一易桃、搭建php-fpm工作方式的LAMP環(huán)境,實(shí)現(xiàn)wordpress正常訪問
系統(tǒng)環(huán)境:CentOS 7.2
安裝包:httpd锌俱,mariadb-server晤郑,php-fpm,php-mysql
搭建步驟:
1贸宏、安裝mariadb-server造寝,并配置相關(guān)參數(shù)
[root@lampsrv ~]# yum install -y mariadb-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
......
Installed:
mariadb-server.x86_64 1:5.5.60-1.el7_5
Dependency Installed:
mariadb.x86_64 1:5.5.60-1.el7_5 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7
perl-DBI.x86_64 0:1.627-4.el7 perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
Dependency Updated:
mariadb-libs.x86_64 1:5.5.60-1.el7_5
Complete!
[root@lampsrv ~]# vi /etc/my.cnf.d/server.cnf
[root@lampsrv ~]# cat /etc/my.cnf.d/server.cnf
......
[mysqld]
skip_name_resolve=ON #跳過將IP反解為主機(jī)名
innodb_file_per_table=ON
......
[root@lampsrv ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@lampsrv ~]# systemctl start mariadb.service
[root@lampsrv ~]# mysql_secure_installation #數(shù)據(jù)庫(kù)安全初始化
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
測(cè)試連接:
[root@lampsrv ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
創(chuàng)建wordpress數(shù)據(jù)庫(kù)及其管理用戶:
MariaDB [(none)]> CREATE DATABASE wp_db;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL ON wp_db.* TO 'wpuser'@'192.168.%.%' IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
測(cè)試wpuser用戶登錄數(shù)據(jù)庫(kù):
[root@lampsrv ~]# mysql -uwpuser -h192.168.112.128 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wp_db |
+--------------------+
2 rows in set (0.00 sec)
2、安裝php-fpm吭练、php-mysql诫龙,并啟動(dòng)服務(wù)
[root@lampsrv ~]# yum install -y php-fpm php-mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package php-fpm.x86_64 0:5.4.16-46.el7 will be installed
--> Processing Dependency: php-common(x86-64) = 5.4.16-46.el7 for package: php-fpm-5.4.16-46.el7.x86_64
......
Installed:
php-fpm.x86_64 0:5.4.16-46.el7 php-mysql.x86_64 0:5.4.16-46.el7
Dependency Installed:
libzip.x86_64 0:0.10.1-8.el7 php-common.x86_64 0:5.4.16-46.el7 php-pdo.x86_64 0:5.4.16-46.el7
Dependency Updated:
openssl.x86_64 1:1.0.2k-16.el7 openssl-libs.x86_64 1:1.0.2k-16.el7
Complete!
[root@lampsrv ~]# mkdir /var/lib/php/session
[root@lampsrv ~]# chown apache:apache /var/lib/php/session
[root@lampsrv ~]# ll -d /var/lib/php/session
drwxr-xr-x 2 apache apache 6 Dec 9 02:11 /var/lib/php/session
[root@lampsrv ~]# systemctl enable php-fpm
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
[root@lampsrv ~]# systemctl start php-fpm
3、安裝httpd鲫咽,并配置虛擬主機(jī)
[root@lampsrv ~]# yum install -y httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.huaweicloud.com
* extras: mirrors.huaweicloud.com
* updates: centos.ustc.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.4.6-88.el7.centos will be installed
......
Installed:
httpd.x86_64 0:2.4.6-88.el7.centos
Dependency Installed:
httpd-tools.x86_64 0:2.4.6-88.el7.centos mailcap.noarch 0:2.1.41-2.el7
Complete!
