搭建php-fpm工作方式的LAMP環(huán)境鳖谈,實(shí)現(xiàn)wordpress正常訪問(wèn)
centos6對(duì)于hph-fpm需要自行編譯安裝,centos7則源生支持,以下使用一臺(tái)虛擬機(jī)來(lái)搭建LAMP環(huán)境,并實(shí)現(xiàn)wordpress功能.步驟如下:
1. 安裝mariadb服務(wù)并配置文件:
- 安裝服務(wù):
[root@localhost ~]# yum -y install mariadb-server.x86_64
....
Dependency Installed:
mariadb.x86_64 1:5.5.56-2.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7
Complete!
- 配置文件:/etc/my.cnf.d/server.cnf
[root@localhost ~]# vim /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
# this is only for embedded server
[embedded]
skip_name_resove=ON #加入這個(gè),取消名字解析
innodb_file_per_table=ON #innodb使用單獨(dú)的表
# This group is only read by MariaDB-5.5 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mysqld-5.5]
"/etc/my.cnf.d/server.cnf" 29L, 788C
- 檢驗(yàn)服務(wù):
[root@localhost ~]# systemctl start mariadb.service
[root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 50 *:3306 *:* #3306使命服務(wù)啟動(dòng)了
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# vim /etc/my.cnf.d/server.cnf
- 服務(wù)初始化啟動(dòng)選項(xiàng):
[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y #是否設(shè)置root用戶
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #是否移除虛擬用戶
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否運(yùn)行root遠(yuǎn)程登錄
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n #是否刪除test表
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #是否重新加載基本表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB! #出現(xiàn)提示說(shuō)明配置完成.
2. 安裝php-fpm:
- 安裝服務(wù):
[root@localhost ~]# yum -y install php-mysql php-fpm.x86_64 php-mbstring.x86_64
......
Installed:
php-fpm.x86_64 0:5.4.16-43.el7_4.1 php-mbstring.x86_64 0:5.4.16-43.el7_4.1
php-mysql.x86_64 0:5.4.16-43.el7_4.1
Dependency Installed:
libzip.x86_64 0:0.10.1-8.el7 php-common.x86_64 0:5.4.16-43.el7_4.1
php-pdo.x86_64 0:5.4.16-43.el7_4.1
Complete!
#php-mysql 連接mysql服務(wù)的接口
#php-mbstring.x86_64 支持多字節(jié)的模塊
- 配置文件:
主配置文件:/etc/php-fpm.conf和/etc/php-fpm.d/.conf
環(huán)境配置文件:/etc/php.ini, /etc/php.d/.ini
[root@localhost php-fpm.d]# vim www.conf
; Start a new pool named 'www'.
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1 #等待請(qǐng)求的隊(duì)列,-1表示無(wú)限制
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any # ';'號(hào)表示注釋
listen.allowed_clients = 127.0.0.1 #運(yùn)行訪問(wèn)的客戶端地址
...省略...
ping.path = /ping #把這個(gè)啟動(dòng)起來(lái)
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
ping.response = pong #同上
...省略...
