搭建php-fpm工作方式的LAMP环境,实现wordpress正常访问
centos6对于php-fpm需要自行编译安装,centos7则源生支持,以下使用一台虚拟机来搭建LAMP环境,并实现wordpress功能,步骤如下:
1. 安装mariadb服务并配置文件
- 安装服务:
[root@zcy520ooooo ~]# yum install mariadb-server -y
......
作为依赖被安装:
mariadb.x86_64 1:5.5.60-1.el7_5 perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7
perl-DBI.x86_64 0:1.627-4.el7 perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
作为依赖被升级:
mariadb-libs.x86_64 1:5.5.60-1.el7_5
- 配置文件:/etc/my.cnf.d/server.cnf
[root@zcy520ooooo ~]# cat /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
skip_name_resolve=ON #加入这个,取消名字解析
innodb_file_per_table=ON #innodb使用单独的表
# this is only for the mysqld standalone daemon
[mysqld]
# this is only for embedded server
[embedded]
# This group is only read by MariaDB-5.5 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mysqld-5.5]
# These two groups are only read by MariaDB servers, not by MySQL.
# If you use the same .cnf file for MySQL and MariaDB,
# you can put MariaDB-only options here
[mariadb]
[mariadb-5.5]
- 检验服务:
[root@zcy520ooooo ~]# systemctl start mariadb.service
[root@zcy520ooooo ~]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:* #3306为mariadb服务端口
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 0 192.168.80.4:22 192.168.80.47:53200
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
- 加固mysql服务器(服务初始化启动选项)
[root@zcy520ooooo ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y #是否设置root用户密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #是否移除虚拟用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否运行root远程登录
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n #是否删除test表
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #是否重新加载基本表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB! #出现提示说明配置完成
2. 安装php-fpm:
- 安装服务:
[root@zcy520ooooo ~]# yum install php-mysql php-fpm php-mbstring -y
......
已安装:
php-fpm.x86_64 0:5.4.16-45.el7 php-mbstring.x86_64 0:5.4.16-45.el7 php-mysql.x86_64 0:5.4.16-45.el7
作为依赖被安装:
libzip.x86_64 0:0.10.1-8.el7 php-common.x86_64 0:5.4.16-45.el7 php-pdo.x86_64 0:5.4.16-45.el7
#php-mysql 连接mysql服务的接口
#php-mbstring 支持多字节的模块
- 配置文件:
主配置文件:/etc/php-fpm.conf和/etc/php-fpm.d/.conf
环境配置文件:/etc/php.ini, /etc/php.d/.ini
[root@zcy520ooooo ~]# cd /etc/php-fpm.d
[root@zcy520ooooo php-fpm.d]# vim www.conf
; Start a new pool named 'www'.
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1 #等待请求的队列,-1表示无限制
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any #“ ; ” 号表示注释
listen.allowed_clients = 127.0.0.1 #运行访问的客户端地址
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = nobody
;listen.group = nobody
;listen.mode = 0666
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives:
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes to be created when pm is set to 'dynamic'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI.
; Note: Used when pm is set to either 'static' or 'dynamic'
; Note: This value is mandatory.
pm.max_children = 50
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 5
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 35
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. By default, the status page shows the following
; information:
; accepted conn - the number of request accepted by the pool;
; pool - the name of the pool;
; process manager - static or dynamic;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes.
; The values of 'idle processes', 'active processes' and 'total processes' are
; updated each second. The value of 'accepted conn' is updated in real time.
; Example output:
; accepted conn: 12073
; pool: www
; process manager: static
; idle processes: 35
; active processes: 65
; total processes: 100
; By default the status page output is formatted as text/plain. Passing either
; 'html' or 'json' as a query string will return the corresponding output
; syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
ping.path = /ping #把这个启动起来
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
ping.response = pong #把这个启动起来
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/php-fpm/www-slow.log
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start. This value must be an absolute path.