[root@lampsrv ~]# mkdir /app/vhosts -pv
mkdir: created directory ‘/app’
mkdir: created directory ‘/app/vhosts’
[root@lampsrv ~]# vi /etc/httpd/conf.d/vhosts.conf
[root@lampsrv ~]# cat /etc/httpd/conf.d/vhosts.conf
DirectoryIndex index.php
<VirtualHost *:80>
ServerName www.mywp.com
DocumentRoot /app/vhosts/wordpress
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/app/vhosts/wordpress/$1
<Directory "/app/vhosts/wordpress">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
語法檢查:
[root@lampsrv ~]# httpd -t
Syntax OK
4签赃、下載并解壓wordpress,并啟動(dòng)httpd服務(wù):
[root@lampsrv ~]# wget https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
--2018-12-09 02:15:05-- https://cn.wordpress.org/wordpress-4.9.4-zh_CN.tar.gz
Resolving cn.wordpress.org (cn.wordpress.org)... 198.143.164.252
Connecting to cn.wordpress.org (cn.wordpress.org)|198.143.164.252|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9082696 (8.7M) [application/octet-stream]
Saving to: ‘wordpress-4.9.4-zh_CN.tar.gz’
100%[============================================================>] 9,082,696 399KB/s in 80s
2018-12-09 02:16:28 (112 KB/s) - ‘wordpress-4.9.4-zh_CN.tar.gz’ saved [9082696/9082696]
[root@lampsrv ~]# tar zxf wordpress-4.9.4-zh_CN.tar.gz -C /app/vhosts/
[root@lampsrv ~]# ll /app/vhosts/
total 4
drwxr-xr-x 5 nobody 65534 4096 Feb 7 2018 wordpress
防火墻放通http服務(wù):
[root@lampsrv ~]# firewall-cmd --permanent --add-service=http
success
[root@lampsrv ~]# firewall-cmd --reload
success
啟動(dòng)httpd服務(wù):
[root@lampsrv ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@lampsrv ~]# systemctl start httpd
驗(yàn)證測(cè)試:
測(cè)試訪問主頁:
測(cè)試OK分尸!此時(shí)可根據(jù)頁面提示信息锦聊,創(chuàng)建相應(yīng)數(shù)據(jù)庫(kù)配置文件:
[root@lampsrv ~]# cp /app/vhosts/wordpress/wp-config-sample.php /app/vhosts/wordpress/wp-config.php
[root@lampsrv ~]# vi /app/vhosts/wordpress/wp-config.php
主要修改連接數(shù)據(jù)庫(kù)項(xiàng):
// ** MySQL 設(shè)置 - 具體信息來自您正在使用的主機(jī) ** //
/** WordPress數(shù)據(jù)庫(kù)的名稱 */
define('DB_NAME', 'wp_db');
/** MySQL數(shù)據(jù)庫(kù)用戶名 */
define('DB_USER', 'wpuser');
/** MySQL數(shù)據(jù)庫(kù)密碼 */
define('DB_PASSWORD', 'redhat');
/** MySQL主機(jī) */
define('DB_HOST', '192.168.112.128');
搭建完成!
二寓落、什么是DML括丁?常用SQL舉例,每個(gè)命令至少1個(gè)例子伶选,最多不超過3個(gè)例子
DML:(Data Manipulation Language)數(shù)據(jù)操縱語言史飞,主要用于管理表中的數(shù)據(jù)尖昏,實(shí)現(xiàn)數(shù)據(jù)的增(INSERT)、刪(DELETE)构资、改(UPDATE)抽诉、查(SELECT)
SELECT
語法格式:
(1)SELECT * FROM tbl_name[,tbl_name_2];
返回指定表的所有數(shù)據(jù);慎用(多表同時(shí)查詢時(shí)為各表項(xiàng)數(shù)量相乘)吐绵;
(2)SELECT col1,col2,... FROM tbl_name;
顯示時(shí)迹淌,字段可以顯示為別名;
col_name AS col_alias
(3)SELECT col1,... FROM tbl_name WHERE clause;
WHERE clause:用于指明挑選條件己单;
col_name操作符value唉窃;
age>30;
操作符(1):
>,<,>=,<=,==,!=
組合條件:
and
or
not
操作符(2):
BETWEEN ... AND ...
LIKE 'PATTERN'
通配符:
%:任意長(zhǎng)度的任意字符;
_:任意單個(gè)字符纹笼;
RLIKE 'PATTERN'
正則表達(dá)式對(duì)字符串做模式匹配纹份;
IS NULL
IS NOT NULL
(4)SELECT col1,... FROM tbl_name [WHERE clause] ORDER BY col_name,col_name2,... [ASC|DESC]
ASC:升序(默認(rèn));
DESC:降序廷痘;
(5)分組:
GROUP BY蔓涧,為了聚合;
count(),sum(),avg(),max(),min()
HAVING:對(duì)聚合的結(jié)果做條件過濾笋额;
示例:
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
1 row in set (0.00 sec)
MariaDB [wp_db]> SELECT ID,user_login AS username,user_pass AS password FROM wp_users WHERE ID=1;
+----+----------+------------------------------------+
| ID | username | password |
+----+----------+------------------------------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 |
+----+----------+------------------------------------+
1 row in set (0.00 sec)
INSERT
語法格式:
INSERT [INTO] tbl_name [(col1,...)] {VALUES|VALUE} (val1,...),(...),...