; Set session path to a directory owned by process user
php_value[session.save_handler] = files #設(shè)置會(huì)話文件及下面的路徑
php_value[session.save_path] = /var/lib/php/session #默認(rèn)不存在,創(chuàng)建之,用戶組改成使用該模塊的系統(tǒng)用戶apache
------------分割線------------
[root@localhost php-fpm.d]# mkdir /var/lib/php/session -pv
mkdir: created directory ‘/var/lib/php/session’
[root@localhost php-fpm.d]# chown apache:apache /var/lib/php/session/
[root@localhost php-fpm.d]#
- 啟動(dòng)服務(wù):
[root@localhost php-fpm.d]# systemctl start php-fpm.service
[root@localhost php-fpm.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:* #說(shuō)明服務(wù)已經(jīng)啟動(dòng)并監(jiān)聽(tīng)
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
3. 安裝httpd:
- 安裝服務(wù):
[root@localhost php-fpm.d]# yum -y install httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: centos.ustc.edu.cn
Package httpd-2.4.6-67.el7.centos.6.x86_64 already installed and latest version
Nothing to do
- 查看fgci模塊:
[root@localhost php-fpm.d]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared) #沒(méi)有這個(gè)模塊無(wú)法與客戶端通信的
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
systemd_module (shared)
cgi_module (shared)
- 配置文件:添加/etc/httpd/conf.d/fcgi.conf
[root@localhost php-fpm.d]# mkdir -pv /date/www/html
mkdir: created directory ‘/date’
mkdir: created directory ‘/date/www’
mkdir: created directory ‘/date/www/html’
----------------分割線----------------
[root@localhost php-fpm.d]# vim /etc/httpd/conf.d/fcgi.conf
DirectoryIndex index.php #默認(rèn)主頁(yè)
<VirtualHost *:80>
ServerName www.magedu.net
DocumentRoot /date/www/html #要?jiǎng)?chuàng)建這個(gè)目錄
ProxyRequests Off #關(guān)閉正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/date/www/html/$1 #與上面的目錄路徑一致
#如果用戶請(qǐng)求的匹配.php結(jié)尾的文件就反代到/var/www/html/$1 目錄下.$1代表(.*\.php)
<Directory "/date/www/html">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
~
~
~
~
~
~
~
~
~
~
"/etc/httpd/conf.d/fcgi.conf" 12L, 313C
:wq
----------------分割線----------------
[root@localhost php-fpm.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
- 創(chuàng)建測(cè)試頁(yè)面:/date/www/html/index.php
[root@localhost php-fpm.d]# vim /date/www/html/index.php
<?php
phpinfo();
?>
~
~
:wq
php-fpm安裝成功.png
php-fpm安裝成功,圖中顯示為FPM格式的php
4. 安裝wordpress:
- 下載解壓wordpress:
[root@localhost php-fpm.d]# tar xf /root/wordpress-4.9.4-zh_CN.tar.gz
[root@localhost php-fpm.d]# ls /root/
anaconda-ks.cfg epel-7.repo Pictures wordpress-4.9.4-zh_CN.tar.gz
Desktop File Explorer.lnk Public wordpress-4.9.4-zh_CN.zip
Documents initial-setup-ks.cfg Templates
Downloads Music Videos
- 刪除主頁(yè)文件,將wordpress目錄下在文件cp到主頁(yè)目錄中
[root@localhost php-fpm.d]# rm -rf /date/www/html/index.php
[root@localhost php-fpm.d]# cp -a wordpress/* /date/www/html/
wordpress頁(yè)面.png
出現(xiàn)這個(gè)頁(yè)面就成功了一般,按頁(yè)面提示來(lái)操作即可以
- 設(shè)置數(shù)據(jù)庫(kù)權(quán)限并創(chuàng)建數(shù)據(jù)庫(kù):
[root@localhost php-fpm.d]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input st
MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'wpuser'@'%' IDENTIFIED BY 'wppass';
Query OK, 0 rows affected (0.42 sec)
MariaDB [(none)]> CREATE DATABASE wordpress; #創(chuàng)建wordpress數(shù)據(jù)庫(kù)
Query OK, 1 row affected (0.00 sec)
*復(fù)制httpd主頁(yè)目錄下wp-config-sample.php并配置
[root@localhost html]# cp wp-config-sample.php wp-config.php #配置文件名稱不要改其他的,會(huì)報(bào)錯(cuò)
[root@localhost html]# vim wp-config.php
/**#@+
* 身份認(rèn)證密鑰與鹽架曹。
*
* 修改為任意獨(dú)一無(wú)二的字串垂蜗!
