)|198.143.164.252|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9082696 (8.7M) [application/octet-stream]
Saving to: ‘wordpress-4.9.4-zh_CN.tar.gz’
100%[============================================================>] 9,082,696 399KB/s in 80s
2018-12-09 02:16:28 (112 KB/s) - ‘wordpress-4.9.4-zh_CN.tar.gz’ saved [9082696/9082696]
[root@lampsrv ~]# tar zxf wordpress-4.9.4-zh_CN.tar.gz -C /app/vhosts/
[root@lampsrv ~]# ll /app/vhosts/
total 4
drwxr-xr-x 5 nobody 65534 4096 Feb 7 2018 wordpress
防火墙放通http服务:
[root@lampsrv ~]# firewall-cmd --permanent --add-service=http
success
[root@lampsrv ~]# firewall-cmd --reload
success
启动httpd服务:
[root@lampsrv ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@lampsrv ~]# systemctl start httpd
验证测试:
测试访问主页:
image.png
测试OK!此时可根据页面提示信息,创建相应数据库配置文件:
[root@lampsrv ~]# cp /app/vhosts/wordpress/wp-config-sample.php /app/vhosts/wordpress/wp-config.php
[root@lampsrv ~]# vi /app/vhosts/wordpress/wp-config.php
主要修改连接数据库项:
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wp_db');
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'redhat');
/** MySQL主机 */
define('DB_HOST', '192.168.112.128');
image.png
image.png
image.png
image.png
image.png
image.png
搭建完成!
二、什么是DML?常用SQL举例,每个命令至少1个例子,最多不超过3个例子
DML:(Data Manipulation Language)数据操纵语言,主要用于管理表中的数据,实现数据的增(INSERT)、删(DELETE)、改(UPDATE)、查(SELECT)
SELECT
语法格式:
(1)SELECT * FROM tbl_name[,tbl_name_2];
返回指定表的所有数据;慎用(多表同时查询时为各表项数量相乘);
(2)SELECT col1,col2,... FROM tbl_name;
显示时,字段可以显示为别名;
col_name AS col_alias
(3)SELECT col1,... FROM tbl_name WHERE clause;
WHERE clause:用于指明挑选条件;
col_name操作符value;
age>30;
操作符(1):
>,<,>=,<=,==,!=
组合条件:
and
or
not
操作符(2):
BETWEEN ... AND ...
LIKE 'PATTERN'
通配符:
%:任意长度的任意字符;
_:任意单个字符;
RLIKE 'PATTERN'
正则表达式对字符串做模式匹配;
IS NULL
IS NOT NULL
(4)SELECT col1,... FROM tbl_name [WHERE clause] ORDER BY col_name,col_name2,... [ASC|DESC]
ASC:升序(默认);
DESC:降序;
(5)分组:
GROUP BY,为了聚合;
count(),sum(),avg(),max(),min()
HAVING:对聚合的结果做条件过滤;
示例:
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
1 row in set (0.00 sec)
MariaDB [wp_db]> SELECT ID,user_login AS username,user_pass AS password FROM wp_users WHERE ID=1;
+----+----------+------------------------------------+
| ID | username | password |
+----+----------+------------------------------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 |
+----+----------+------------------------------------+
1 row in set (0.00 sec)
INSERT
语法格式:
INSERT [INTO] tbl_name [(col1,...)] {VALUES|VALUE} (val1,...),(...),...