注意:
字符型:引號(hào)元暴;
數(shù)值型:不能用引號(hào);
示例:
MariaDB [wp_db]> INSERT INTO wp_users(ID,user_login,user_pass,user_email,display_name) VALUES(2,'user01',PASSWORD('redhat'),'user01@mywp.com','user01');
Query OK, 1 row affected (0.00 sec)
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
| 2 | user01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 | | user01@mywp.com | | 0000-00-00 00:00:00 | | 0 | user01 |
+----+------------+-------------------------------------------+---------------+-----------------+----------+---------------------+---------------------+-------------+--------------+
2 rows in set (0.00 sec)
UPDATE
語法格式:
UPDATE [LOW_PRIORITY] [IGNORE] table_reference SET col_name1=value1[,col_name2=value2]... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
示例:
MariaDB [wp_db]> UPDATE wp_users SET user_login='user_new01',user_email='user_new01@mywp.com' WHERE user_login='user01';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
| 2 | user_new01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 | | user_new01@mywp.com | | 0000-00-00 00:00:00 | | 0 | user01 |
+----+------------+-------------------------------------------+---------------+---------------------+----------+---------------------+---------------------+-------------+--------------+
DELETE
語法格式:(行刪除)
DELETE FROM tbl_name [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
(1)DELETE FROM tbl_name WHERE where_condition
(2)DELETE FROM tbl_name [ORDER BY ...] [LIMIT row_count]
示例:
MariaDB [wp_db]> DELETE FROM wp_users WHERE ID=2;
Query OK, 1 row affected (0.01 sec)
MariaDB [wp_db]> SELECT * FROM wp_users;
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| ID | user_login | user_pass | user_nicename | user_email | user_url | user_registered | user_activation_key | user_status | display_name |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
| 1 | admin | $P$BhoNA52NL8zhNMPNcvljz8w/JWVw6C1 | admin | admin@mywp.com | | 2018-12-09 07:55:14 | | 0 | admin |
+----+------------+------------------------------------+---------------+----------------+----------+---------------------+---------------------+-------------+--------------+
1 row in set (0.00 sec)
三兄猩、簡(jiǎn)述ftp的主動(dòng)和被動(dòng)模式茉盏,并實(shí)現(xiàn)基于pam認(rèn)證的vsftpd
ftp的兩種模式
客戶端通過與服務(wù)端TCP/21號(hào)端口建立通信連接后,使用兩種模式協(xié)商建立數(shù)據(jù)連接:
主動(dòng)模式:服務(wù)端打開TCP/20號(hào)端口厦滤,連接客戶端建立通信連接使用的端口向后的第一個(gè)可用端口援岩;
被動(dòng)模式:服務(wù)端打開一個(gè)隨機(jī)端口,通知并等待客戶端連接掏导;此種方式更為安全享怀;
基于PAM認(rèn)證的vsftpd
PAM:Pluggable Authenticate Module
vsftpd用戶類別:
匿名用戶:anonymous --> ftp,/var/ftp
系統(tǒng)用戶:至少禁止系統(tǒng)用戶訪問ftp服務(wù),/etc/vsftpd/ftpusers,PAM(/etc/pam.d/vsftpd)趟咆;
虛擬用戶:非系統(tǒng)用戶添瓷,用戶賬號(hào)非為可登陸操作系統(tǒng)的用戶賬號(hào)(非/etc/passwd)
用戶通過vsftpd服務(wù)訪問到的默認(rèn)路徑,是用戶自己的家目錄值纱;默認(rèn)可以自己有權(quán)限訪問的所有路徑間切換鳞贷;
也可禁錮用戶于其家目錄中;
示例:(MariaDB存儲(chǔ)虛擬用戶賬號(hào)方式虐唠,且不同用戶擁有不同權(quán)限)
1搀愧、安裝基本vsftpd和MariaDB服務(wù)
[root@ftpsrv ~]# yum install -y vsftpd mariadb-server
......
配置MariaDB并啟動(dòng)服務(wù):
[root@ftpsrv ~]# vi /etc/my.cnf.d/server.cnf
[root@ftpsrv ~]# cat /etc/my.cnf.d/server.cnf
......