* 或者直接訪問(wèn){@link https://api.wordpress.org/secret-key/1.1/salt/
* WordPress.org密鑰生成服務(wù)}
* 任何修改都會(huì)導(dǎo)致所有cookies失效德挣,所有用戶將必須重新登錄钓辆。
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
/**
* WordPress數(shù)據(jù)表前綴穆壕。
*
* 如果您有在同一數(shù)據(jù)庫(kù)內(nèi)安裝多個(gè)WordPress的需求,請(qǐng)為每個(gè)WordPress設(shè)置
* 不同的數(shù)據(jù)表前綴招拙。前綴名只能為數(shù)字、字母加下劃線措译。
*/
$table_prefix = 'wp_';
* * ABSPATH
*
* @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php
*
* @package WordPress
*/
// ** MySQL 設(shè)置 - 具體信息來(lái)自您正在使用的主機(jī) ** //
/** WordPress數(shù)據(jù)庫(kù)的名稱 */
define('DB_NAME', 'wordpress'); #改為數(shù)據(jù)庫(kù)的名稱
/** MySQL數(shù)據(jù)庫(kù)用戶名 */
define('DB_USER', 'wpuser'); #改為數(shù)據(jù)庫(kù)用戶名
/** MySQL數(shù)據(jù)庫(kù)密碼 */
define('DB_PASSWORD', 'wppass'); #數(shù)據(jù)庫(kù)的密碼
/** MySQL主機(jī) */
define('DB_HOST', 'localhost'); #允許訪問(wèn)的主機(jī)地址
/** 創(chuàng)建數(shù)據(jù)表時(shí)默認(rèn)的文字編碼 */
define('DB_CHARSET', 'utf8');
/** 數(shù)據(jù)庫(kù)整理類型别凤。如不確定請(qǐng)勿更改 */
define('DB_COLLATE', '');
/**#@+
* 身份認(rèn)證密鑰與鹽。
*
...省略...
:wq
*刷新頁(yè)面登錄wordpress:
wordpress頁(yè)面.png
點(diǎn)擊現(xiàn)在就開(kāi)始
出現(xiàn)安裝界面.png
點(diǎn)擊安裝wordpress
wordpress安裝成功.png
點(diǎn)擊登陸
wordpress用戶登錄.png
填寫登陸信息并登錄
wordpress的界面.png
最終登陸界面,大功告成.
什么是DML领虹?常用SQL舉例规哪,每個(gè)命令至少1個(gè)例子,最多不超過(guò)3個(gè)例子
DML:數(shù)據(jù)操縱語(yǔ)言(Data Manipulation Language, DML)是SQL語(yǔ)言中塌衰,負(fù)責(zé)對(duì)數(shù)據(jù)庫(kù)對(duì)象運(yùn)行數(shù)據(jù)訪問(wèn)工作的指令集诉稍,以INSERT、UPDATE最疆、DELETE杯巨、SELECT,分別代表插入努酸、更新服爷、刪除與查詢,是開(kāi)發(fā)以數(shù)據(jù)為中心的應(yīng)用程序必定會(huì)使用到的指令
獲取命令幫助:
mysql> help KEYWORD
MariaDB [(none)]> help SHOW
Name: 'SHOW'
Description:
SHOW has many forms that provide information about databases, tables,
columns, or status information about the server. This section describes
those following:
SHOW AUTHORS
SHOW {BINARY | MASTER} LOGS
SHOW BINLOG EVENTS [IN 'log_name'] [FROM pos] [LIMIT [offset,] row_count]
SHOW CHARACTER SET [like_or_where]
SHOW COLLATION [like_or_where]
SHOW [FULL] COLUMNS FROM tbl_name [FROM db_name] [like_or_where]
SHOW CONTRIBUTORS
SHOW CREATE DATABASE db_name
SHOW CREATE EVENT event_name
SHOW CREATE FUNCTION func_name
...省略...
-
INSERT :插入
INSERT [INTO] tbl_name [(col1,...)] {VALUES|VALUE} (val1, ...),(...),... 一個(gè)()表示一行,tbl_name如果不給出則沒(méi)一個(gè)表都插入 注意: 字符型:引號(hào) 數(shù)值型:不能用引號(hào)
MariaDB [test]> INSERT INTO mage(id,name) VALUES(2,'hoho');
Query OK, 1 row affected (0.32 sec)
MariaDB [test]> INSERT INTO mage(id,name) VALUES(3,'maha');
Query OK, 1 row affected (0.01 sec)
-
SELECT:查詢
(1) SELECT * FROM tbl_name; #從tbl_name中查詢所有 (2) SELECT col1, col2, ... FROM tbl_name; 顯示時(shí)获诈,字段可以顯示為別名:col_name AS col_alias (3) SELECT col1, ... FROM tbl_name WHERE clause; WHERE clause:用于指明挑選條件仍源; col_name 操作符 value: age > 30; 操作符(1) : >, <, >=, <=, ==, != 組合條件: and or not 操作符(2) : BETWEEN ... AND ... LIKE 'PATTERN' 通配符: %:任意長(zhǎng)度的任意字符 _:任意單個(gè)字符; RLIKE 'PATTERN' 正則表達(dá)式對(duì)字符串做模式匹配 IS NULL IS NOT NULL (4) SELECT col1, ... FROM tbl_name [WHERE clause] ORDER BY col_name, col_name2, ... [ASC|DESC]; ASC: 升序舔涎; DESC: 降序笼踩;