注意:
字符型:引号;
数值型:不能用引号;
示例:
MariaDB [wp_db]> INSERT INTO wp_users(ID,user_login,user_pass,user_email,display_name) VALUES(2,'user01',PASSWORD('redhat'),'user01@mywp.com','user01');
Query OK, 1 row affected (0.00 sec)
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
| 2 | user01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 | | user01@mywp.com | | 0000-00-00 00:00:00 | | 0 | user01 |
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
2 rows in set (0.00 sec)
UPDATE
语法格式:
UPDATE [LOW_PRIORITY] [IGNORE] table_reference SET col_name1=value1[,col_name2=value2]... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
示例:
MariaDB [wp_db]> UPDATE wp_users SET user_login='user_new01',user_email='user_new01@mywp.com' WHERE user_login='user01';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
| 2 | user_new01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 | | user_new01@mywp.com | | 0000-00-00 00:00:00 | | 0 | user01 |
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
DELETE
语法格式:(行删除)
DELETE FROM tbl_name [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
(1)DELETE FROM tbl_name WHERE where_condition
(2)DELETE FROM tbl_name [ORDER BY ...] [LIMIT row_count]
示例:
MariaDB [wp_db]> DELETE FROM wp_users WHERE ID=2;
Query OK, 1 row affected (0.01 sec)
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
1 row in set (0.00 sec)
三、简述ftp的主动和被动模式,并实现基于pam认证的vsftpd
ftp的两种模式
客户端通过与服务端TCP/21号端口建立通信连接后,使用两种模式协商建立数据连接:
主动模式:服务端打开TCP/20号端口,连接客户端建立通信连接使用的端口向后的第一个可用端口;
被动模式:服务端打开一个随机端口,通知并等待客户端连接;此种方式更为安全;
基于PAM认证的vsftpd
PAM:Pluggable Authenticate Module
vsftpd用户类别:
匿名用户:anonymous --> ftp,/var/ftp
系统用户:至少禁止系统用户访问ftp服务,/etc/vsftpd/ftpusers,PAM(/etc/pam.d/vsftpd);
虚拟用户:非系统用户,用户账号非为可登陆操作系统的用户账号(非/etc/passwd)
用户通过vsftpd服务访问到的默认路径,是用户自己的家目录;默认可以自己有权限访问的所有路径间切换;
也可禁锢用户于其家目录中;
示例:(MariaDB存储虚拟用户账号方式,且不同用户拥有不同权限)
1、安装基本vsftpd和MariaDB服务
[root@ftpsrv ~]# yum install -y vsftpd mariadb-server
......
配置MariaDB并启动服务:
[root@ftpsrv ~]# vi /etc/my.cnf.d/server.cnf
[root@ftpsrv ~]# cat /etc/my.cnf.d/server.cnf
......
# this is only for the mysqld standalone daemon
[mysqld]
skip_name_resolve=ON
innodb_file_per_table=ON
log_bin=mysql-bin
......
[root@ftpsrv ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@ftpsrv ~]# systemctl start mariadb
2、安装相关开发包(mariadb-devel,pam-devel),以及编译安装pam-mysql(需单独下载)
[root@ftpsrv ~]# yum install -y mariadb-devel pam-devel
[root@ftpsrv ~]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
--2018-12-09 03:55:02-- http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
Resolving prdownloads.sourceforge.net (prdownloads.sourceforge.net)... 216.105.38.13
Connecting to prdownloads.sourceforge.net (prdownloads.sourceforge.net)|216.105.38.13|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/pam-mysql/pam-mysql/0.7RC1/pam_mysql-0.7RC1.tar.gz [following]
......
HTTP request sent, awaiting response... 200 OK
Length: 335240 (327K) [application/x-gzip]
Saving to: ‘pam_mysql-0.7RC1.tar.gz’
100%[============================================================>] 335,240 47.5KB/s in 6.9s
2018-12-09 03:55:10 (47.5 KB/s) - ‘pam_mysql-0.7RC1.tar.gz’ saved [335240/335240]
[root@ftpsrv ~]# tar zxf pam_mysql-0.7RC1.tar.gz
[root@ftpsrv ~]# cd pam_mysql-0.7RC1
[root@ftpsrv pam_mysql-0.7RC1]# ./configure \
> --with-pam=/usr \
> --with-mysql=/usr \
> --with-pam-mods-dir=/usr/lib64/security
......
[root@ftpsrv pam_mysql-0.7RC1]# make && make install
......