# this is only for the mysqld standalone daemon
[mysqld]
skip_name_resolve=ON
innodb_file_per_table=ON
log_bin=mysql-bin
......
[root@ftpsrv ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@ftpsrv ~]# systemctl start mariadb
2、安裝相關(guān)開發(fā)包(mariadb-devel,pam-devel)咱筛,以及編譯安裝pam-mysql(需單獨(dú)下載)
[root@ftpsrv ~]# yum install -y mariadb-devel pam-devel
[root@ftpsrv ~]# wget http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
--2018-12-09 03:55:02-- http://prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7RC1.tar.gz
Resolving prdownloads.sourceforge.net (prdownloads.sourceforge.net)... 216.105.38.13
Connecting to prdownloads.sourceforge.net (prdownloads.sourceforge.net)|216.105.38.13|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/pam-mysql/pam-mysql/0.7RC1/pam_mysql-0.7RC1.tar.gz [following]
......
HTTP request sent, awaiting response... 200 OK
Length: 335240 (327K) [application/x-gzip]
Saving to: ‘pam_mysql-0.7RC1.tar.gz’
100%[============================================================>] 335,240 47.5KB/s in 6.9s
2018-12-09 03:55:10 (47.5 KB/s) - ‘pam_mysql-0.7RC1.tar.gz’ saved [335240/335240]
[root@ftpsrv ~]# tar zxf pam_mysql-0.7RC1.tar.gz
[root@ftpsrv ~]# cd pam_mysql-0.7RC1
[root@ftpsrv pam_mysql-0.7RC1]# ./configure \
> --with-pam=/usr \
> --with-mysql=/usr \
> --with-pam-mods-dir=/usr/lib64/security
......
[root@ftpsrv pam_mysql-0.7RC1]# make && make install
......
3搓幌、創(chuàng)建虛擬賬戶,并配置vsftpd
[root@ftpsrv ~]# mkdir -pv /ftproot/pub
mkdir: created directory ‘/ftproot’
mkdir: created directory ‘/ftproot/pub’
[root@ftpsrv ~]# useradd -d /ftproot/vuser/ vuser
[root@ftpsrv ~]# chmod a-w /ftproot/vuser/
[root@ftpsrv ~]# mkdir /ftproot/vuser/{pub,upload}
[root@ftpsrv ~]# chown vuser:vuser /ftproot/vuser/{pub,upload}
[root@ftpsrv ~]# vi /etc/vsftpd/vsftpd.conf
[root@ftpsrv ~]# tail -4 /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.vusers
guest_enable=YES
guest_username=vuser
user_config_dir=/etc/vsftpd/vusers_config/
[root@ftpsrv ~]# touch /etc/vsftpd/vusers_config/user01
[root@ftpsrv ~]# vi /etc/vsftpd/vusers_config/user01
[root@ftpsrv ~]# touch /etc/vsftpd/vusers_config/user02
[root@ftpsrv ~]# vi /etc/vsftpd/vusers_config/user02
[root@ftpsrv ~]# cat /etc/vsftpd/vusers_config/user01
anon_upload_enable=YES
[root@ftpsrv ~]# cat /etc/vsftpd/vusers_config/user02
anon_upload_enable=YES
anon_mkdir_write_enable=YES
4迅箩、配置pam及數(shù)據(jù)庫(kù)
[root@ftpsrv ~]# vi /etc/pam.d/vsftpd.vusers
[root@ftpsrv ~]# cat /etc/pam.d/vsftpd.vusers
auth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=redhat host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
[root@ftpsrv ~]# mysql -uroot
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database vsftpd;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on vsftpd.* to 'vsftpd'@'127.0.0.1' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@ftpsrv ~]# mysql -uvsftpd -h127.0.0.1 -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.44-MariaDB-log MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> USE vsftpd
Database changed
MariaDB [vsftpd]> CREATE TABLE users(id INT NOT NULL AUTO_INCREMENT UNIQUE KEY,name VARCHAR(30) NOT NULL PRIMARY KEY,password VARCHAR(48));
Query OK, 0 rows affected (0.11 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('user01',PASSWORD('redhat'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) VALUES('user02',PASSWORD('Redhat'));
Query OK, 1 row affected (0.00 sec)
MariaDB [vsftpd]> SELECT * FROM users;
+----+--------+-------------------------------------------+
| id | name | password |
+----+--------+-------------------------------------------+
| 1 | user01 | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
| 2 | user02 | *401420CA4F225391EEDD74EF17A0F4320C362208 |
+----+--------+-------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [vsftpd]> quit
Bye
[root@ftpsrv ~]# systemctl restart vsftpd
[root@ftpsrv ~]# firewall-cmd --permanent --add-service=ftp
success
[root@ftpsrv ~]# firewall-cmd --reload
success
驗(yàn)證:
user02具有上傳和創(chuàng)建目錄權(quán)限:
[root@ftpsrv ~]# ftp 192.168.112.128
Connected to 192.168.112.128 (192.168.112.128).