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 1 | haha |
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
4 rows in set (0.00 sec)
--------------分割線--------------
MariaDB [test]> SELECT id FROM mage WHERE id < 2;
+------+
| id |
+------+
| 1 |
+------+
1 row in set (0.00 sec)
-
DELETE:刪除
DELETE FROM tbl_name [WHERE where_condition] [ORDER BY ...] [LIMIT row_count] (1) DELETE FROM tbl_name WHERE where_condition (2) DELETE FROM tbl_name [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> DELETE FROM mage WHERE id = 1;
Query OK, 1 row affected (0.34 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
3 rows in set (0.00 sec)
--------------分割線--------------
MariaDB [test]> DELETE FROM mage WHERE name = 'maha';
Query OK, 2 rows affected (0.33 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
+------+------+
1 row in set (0.00 sec)
-
UPDATE:更新
UPDATE [LOW_PRIORITY] [IGNORE] table_reference SET col_name1=value1 [, col_name2=value2] ... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 2 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET id=4 WHERE name = 'hoho';
Query OK, 2 rows affected (0.29 sec)
Rows matched: 2 Changed: 2 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 4 | hoho |
| 4 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
--------------分割線--------------
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 3 | maha |
| 1 | haha |
+------+------+
2 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET name='lalala' WHERE id < 2;
Query OK, 1 row affected (0.29 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+--------+
| id | name |
+------+--------+
| 3 | maha |
| 1 | lalala |
+------+--------+
2 rows in set (0.01 sec)
簡(jiǎn)述ftp的主動(dòng)和被動(dòng)模式,并實(shí)現(xiàn)基于pam認(rèn)證的vsftpd
- 主動(dòng)模式:
數(shù)據(jù)傳輸連接由服務(wù)器主動(dòng)創(chuàng)建,客戶端先隨機(jī)一個(gè)端口N,用這個(gè)的端口連接服務(wù)器的21端口來(lái)完成命令連接的建立,之后服務(wù)器以tcp的20端口主動(dòng)連接客戶端的N+1端口來(lái)進(jìn)行數(shù)據(jù)傳輸連接.
- 被動(dòng)模式:
數(shù)據(jù)傳輸連接由客戶端的某個(gè)隨機(jī)端口去連接服務(wù)器的某個(gè)端口,命令連接的方式與主動(dòng)連接方式一致,完成連接之后服務(wù)器會(huì)告訴客戶端連接的端口M,于是客戶端的N+1端口連接服務(wù)器的M端口來(lái)進(jìn)行數(shù)據(jù)傳輸?shù)倪B接.
-
ftp的一些常用配置信息:
配置文件路徑在:/etc/vsftpd/vsftpd.conf匿名用戶: anonymous_enable=YES #是否開(kāi)啟匿名用戶 anon_upload_enable=YES #是否具有上傳權(quán)限 anon_mkdir_write_enable=YES #是否可以創(chuàng)建目錄 anon_other_write_enable=YES #除了寫權(quán)限是否可以刪除修改服務(wù)器上的其他文件 anon_umask=077 #文件的掩碼權(quán)限 系統(tǒng)用戶: local_enable=YES #是否啟用本地用戶 write_enable=YES #是否具有可寫權(quán)限 local_umask=022 #文件的掩碼權(quán)限 userlist_enable=YES #啟用/etc/vsftpd/user_list文件來(lái)控制可登錄用戶 userlist_deny= YES:意味著此為黑名單 NO:白名單(名單中的用戶才能登陸) chroot_local_user=YES 禁錮所有本地用戶 于其家目錄之中亡嫌;(需要事先去除用戶對(duì)家目錄的寫權(quán)限) chroot_list_enable=YES #啟用家目錄禁錮列表功能 chroot_list_file=/etc/vsftpd/chroot_list 禁錮列表中文件存在的用戶于其家目錄中嚎于;(需要事先去除用戶對(duì)家目錄的寫權(quán)限)
pam:
可插入式認(rèn)證模塊,高度模塊化,可以查詢系統(tǒng)的認(rèn)證模塊.