3、创建虚拟账户,并配置vsftpd
[root@ftpsrv ~]# mkdir -pv /ftproot/pub
mkdir: created directory ‘/ftproot’
mkdir: created directory ‘/ftproot/pub’
[root@ftpsrv ~]# useradd -d /ftproot/vuser/ vuser
[root@ftpsrv ~]# chmod a-w /ftproot/vuser/
[root@ftpsrv ~]# mkdir /ftproot/vuser/{pub,upload}
[root@ftpsrv ~]# chown vuser:vuser /ftproot/vuser/{pub,upload}
[root@ftpsrv ~]# vi /etc/vsftpd/vsftpd.conf
[root@ftpsrv ~]# tail -4 /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.vusers
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vusers_config/
[root@ftpsrv ~]# touch /etc/vsftpd/vusers_config/user01
[root@ftpsrv ~]# vi /etc/vsftpd/vusers_config/user01
[root@ftpsrv ~]# touch /etc/vsftpd/vusers_config/user02
[root@ftpsrv ~]# vi /etc/vsftpd/vusers_config/user02
[root@ftpsrv ~]# cat /etc/vsftpd/vusers_config/user01
anon_upload_enable=YES
[root@ftpsrv ~]# cat /etc/vsftpd/vusers_config/user02
anon_upload_enable=YES
anon_mkdir_write_enable=YES
4、配置pam及数据库
[root@ftpsrv ~]# vi /etc/pam.d/vsftpd.vusers
[root@ftpsrv ~]# cat /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@ftpsrv ~]# mysql -uroot
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on vsftpd.* to 'vsftpd'@'127.0.0.1' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@ftpsrv ~]# mysql -uvsftpd -h127.0.0.1 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> USE vsftpd
Database changed
MariaDB [vsftpd]> CREATE TABLE users(id INT NOT NULL AUTO_INCREMENT UNIQUE KEY,name VARCHAR(30) NOT NULL PRIMARY KEY,password VARCHAR(48));
Query OK, 0 rows affected (0.11 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('user01',PASSWORD('redhat'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('user02',PASSWORD('Redhat'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> SELECT * FROM users;
+----+--------+-------------------------------------------+
| id | name | password |
+----+--------+-------------------------------------------+
| 1 | user01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
| 2 | user02 | *401420CA4F225391EEDD74EF17A0F4320C362208 |
+----+--------+-------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> quit
Bye
[root@ftpsrv ~]# systemctl restart vsftpd
[root@ftpsrv ~]# firewall-cmd --permanent --add-service=ftp
success
[root@ftpsrv ~]# firewall-cmd --reload
success
验证:
user02具有上传和创建目录权限:
[root@ftpsrv ~]# ftp 192.168.112.128
Connected to 192.168.112.128 (192.168.112.128).
220 (vsFTPd 3.0.2)
Name (192.168.112.128:root): user02
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> mkdir test01
257 "/upload/test01" created
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (192,168,112,128,59,218).
150 Ok to send data.
226 Transfer complete.
1244 bytes sent in 0.00176 secs (707.62 Kbytes/sec)
user01只有上传权限,无创建目录权限:
[root@ftpsrv ~]# ftp 192.168.112.128
Connected to 192.168.112.128 (192.168.112.128).
220 (vsFTPd 3.0.2)
Name (192.168.112.128:root): user01
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> mkdir test02
550 Permission denied.
ftp> put test02.txt
local: test02.txt remote: test02.txt
227 Entering Passive Mode (192,168,112,128,154,193).
150 Ok to send data.
226 Transfer complete.
516 bytes sent in 3.4e-05 secs (15176.47 Kbytes/sec)
四、简述NFS服务原理及配置
NFS,(Network File System)网络文件系统,是由SUN公司1984年发布的分布式文件系统协议,它允许客户端上的用户像访问本地文件一样访问网络上的文件;是一种专用于Linux与Linux主机之间实现文件共享的网络协议。
NFS原理简图
主要服务:nfsd,监听在TCP协议的2049号端口;
辅助类的服务:rpc,portmapper
rpc.mountd:认证;
rpc.locked:加锁;
rpc.statd:状态;
基本配置方法
Server——(需安装nfs-utils包)
1、定义输出目录及输出选项:
/etc/exports或/etc/exports.d/*
/PATH/TO/SOME_DIR Clients1(export_options,...) Client2(export_options,...)