220 (vsFTPd 3.0.2)
Name (192.168.112.128:root): user02
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> mkdir test01
257 "/upload/test01" created
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (192,168,112,128,59,218).
150 Ok to send data.
226 Transfer complete.
1244 bytes sent in 0.00176 secs (707.62 Kbytes/sec)
user01只有上傳權(quán)限溉愁,無創(chuàng)建目錄權(quán)限:
[root@ftpsrv ~]# ftp 192.168.112.128
Connected to 192.168.112.128 (192.168.112.128).
220 (vsFTPd 3.0.2)
Name (192.168.112.128:root): user01
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd upload
250 Directory successfully changed.
ftp> mkdir test02
550 Permission denied.
ftp> put test02.txt
local: test02.txt remote: test02.txt
227 Entering Passive Mode (192,168,112,128,154,193).
150 Ok to send data.
226 Transfer complete.
516 bytes sent in 3.4e-05 secs (15176.47 Kbytes/sec)
四、簡(jiǎn)述NFS服務(wù)原理及配置
NFS饲趋,(Network File System)網(wǎng)絡(luò)文件系統(tǒng)拐揭,是由SUN公司1984年發(fā)布的分布式文件系統(tǒng)協(xié)議,它允許客戶端上的用戶像訪問本地文件一樣訪問網(wǎng)絡(luò)上的文件奕塑;是一種專用于Linux與Linux主機(jī)之間實(shí)現(xiàn)文件共享的網(wǎng)絡(luò)協(xié)議堂污。
主要服務(wù):nfsd,監(jiān)聽在TCP協(xié)議的2049號(hào)端口爵川;
輔助類的服務(wù):rpc敷鸦,portmapper
rpc.mountd:認(rèn)證;
rpc.locked:加鎖寝贡;
rpc.statd:狀態(tài);
基本配置方法
Server——(需安裝nfs-utils包)
1值依、定義輸出目錄及輸出選項(xiàng):
/etc/exports或/etc/exports.d/*
/PATH/TO/SOME_DIR Clients1(export_options,...) Client2(export_options,...)
clients:
single host:ipv4圃泡,ipv6,F(xiàn)QDN愿险;
network:address/netmask颇蜡,支持長(zhǎng)短格式的掩碼;
wildcards:主機(jī)名通配辆亏,例如:*.magedu.com风秤;
netgroups:NIS域內(nèi)的主機(jī)組;@group_name扮叨;
anonymous:使用*統(tǒng)配所有主機(jī)缤弦;
General Options:
ro:只讀
rw:讀寫
sync:同步
async:異步
secure:客戶端端口小于1024,否則就要使用insecure選項(xiàng)彻磁;
User ID Mapping:
root_squash:壓縮root用戶碍沐,一般指將其映射為nfsnobody;
no_root_squash:不壓縮root用戶衷蜓;
all_squash:壓縮所有用戶累提;
anonuid and anongid:將壓縮的用戶映射為此處指定的用戶;
2磁浇、使用exportfs命令導(dǎo)出nfs共享目錄
exportfs:
-r:重新導(dǎo)出斋陪;
-a:所有文件系統(tǒng);
-v:詳細(xì)信息;
-u:取消導(dǎo)出文件系統(tǒng)无虚;
Client——(掛載nfs目錄)
3鞍匾、使用showmount命令查看Server端導(dǎo)出的nfs文件系統(tǒng)及相關(guān)信息
showmount - show mount information for an NFS server
showmount -e NFS_SERVER_IP:查看指定的nfs server上導(dǎo)出的所有文件系統(tǒng);
showmount -a:在nfs server上查看nfs服務(wù)的所有客戶端列表骑科;
4橡淑、掛載nfs文件系統(tǒng)
mount -t nfs servername:/path/to/share /path/to/mount_point [-rvVwfnsh] [-o options]
實(shí)用示例:
1、服務(wù)端配置:
安裝相關(guān)包:
[root@nfssrv ~]# yum install -y nfs-utils
......