[root@localhost ~]# rpm -ql pam | grep so
/etc/security/console.apps
/etc/security/console.handlers
/etc/security/console.perms
/etc/security/console.perms.d
/usr/lib64/libpam.so.0
/usr/lib64/libpam.so.0.83.1
/usr/lib64/libpam_misc.so.0
/usr/lib64/libpam_misc.so.0.82.0
/usr/lib64/libpamc.so.0
/usr/lib64/libpamc.so.0.82.1
/usr/lib64/security/pam_access.so
/usr/lib64/security/pam_chroot.so
/usr/lib64/security/pam_console.so
/usr/lib64/security/pam_cracklib.so
/usr/lib64/security/pam_debug.so
/usr/lib64/security/pam_deny.so
---------------------分割線---------------------
[root@localhost ~]# ls /etc/pam.d/
atd login smartcard-auth-ac
chfn other smtp
chsh passwd smtp.postfix
config-util password-auth sshd
crond password-auth-ac su
cups pluto sudo
fingerprint-auth polkit-1 sudo-i
fingerprint-auth-ac postlogin su-l
gdm-autologin postlogin-ac system-auth
gdm-fingerprint ppp system-auth-ac
gdm-launch-environment remote systemd-user
gdm-password runuser vlock
gdm-pin runuser-l vmtoolsd
gdm-smartcard setup xserver
liveinst smartcard-auth
虛擬用戶模式登錄ftp所用到的用戶不是系統(tǒng)本地用戶,這些虛擬用戶只能對(duì)ftp服務(wù)器中的文件有寫權(quán)限而不能對(duì)系統(tǒng)中的其他資源有訪問(wèn)權(quán)限,提高了安全性.這是又就使用pam模塊了做認(rèn)證.
- 創(chuàng)建用戶帳號(hào)密碼文件:
[root@localhost ~]# vim /etc/vsftpd/vuser.list
magedu1
123456
magedu2
654321
~
:wq
- 將用戶密碼文件加密成數(shù)據(jù)庫(kù)文件:
[root@localhost ~]# yum -y install db4-utils #安裝轉(zhuǎn)換工具db4
...忽略...
Verifying : libdb4-utils-4.8.30-13.el7.x86_64 1/2
Verifying : libdb4-4.8.30-13.el7.x86_64 2/2
Installed:
libdb4-utils.x86_64 0:4.8.30-13.el7
Dependency Installed:
libdb4.x86_64 0:4.8.30-13.el7
Complete!
----------------分割線----------------
[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db # 轉(zhuǎn)換文件
----------------分割線----------------
[root@localhost ~]# chmod 600 /etc/vsftpd/vuser.* #修改密碼文件,保證安全性
[root@localhost ~]# ll /etc/vsftpd/vuser.*
-rw-------. 1 root root 12288 May 3 23:48 /etc/vsftpd/vuser.db
-rw-------. 1 root root 31 May 3 23:41 /etc/vsftpd/vuser.list
- 創(chuàng)建FTP根目錄及映射的虛擬用戶:
[root@localhost ~]# mkdir /var/ftproot
----------------分割線----------------
[root@localhost ~]# useradd -d /var/ftproot/ -s /sbin/nologin virtual
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
----------------分割線----------------
[root@localhost ~]# chmod 755 /var/ftproot/ #修改根目錄權(quán)限
- 創(chuàng)建pam認(rèn)證:
[root@localhost ~]# vim /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
auth required pam_userdb.so db=/etc/vsftpd/vuser #加入最后兩行
account required pam_userdb.so db=/etc/vsftpd/vuser #文件后綴不能帶
~
:wq
- 配置/etc/vsftpd/vsftpd.conf文件:
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO #這里改成NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
...省略...