clients:
single host:ipv4,ipv6,FQDN;
network:address/netmask,支持长短格式的掩码;
wildcards:主机名通配,例如:*.magedu.com;
netgroups:NIS域内的主机组;@group_name;
anonymous:使用*统配所有主机;
General Options:
ro:只读
rw:读写
sync:同步
async:异步
secure:客户端端口小于1024,否则就要使用insecure选项;
User ID Mapping:
root_squash:压缩root用户,一般指将其映射为nfsnobody;
no_root_squash:不压缩root用户;
all_squash:压缩所有用户;
anonuid and anongid:将压缩的用户映射为此处指定的用户;
2、使用exportfs命令导出nfs共享目录
exportfs:
-r:重新导出;
-a:所有文件系统;
-v:详细信息;
-u:取消导出文件系统;
Client——(挂载nfs目录)
3、使用showmount命令查看Server端导出的nfs文件系统及相关信息
showmount - show mount information for an NFS server
showmount -e NFS_SERVER_IP:查看指定的nfs server上导出的所有文件系统;
showmount -a:在nfs server上查看nfs服务的所有客户端列表;
4、挂载nfs文件系统
mount -t nfs servername:/path/to/share /path/to/mount_point [-rvVwfnsh] [-o options]
实用示例:
1、服务端配置:
安装相关包:
[root@nfssrv ~]# yum install -y nfs-utils
......
Installed:
nfs-utils.x86_64 1:1.3.0-0.21.el7
Dependency Installed:
gssproxy.x86_64 0:0.4.1-7.el7 keyutils.x86_64 0:1.5.8-3.el7
libbasicobjects.x86_64 0:0.1.1-25.el7 libcollection.x86_64 0:0.6.2-25.el7
libevent.x86_64 0:2.0.21-4.el7 libini_config.x86_64 0:1.2.0-25.el7
libnfsidmap.x86_64 0:0.25-12.el7 libpath_utils.x86_64 0:0.2.1-25.el7
libref_array.x86_64 0:0.1.5-25.el7 libtalloc.x86_64 0:2.1.2-1.el7
libtevent.x86_64 0:0.9.25-1.el7 libtirpc.x86_64 0:0.2.4-0.6.el7
libverto-tevent.x86_64 0:0.2.5-4.el7 quota.x86_64 1:4.01-11.el7
quota-nls.noarch 1:4.01-11.el7 rpcbind.x86_64 0:0.2.0-32.el7
tcp_wrappers.x86_64 0:7.6-77.el7
Complete!
[root@nfssrv ~]# mkdir /nfsshare
[root@nfssrv ~]# vi /etc/exports
配置导出目录及选项:
[root@nfssrv ~]# cat /etc/exports
/nfsshare *(rw,sync,root_squash)
[root@nfssrv ~]# exportfs -rvv
exporting *:/nfsshare
启动相关服务及配置开机自启:
[root@nfssrv ~]# systemctl start rpcbind nfs-server
[root@nfssrv ~]# systemctl enable rpcbind nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
防火墙放通服务:
[root@nfssrv ~]# firewall-cmd --permanent --add-service=nfs
success
[root@nfssrv ~]# firewall-cmd --permanent --add-service=mountd
success
[root@nfssrv ~]# firewall-cmd --reload
success
查看输出的目录:
[root@nfssrv ~]# showmount -e 192.168.112.128
Export list for 192.168.112.128:
/nfsshare *
2、客户端挂载nfs目录:
[root@client01 ~]# mount -t nfs 192.168.112.128:/nfsshare /mnt/nfsshare/
[root@client01 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.8G 1.5G 6.4G 19% /
devtmpfs devtmpfs 903M 0 903M 0% /dev
tmpfs tmpfs 913M 0 913M 0% /dev/shm
tmpfs tmpfs 913M 8.6M 904M 1% /run