Installed:
nfs-utils.x86_64 1:1.3.0-0.21.el7
Dependency Installed:
gssproxy.x86_64 0:0.4.1-7.el7 keyutils.x86_64 0:1.5.8-3.el7
libbasicobjects.x86_64 0:0.1.1-25.el7 libcollection.x86_64 0:0.6.2-25.el7
libevent.x86_64 0:2.0.21-4.el7 libini_config.x86_64 0:1.2.0-25.el7
libnfsidmap.x86_64 0:0.25-12.el7 libpath_utils.x86_64 0:0.2.1-25.el7
libref_array.x86_64 0:0.1.5-25.el7 libtalloc.x86_64 0:2.1.2-1.el7
libtevent.x86_64 0:0.9.25-1.el7 libtirpc.x86_64 0:0.2.4-0.6.el7
libverto-tevent.x86_64 0:0.2.5-4.el7 quota.x86_64 1:4.01-11.el7
quota-nls.noarch 1:4.01-11.el7 rpcbind.x86_64 0:0.2.0-32.el7
tcp_wrappers.x86_64 0:7.6-77.el7
Complete!
[root@nfssrv ~]# mkdir /nfsshare
[root@nfssrv ~]# vi /etc/exports
配置導(dǎo)出目錄及選項(xiàng):
[root@nfssrv ~]# cat /etc/exports
/nfsshare *(rw,sync,root_squash)
[root@nfssrv ~]# exportfs -rvv
exporting *:/nfsshare
啟動(dòng)相關(guān)服務(wù)及配置開機(jī)自啟:
[root@nfssrv ~]# systemctl start rpcbind nfs-server
[root@nfssrv ~]# systemctl enable rpcbind nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
防火墻放通服務(wù):
[root@nfssrv ~]# firewall-cmd --permanent --add-service=nfs
success
[root@nfssrv ~]# firewall-cmd --permanent --add-service=mountd
success
[root@nfssrv ~]# firewall-cmd --reload
success
查看輸出的目錄:
[root@nfssrv ~]# showmount -e 192.168.112.128
Export list for 192.168.112.128:
/nfsshare *
2咆爽、客戶端掛載nfs目錄:
[root@client01 ~]# mount -t nfs 192.168.112.128:/nfsshare /mnt/nfsshare/
[root@client01 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.8G 1.5G 6.4G 19% /
devtmpfs devtmpfs 903M 0 903M 0% /dev
tmpfs tmpfs 913M 0 913M 0% /dev/shm
tmpfs tmpfs 913M 8.6M 904M 1% /run
tmpfs tmpfs 913M 0 913M 0% /sys/fs/cgroup
/dev/loop0 iso9660 4.1G 4.1G 0 100% /mnt/iso
/dev/sda1 xfs 197M 109M 88M 56% /boot
tmpfs tmpfs 183M 0 183M 0% /run/user/0
192.168.112.128:/nfsshare nfs4 7.8G 1.5G 6.4G 19% /mnt/nfsshare
五梁棠、簡(jiǎn)述samba服務(wù),并實(shí)現(xiàn)samba配置
Samba是在Linux和UNIX系統(tǒng)上實(shí)現(xiàn)SMB協(xié)議的一個(gè)免費(fèi)軟件斗埂,由服務(wù)器及客戶端程序構(gòu)成符糊。在NetBIOS出現(xiàn)之后,Microsoft就使用NetBIOS實(shí)現(xiàn)了一個(gè)網(wǎng)絡(luò)文件/打印服務(wù)系統(tǒng)呛凶,這個(gè)系統(tǒng)基于NetBIOS設(shè)定了一套文件共享協(xié) 議男娄,Microsoft稱之為SMB(Server Message Block)協(xié)議。這個(gè)協(xié)議被Microsoft用于它們Lan Manager和Windows NT服務(wù)器系統(tǒng)中漾稀,而Windows系統(tǒng)均包括這個(gè)協(xié)議的客戶軟件模闲,因而這個(gè)協(xié)議在局域網(wǎng)系統(tǒng)中影響很大。
隨著Internet的流行崭捍,Microsoft希望將這個(gè)協(xié)議擴(kuò)展到Internet上去尸折,成為Internet上計(jì)算機(jī)之間相互共享數(shù)據(jù)的一種標(biāo) 準(zhǔn)。因此它將原有的幾乎沒有多少技術(shù)文檔的SMB協(xié)議進(jìn)行整理殷蛇,重新命名為CIFS(Common Internet File System)实夹,并打算將它與NetBIOS相脫離,試圖使它成為Internet上的一個(gè)標(biāo)準(zhǔn)協(xié)議粒梦。
功能:
1亮航、文件系統(tǒng)共享;
2匀们、打印機(jī)共享缴淋;
3、支持NetBIOS協(xié)議
程序環(huán)境:
服務(wù)端程序包:samba昼蛀,samba-common宴猾,samba-libs
Server and Client software to interoperate with Windows machines.