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES #允許虛擬用戶登錄
guest_username=virtual #虛擬用戶名字
pam_service_name=vsftpd #虛擬用戶的pam文件名稱
virtual_use_local_privs=YES #開(kāi)啟虛擬用戶功能
user_config_dir=/etc/vsftpd/vusers_dir #虛擬用戶的配置目錄,需要自己創(chuàng)建
:wq
*創(chuàng)建虛擬用戶的目錄文件并配置:
[root@localhost ~]# mkdir /etc/vsftpd/vusers_dir
[root@localhost ~]# cd /etc/vsftpd/vusers_dir
[root@localhost vusers_dir]# touch magedu1 magedu2
[root@localhost vusers_dir]# vim magedu2
anon_upload_enable=YES
anon_mkdir_enable=YES
:wq
- 重啟服務(wù)并測(cè)試:
[root@localhost vusers_dir]# systemctl restart vsftpd
[root@localhost vusers_dir]# lftp -u virtual 192.168.1.108
Password:
lftp virtual@192.168.1.108:~>
簡(jiǎn)述NFS服務(wù)原理及配置
NFS是網(wǎng)絡(luò)文件系統(tǒng),NFS能夠通過(guò)片網(wǎng)絡(luò)實(shí)現(xiàn)在不同主機(jī)之間彼此資源的共享.NFS主要借助RPC(遠(yuǎn)程過(guò)程調(diào)用)來(lái)實(shí)現(xiàn)文件分享,NFS的配置文件及格式用法如下:
- 服務(wù)端配置:
/etc/exports或/etc/exports.d/*
/PATH/TO/SOME_DIR clients1(export_options, ...) clients2(export_options, ...)
clients:
single host:ipv4, ipv6, FQDN
network:address/netmask掘而, 支持長(zhǎng)短格式的掩碼
wildcards:主機(jī)名通配,例如:*.magedu.com
netgroups:NIS域內(nèi)的主機(jī)組匾旭;@group_name
anonymous:使用*通配所有主機(jī)镣屹;
常用 Options:
ro:只讀方式讀取數(shù)據(jù)
rw:讀寫
sync:同步
async:異步
secure:客戶端端口小于1024,否則就要使用insecure選項(xiàng)
User ID Mapping:
root_squash:壓縮root用戶价涝,一般指將其映射為nfsnobody
no_root_squash:不壓縮root用戶,允許root用戶訪問(wèn)掛載的NFS卷
all_squash:壓縮所有用戶
anonuid and anongid:將壓縮的用戶映射為此處指定的用戶
*客戶端配置:
NFS 客戶端:
mount -t nfs servername:/path/to/share /path/to/mount_point [-rvVwfnsh ] [-o options]
showmount -顯示NFS掛載點(diǎn)信息
showmount -e NFS_SERVER_IP: 查看指定的nfs server上導(dǎo)出的所有文件系統(tǒng)
showmount -a:在nfs server上查看nfs服務(wù)的所有客戶端列表
exportfs:
-r:重新導(dǎo)出
-a:所有文件系統(tǒng)
-v:詳細(xì)信息
-u:取消導(dǎo)出文件系統(tǒng)
# exportfs -ar
# exportfs -au
因?yàn)镹FS依賴RPC服務(wù),所以安裝NFS時(shí)要先安裝rpcbind服務(wù).下面演示一下NFS文件分享.
1.在服務(wù)端配置:
*安裝服務(wù):
[root@localhost ~]# yum -y install nfs-utils.x86_64
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
...省略...
Updated:
nfs-utils.x86_64 1:1.3.0-0.48.el7_4.2
Complete!
[root@localhost ~]# yum -y install rpcbind
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package rpcbind-0.2.0-42.el7.x86_64 already installed and latest version
Nothing to do
- 創(chuàng)建分享目錄:
[root@localhost ~]# mkdir /tmp/test
*配置文件:
[root@localhost ~]# vim /etc/exports
/tmp/test 192.168.1.105(rw,sync,no_root_squash)
~
~
#/tmp/test 分享目錄, 192.168.1.105 :分享的客戶端
# (rw,sync,no_root_squash) 客戶端用戶的權(quán)限
~
~
:wq
- 啟動(dòng)服務(wù):
[root@localhost ~]# systemctl start nfs rpcbind
[root@localhost ~]# systemctl status nfs rpcbind
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri 2018-05-04 18:31:41 CST; 1min 56s ago
Process: 45371 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 45364 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 45362 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=1/FAILURE)
Main PID: 45371 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
May 04 18:31:41 localhost.localdomain systemd[1]: Starting NFS server and services...
May 04 18:31:41 localhost.localdomain exportfs[45362]: exportfs: Failed to stat /etc/test...y
May 04 18:31:41 localhost.localdomain systemd[1]: Started NFS server and services.