tmpfs tmpfs 913M 0 913M 0% /sys/fs/cgroup
/dev/loop0 iso9660 4.1G 4.1G 0 100% /mnt/iso
/dev/sda1 xfs 197M 109M 88M 56% /boot
tmpfs tmpfs 183M 0 183M 0% /run/user/0
192.168.112.128:/nfsshare nfs4 7.8G 1.5G 6.4G 19% /mnt/nfsshare
五、简述samba服务,并实现samba配置
Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。在NetBIOS出现之后,Microsoft就使用NetBIOS实现了一个网络文件/打印服务系统,这个系统基于NetBIOS设定了一套文件共享协 议,Microsoft称之为SMB(Server Message Block)协议。这个协议被Microsoft用于它们Lan Manager和Windows NT服务器系统中,而Windows系统均包括这个协议的客户软件,因而这个协议在局域网系统中影响很大。
随着Internet的流行,Microsoft希望将这个协议扩展到Internet上去,成为Internet上计算机之间相互共享数据的一种标 准。因此它将原有的几乎没有多少技术文档的SMB协议进行整理,重新命名为CIFS(Common Internet File System),并打算将它与NetBIOS相脱离,试图使它成为Internet上的一个标准协议。
功能:
1、文件系统共享;
2、打印机共享;
3、支持NetBIOS协议
程序环境:
服务端程序包:samba,samba-common,samba-libs
Server and Client software to interoperate with Windows machines.
主配置文件:/etc/samba/smb.conf,由samba-common包提供;
主程序:
nmbd:NetBIOS name server
smbd:SMB/CIFS services
Unit File:
smb.service
nmb.service
监听的端口:
137/udp,138/udp
139/tcp,445/tcp
samba的配置:
两类配置段:
全局配置
[global]
Network-Related Options
workgroup =
server string =
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 192.168.12. 192.168.13.
Logging Options
log file = /var/log/samba/log.%m
max log size = 50
Standalone Server Options
security = user
设定安全级别:取值有四个;
share:匿名共享;
user:使用samba服务自我管理的账号和密码进行用户认证;用户必须是系统用户,但密码非为/etc/shadow中的密码,而由samba自行管理的文件,其密码文件的格式由passdbbackend进行定义;
server:由第三方服务进行统一认证;
domain:使用DC进行认证;基于Kerberos协议进行;
passdb backend =tdbsam
Printing Options
load printers = yes
cups options = raw
共享文件系统配置
[SHARED_NAME]
有三类:
[homes]:为每个samba用户定义其是否能够通过samba服务访问自己的家目录;
[printers]:定义打印服务;
[shared_fs]:定义共享的文件系统;
常用指令:
comment:注释信息;
path:当前共享所映射的文件系统路径;
browseable:是否可浏览,指是否可被用户查看;
guest ok:是否允许来宾账号访问;
public:是否公开所有用户;
writable:是否可写;
write list:拥有写权限的用户列表;
用户名
@组名
+组名
配置文件语法检查:testpam
samba用户管理:
smbpasswd
smbpasswd [options] USERNAME
-a:添加
-x:删除
-d:禁用
-e:启用
pdbedit
-L:列出samba服务中的所有用户
-a,--create:添加用户为samba用户;
-u,--user=USER:要管理的用户;
-x,--delete:删除用户;
-t,--password-from-stdin:从标准输入接收字符串作为用户密码;
使用空提示符,而后将密码输入两次;
查看服务器端的共享:
smbclient -L SMB_SERVER [-U USERNAME]
交互式文件访问:
smbclient //SMB_SERVER/SHARE_NAME -o username=USERNAME,password=PASSWORD
注意:挂载操作的用户,与-o选项中指定用户直接产生映射关系;
此时,访问挂载点,是以-o选型中的username指定的用户身份进行;本地用户对指定路径的访问,首先得拥有对应本地文件系统的权限;
smbstatus命令:
显示samba服务的相关共享的状态访问信息;
-b:显示简要格式信息;
-v:显示详细格式信息;
实用示例:
1、服务端配置:
安装软件包:
[root@smbsrv ~]# yum install -y cifs-utils samba
......