主配置文件:/etc/samba/smb.conf,由samba-common包提供叼旋;
主程序:
nmbd:NetBIOS name server
smbd:SMB/CIFS services
Unit File:
smb.service
nmb.service
監(jiān)聽的端口:
137/udp,138/udp
139/tcp,445/tcp
samba的配置:
兩類配置段:
全局配置
[global]
Network-Related Options
workgroup =
server string =
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 192.168.12. 192.168.13.
Logging Options
log file = /var/log/samba/log.%m
max log size = 50
Standalone Server Options
security = user
設(shè)定安全級(jí)別:取值有四個(gè)仇哆;
share:匿名共享;
user:使用samba服務(wù)自我管理的賬號(hào)和密碼進(jìn)行用戶認(rèn)證夫植;用戶必須是系統(tǒng)用戶讹剔,但密碼非為/etc/shadow中的密碼油讯,而由samba自行管理的文件,其密碼文件的格式由passdbbackend進(jìn)行定義延欠;
server:由第三方服務(wù)進(jìn)行統(tǒng)一認(rèn)證陌兑;
domain:使用DC進(jìn)行認(rèn)證;基于Kerberos協(xié)議進(jìn)行由捎;
passdb backend =tdbsam
Printing Options
load printers = yes
cups options = raw
共享文件系統(tǒng)配置
[SHARED_NAME]
有三類:
[homes]:為每個(gè)samba用戶定義其是否能夠通過samba服務(wù)訪問自己的家目錄兔综;
[printers]:定義打印服務(wù);
[shared_fs]:定義共享的文件系統(tǒng)狞玛;
常用指令:
comment:注釋信息软驰;
path:當(dāng)前共享所映射的文件系統(tǒng)路徑;
browseable:是否可瀏覽心肪,指是否可被用戶查看锭亏;
guest ok:是否允許來賓賬號(hào)訪問;
public:是否公開所有用戶硬鞍;
writable:是否可寫慧瘤;
write list:擁有寫權(quán)限的用戶列表;
用戶名
@組名
+組名
配置文件語法檢查:testpam
samba用戶管理:
smbpasswd
smbpasswd [options] USERNAME
-a:添加
-x:刪除
-d:禁用
-e:?jiǎn)⒂?
pdbedit
-L:列出samba服務(wù)中的所有用戶
-a,--create:添加用戶為samba用戶固该;
-u锅减,--user=USER:要管理的用戶;
-x蹬音,--delete:刪除用戶上煤;
-t,--password-from-stdin:從標(biāo)準(zhǔn)輸入接收字符串作為用戶密碼著淆;
使用空提示符,而后將密碼輸入兩次拴疤;
查看服務(wù)器端的共享:
smbclient -L SMB_SERVER [-U USERNAME]
交互式文件訪問:
smbclient //SMB_SERVER/SHARE_NAME -o username=USERNAME,password=PASSWORD
注意:掛載操作的用戶永部,與-o選項(xiàng)中指定用戶直接產(chǎn)生映射關(guān)系;
此時(shí)呐矾,訪問掛載點(diǎn)苔埋,是以-o選型中的username指定的用戶身份進(jìn)行;本地用戶對(duì)指定路徑的訪問蜒犯,首先得擁有對(duì)應(yīng)本地文件系統(tǒng)的權(quán)限组橄;
smbstatus命令:
顯示samba服務(wù)的相關(guān)共享的狀態(tài)訪問信息;
-b:顯示簡(jiǎn)要格式信息罚随;
-v:顯示詳細(xì)格式信息玉工;
實(shí)用示例:
1、服務(wù)端配置:
安裝軟件包:
[root@smbsrv ~]# yum install -y cifs-utils samba
......