● rpcbind.service - RPC bind service
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; indirect; vendor preset: enabled)
Active: active (running) since Fri 2018-05-04 18:31:41 CST; 1min 56s ago
Process: 45357 ExecStart=/sbin/rpcbind -w $RPCBIND_ARGS (code=exited, status=0/SUCCESS)
Main PID: 45359 (rpcbind)
2. 客戶端配置:
- 查看分享目錄:
[root@localhost ~]# showmount -e 192.168.1.108
Export list for 192.168.1.108:
/tmp/test 192.168.1.105
- 掛載分享目錄:
[root@localhost ~]# mount -t nfs 192.168.1.108:/tmp/test /tmp/test
[root@localhost ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=917556k,nr_inodes=229389,mode=755)
...省略...
/dev/sda1 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-home on /home type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/42 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=186708k,mode=700,uid=42,gid=42)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=186708k,mode=700)
gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
192.168.1.108:/tmp/test on /tmp/test type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.105,local_lock=none,addr=192.168.1.108)
*測(cè)試NFS:
在客戶端掛載目錄下創(chuàng)建目錄
[root@localhost test]# vim nfs.txt
this is a client nfs file
~
~
:wq
-------------分割線-------------
在服務(wù)器端查看對(duì)應(yīng)目錄下是否有文件
[root@localhost test]# ls
nfs.txt
[root@localhost test]# cat nfs.txt #網(wǎng)絡(luò)分享文件同步過(guò)來(lái)了
this is a client nfs file
簡(jiǎn)述samba服務(wù)女蜈,并實(shí)現(xiàn)samba配置
SMB(Server Messages Block,信息服務(wù)塊)是一種在局域網(wǎng)上共享文件和打印機(jī)的一種通信協(xié)議色瘩,它為局域網(wǎng)內(nèi)的不同計(jì)算機(jī)之間提供文件及打印機(jī)等資源的共享服務(wù)伪窖。SMB協(xié)議是客戶機(jī)/服務(wù)器型協(xié)議,客戶機(jī)通過(guò)該協(xié)議可以訪問(wèn)服務(wù)器上的共享文件系統(tǒng)居兆、打印機(jī)及其他資源覆山。通過(guò)設(shè)置“NetBIOS over TCP/IP”使得Samba不但能與局域網(wǎng)絡(luò)主機(jī)分享資源,還能與全世界的電腦分享資源,samba常用的配置以及命令 如下:
samba的配置:
/etc/samba/smb.conf
兩類配置段:
全局配置
[global]
Network-Related Options
workgroup =
server string =
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 192.168.12. 192.168.13.
Logging Options
log file = /var/log/samba/log.%m
max log size = 50
Standalone Server Options
security = user #設(shè)定安全級(jí)別:取值有四個(gè)
share:匿名共享
user:使用samba服務(wù)自我管理的賬號(hào)和密碼進(jìn)行用戶認(rèn)證泥栖;用戶必須是系統(tǒng)用戶簇宽,但密碼非為/etc/shadow中的密碼,而由samba自行管理的文件吧享,其密碼文件的格式由passdb backend進(jìn)行定義
server:由第三方服務(wù)進(jìn)行統(tǒng)一認(rèn)證
domain:使用DC進(jìn)行認(rèn)證魏割;基于kerberos協(xié)議進(jìn)行;
passdb backend = tdbsam
Printing Options
load printers = yes
cups options = raw
[SHARED_NAME] 共享文件系統(tǒng)配置
有三類:
[homes]:為每個(gè)samba用戶定義其是否能夠通過(guò)samba服務(wù)訪問(wèn)自己的家目錄
[printers]:定義打印服務(wù)
[shared_fs]:定義共享的文件系統(tǒng)钢颂;
常用指令:
comment:注釋信息
path:當(dāng)前共享所映射的文件系統(tǒng)路徑
browseable:是否可瀏覽钞它,指是否可被用戶查看
guest ok:是否允許來(lái)賓賬號(hào)訪問(wèn)
public:是否公開(kāi)所有用戶
writable:是否可寫
read only:是否為只讀
write list:擁有寫權(quán)限的用戶列表
用戶名
@組名
+組名
samba用戶管理:
smbpasswd
smbpasswd [options] USERNAME
-a:添加
-x:刪除
-d:禁用
-e:?jiǎn)⒂? pdbedit
-L:列出samba服務(wù)中的所有用戶
-a, --create:添加用戶為samba用戶
-u, --user=USER:要管理的用戶;
-x, --delete:刪除用戶
-t, --password-from-stdin:從標(biāo)準(zhǔn)輸出接收字符串作為用戶密碼
使用空提示符殊鞭,而后將密碼輸入兩次
查看服務(wù)器端的共享:
smbclient -L SMB_SERVER [-U USERNAME]
交互式文件訪問(wèn):
smbclient //SMB_SERVER/SHARE_NAME [-U USERNAME]
掛載訪問(wèn):