Installed:
cifs-utils.x86_64 0:6.2-7.el7 samba.x86_64 0:4.2.3-10.el7
Dependency Installed:
cups-libs.x86_64 1:1.6.3-22.el7 libldb.x86_64 0:1.1.20-1.el7
libtdb.x86_64 0:1.3.6-2.el7 libwbclient.x86_64 0:4.2.3-10.el7
pytalloc.x86_64 0:2.1.2-1.el7 samba-client-libs.x86_64 0:4.2.3-10.el7
samba-common.noarch 0:4.2.3-10.el7 samba-common-libs.x86_64 0:4.2.3-10.el7
samba-common-tools.x86_64 0:4.2.3-10.el7 samba-libs.x86_64 0:4.2.3-10.el7
Complete!
配置smb/cifs共享目录,及共享选项:
[root@smbsrv ~]# vi /etc/samba/smb.conf
......
[global]
workgroup = MYGROUP
server string = My Samba Server
netbios name = MYSERVER
hosts allow = 127. 192.168.112.
#============================ Share Definitions ==============================
......
[smbshare]
comment = Comman Files
path = /smbshare
public = yes
writable = yes
write list = @smbshare
添加smbshare组,用于专用共享组
[root@smbsrv ~]# groupadd smbshare
[root@smbsrv ~]# useradd -s /sbin/nologin -g smbshare smbuser01
[root@smbsrv ~]# smbpasswd -a smbuser01
New SMB password:
Retype new SMB password:
Added user smbuser01.
[root@smbsrv ~]# mkdir /smbshare
[root@smbsrv ~]# chown :smbshare /smbshare
[root@smbsrv ~]# ll -d /smbshare
drwxr-xr-x 2 root smbshare 6 Dec 16 09:55 /smbshare
配置samba服务开机自启及启动服务:
[root@smbsrv ~]# systemctl enable smb nmb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/nmb.service to /usr/lib/systemd/system/nmb.service.
[root@smbsrv ~]# ^enable^start
systemctl start smb nmb
防火墙放通服务:
[root@smbsrv ~]# firewall-cmd --permanent --add-service=samba
success
[root@smbsrv ~]# firewall-cmd --reload
success
2、客户端挂载smb/cifs共享目录:
[root@client01 ~]# mount -t cifs -o username=smbuser01,password=redhat //192.168.112.128/smbshare /mnt/smbshare/
[root@client01 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.8G 1.5G 6.4G 19% /
devtmpfs devtmpfs 903M 0 903M 0% /dev
tmpfs tmpfs 913M 0 913M 0% /dev/shm
tmpfs tmpfs 913M 8.6M 904M 1% /run
tmpfs tmpfs 913M 0 913M 0% /sys/fs/cgroup
/dev/loop0 iso9660 4.1G 4.1G 0 100% /mnt/iso
/dev/sda1 xfs 197M 109M 88M 56% /boot
tmpfs tmpfs 183M 0 183M 0% /run/user/0
192.168.112.128:/nfsshare nfs4 7.8G 1.5G 6.4G 19% /mnt/nfsshare
//192.168.112.128/smbshare cifs 7.8G 1.5G 6.4G 19% /mnt/smbshare
权限测试:
测试1
[root@client01 ~]# touch /mnt/smbshare/smbuser01.txt
touch: cannot touch ‘/mnt/smbshare/smbuser01.txt’: Permission denied
可以看出,此时无写权限,虽客户端挂载时使用smbuser01用户是属于服务端smbshare组,在samba服务配置文件中有写权限,但是smbshare组对于服务端/smbshare目录并无写权限,故报错;
服务端修改权限:
[root@smbsrv ~]# chmod 775 /smbshare/
客户端再次创建文件:
[root@client01 ~]# touch /mnt/smbshare/smbuser01.txt
[root@client01 ~]# ll /mnt/smbshare/
total 0
-rw-r--r-- 1 1000 1000 0 Dec 16 10:30 smbuser01.txt
此时拥有写权限。