Installed:
cifs-utils.x86_64 0:6.2-7.el7 samba.x86_64 0:4.2.3-10.el7
Dependency Installed:
cups-libs.x86_64 1:1.6.3-22.el7 libldb.x86_64 0:1.1.20-1.el7
libtdb.x86_64 0:1.3.6-2.el7 libwbclient.x86_64 0:4.2.3-10.el7
pytalloc.x86_64 0:2.1.2-1.el7 samba-client-libs.x86_64 0:4.2.3-10.el7
samba-common.noarch 0:4.2.3-10.el7 samba-common-libs.x86_64 0:4.2.3-10.el7
samba-common-tools.x86_64 0:4.2.3-10.el7 samba-libs.x86_64 0:4.2.3-10.el7
Complete!
配置smb/cifs共享目錄淘菩,及共享選項(xiàng):
[root@smbsrv ~]# vi /etc/samba/smb.conf
......
[global]
workgroup = MYGROUP
server string = My Samba Server
netbios name = MYSERVER
hosts allow = 127. 192.168.112.
#============================ Share Definitions ==============================
......
[smbshare]
comment = Comman Files
path = /smbshare
public = yes
writable = yes
write list = @smbshare
添加smbshare組遵班,用于專用共享組
[root@smbsrv ~]# groupadd smbshare
[root@smbsrv ~]# useradd -s /sbin/nologin -g smbshare smbuser01
[root@smbsrv ~]# smbpasswd -a smbuser01
New SMB password:
Retype new SMB password:
Added user smbuser01.
[root@smbsrv ~]# mkdir /smbshare
[root@smbsrv ~]# chown :smbshare /smbshare
[root@smbsrv ~]# ll -d /smbshare
drwxr-xr-x 2 root smbshare 6 Dec 16 09:55 /smbshare
配置samba服務(wù)開機(jī)自啟及啟動(dòng)服務(wù):
[root@smbsrv ~]# systemctl enable smb nmb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/nmb.service to /usr/lib/systemd/system/nmb.service.
[root@smbsrv ~]# ^enable^start
systemctl start smb nmb
防火墻放通服務(wù):
[root@smbsrv ~]# firewall-cmd --permanent --add-service=samba
success
[root@smbsrv ~]# firewall-cmd --reload
success
2屠升、客戶端掛載smb/cifs共享目錄:
[root@client01 ~]# mount -t cifs -o username=smbuser01,password=redhat //192.168.112.128/smbshare /mnt/smbshare/
[root@client01 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.8G 1.5G 6.4G 19% /
devtmpfs devtmpfs 903M 0 903M 0% /dev
tmpfs tmpfs 913M 0 913M 0% /dev/shm
tmpfs tmpfs 913M 8.6M 904M 1% /run
tmpfs tmpfs 913M 0 913M 0% /sys/fs/cgroup
/dev/loop0 iso9660 4.1G 4.1G 0 100% /mnt/iso
/dev/sda1 xfs 197M 109M 88M 56% /boot
tmpfs tmpfs 183M 0 183M 0% /run/user/0
192.168.112.128:/nfsshare nfs4 7.8G 1.5G 6.4G 19% /mnt/nfsshare
//192.168.112.128/smbshare cifs 7.8G 1.5G 6.4G 19% /mnt/smbshare
權(quán)限測(cè)試:
測(cè)試1
[root@client01 ~]# touch /mnt/smbshare/smbuser01.txt
touch: cannot touch ‘/mnt/smbshare/smbuser01.txt’: Permission denied
可以看出,此時(shí)無寫權(quán)限狭郑,雖客戶端掛載時(shí)使用smbuser01用戶是屬于服務(wù)端smbshare組腹暖,在samba服務(wù)配置文件中有寫權(quán)限,但是smbshare組對(duì)于服務(wù)端/smbshare目錄并無寫權(quán)限翰萨,故報(bào)錯(cuò)脏答;
服務(wù)端修改權(quán)限:
[root@smbsrv ~]# chmod 775 /smbshare/
客戶端再次創(chuàng)建文件:
[root@client01 ~]# touch /mnt/smbshare/smbuser01.txt
[root@client01 ~]# ll /mnt/smbshare/
total 0
-rw-r--r-- 1 1000 1000 0 Dec 16 10:30 smbuser01.txt
此時(shí)擁有寫權(quán)限。