mount -t cifs //SMB_SERVER/SAHRE_NAME -o username=USERNAME,password=PASSWORD
注意:掛載操作的用戶遭垛,與-o選項(xiàng)中指定用戶直接產(chǎn)生映射關(guān)系;
此時(shí)操灿,訪問(wèn)掛載點(diǎn)锯仪,是以-o選項(xiàng)中的username指定的用戶身份進(jìn)行;本地用戶對(duì)指定的路徑訪問(wèn)趾盐,首先得擁有對(duì)應(yīng)的本地文件系統(tǒng)權(quán)限卵酪;
smbstatus命令:顯示samba服務(wù)的相關(guān)共享的訪問(wèn)狀態(tài)信息
-b:顯示簡(jiǎn)要格式信息
-v:顯示詳細(xì)格式信息
下面演示一下samba的配置;
1.服務(wù)端配置:
- 安裝服務(wù):
[root@localhost test]# yum -y install samba
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
...省略...
Dependency Updated:
libsmbclient.x86_64 0:4.6.2-12.el7_4 libwbclient.x86_64 0:4.6.2-12.el7_4
samba-client-libs.x86_64 0:4.6.2-12.el7_4 samba-common.noarch 0:4.6.2-12.el7_4
Complete!
- 配置文件:
[root@localhost test]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
...省略...
[homes]
comment = samba test dir
path = /tmp/sambatest
writeable = Yes
create mask = 0600
public = Yes
browseable = No
:wq
- 添加samba用戶:
[root@localhost test]# useradd smbtest
[root@localhost test]# smbpasswd -a smbtest
New SMB password:
Retype new SMB password:
Added user smbtest.
- 啟動(dòng)服務(wù):
[root@localhost test]# systemctl start smb nmb
[root@localhost test]# systemctl status smb nmb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-04 20:26:10 CST; 7s ago
Main PID: 47137 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─47137 /usr/sbin/smbd
├─47138 /usr/sbin/smbd
├─47139 /usr/sbin/smbd
└─47140 /usr/sbin/smbd
May 04 20:26:09 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
May 04 20:26:10 localhost.localdomain smbd[47137]: [2018/05/04 20:26:10.114204, 0] ../l...y)
May 04 20:26:10 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
May 04 20:26:10 localhost.localdomain smbd[47137]: STATUS=daemon 'smbd' finished start...ns
● nmb.service - Samba NMB Daemon
Loaded: loaded (/usr/lib/systemd/system/nmb.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-04 20:26:09 CST; 8s ago
Main PID: 47135 (nmbd)
Status: "nmbd: ready to serve connections..."
CGroup: /system.slice/nmb.service
└─47135 /usr/sbin/nmbd
2.客戶端配置:
- 安裝客戶端服務(wù):
[root@localhost test]# yum -y install samba-client
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
Repository epel-debuginfo is listed more than once in the configuration
Repository epel-source is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
...省略...
Installed:
samba-client.x86_64 0:4.6.2-12.el7_4
Complete!
*連接服務(wù)端:
[root@localhost test]# smbclient //192.168.1.108/smbtest -U smbtest
Enter SAMBA\smbtest's password:
Domain=[LOCALHOST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Fri May 4 20:13:24 2018
.. D 0 Fri May 4 20:41:59 2018
18971044 blocks of size 1024. 13750820 blocks available
*掛載目錄:
[root@localhost test]# mount -t cifs //192.168.1.108/smbtest /tmp/smb -o username=smbtest,password=123456
[root@localhost test]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
...省略...
192.168.1.108:/tmp/test on /tmp/test type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.105,local_lock=none,addr=192.168.1.108)
//192.168.1.108/smbtest on /tmp/smb type cifs (rw,relatime,vers=1.0,cache=strict,username=smbtest,domain=LOCALHOST,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.108,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)