; Default Value: current directory or / when chroot
;chdir = /var/www
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f [email protected]
;php_flag[display_errors] = off
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
; Set session path to a directory owned by process user
php_value[session.save_handler] = files #设置会话文件及下面的路径
php_value[session.save_path] = /var/lib/php/session #默认不存在,创建之,用户组改成使用该模块的系统用户apache
---------------------------------分割线------------------------------
[root@zcy520ooooo php-fpm.d]# mkdir -pv /var/lib/php/session
mkdir: 已创建目录 "/var/lib/php/session"
[root@zcy520ooooo php-fpm.d]# chown apache:apache /var/lib/php/session
[root@zcy520ooooo php-fpm.d]# ll /var/lib/php
总用量 0
drwxr-xr-x. 2 apache apache 6 11月 19 13:59 session
- 启动服务:
[root@zcy520ooooo php-fpm.d]# systemctl start php-fpm
[root@zcy520ooooo php-fpm.d]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 #说明服务已经启动 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
ESTAB 0 52 192.168.80.4:22 192.168.80.47:53200
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
3. 安装httpd:
- 安装服务:
[root@zcy520ooooo php-fpm.d]# yum install httpd -y
......
已安装:
httpd.x86_64 0:2.4.6-80.el7.centos.1
作为依赖被安装:
httpd-tools.x86_64 0:2.4.6-80.el7.centos.1 mailcap.noarch 0:2.1.41-2.el7
- 查看fgci模块:
[root@zcy520ooooo php-fpm.d]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::3f13:7555:73e5:6f08. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared) #没有这个模块无法与客户端通信的,所以必须要有
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
systemd_module (shared)
cgi_module (shared)
- 配置文件:添加/etc/httpd/conf.d/fcgi.conf
[root@zcy520ooooo php-fpm.d]# mkdir -pv /date/www/html
mkdir: 已创建目录 "/date"
mkdir: 已创建目录 "/date/www"
mkdir: 已创建目录 "/date/www/html"
-------------------------分割线-----------------------
[root@zcy520ooooo php-fpm.d]# vim /etc/httpd/conf.d/fcgi.conf
DirectoryIndex index.php #默认主页
ServerName www.magedu.net
DocumentRoot /date/www/html #要创建这个目录
ProxyRequests off #关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/date/www/html/$1 #与上面的目录路径一致
#如果用户请求的匹配.php结尾的文件就反代到/var/www/html/$1目录下.$1代表(.*\.php)
Options none
AllowOverride None
Require all granted
----------------------------分割线---------------------------
[root@zcy520ooooo php-fpm.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::3f13:7555:73e5:6f08. Set the 'ServerName' directive globally to suppress this message
Syntax OK
- 关闭防火墙并开启httpd服务
[root@zcy520ooooo php-fpm.d]# iptables -F
[root@zcy520ooooo php-fpm.d]# setenforce 0
[root@zcy520ooooo php-fpm.d]# getenforce
Permissive
[root@zcy520ooooo php-fpm.d]# systemctl start httpd
[root@zcy520ooooo php-fpm.d]# ss -tan
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
TIME-WAIT 0 0 127.0.0.1:9000 127.0.0.1:48342
TIME-WAIT 0 0 127.0.0.1:9000 127.0.0.1:48344
TIME-WAIT 0 0 127.0.0.1:9000 127.0.0.1:48340
ESTAB 0 52 192.168.80.4:22 192.168.80.47:53200
LISTEN 0 128 :::80 :::* #这个端口启动即可
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
FIN-WAIT-2 0 0 ::ffff:192.168.80.4:80 ::ffff:192.168.80.47:58645
FIN-WAIT-2 0 0 ::ffff:192.168.80.4:80 ::ffff:192.168.80.47:58646
- 创建测试页面:/date/www/html/index.php
[root@zcy520ooooo php-fpm.d]# mkdir -pv /date/www/html/
[root@zcy520ooooo php-fpm.d]# vim /date/www/html/index.php
php-fpm安装成功,图中显示为FPM格式的php
4. 安装wordpress:
- 下载解压wordpress:
[root@zcy520ooooo ~]# tar xf wordpress-4.9.8.tar.gz
[root@zcy520ooooo ~]# ls
anaconda-ks.cfg apr-util-1.6.1.tar.gz wordpress
apr-1.6.5.tar.gz httpd-2.2.32.tar.gz wordpress-4.9.8.tar.gz
- 删除主页文件,将wordpress目录下的文件cp到主页目录中
[root@zcy520ooooo ~]# mv /date/www/html/index.php test.php
[root@zcy520ooooo ~]# ls wordpress
index.php wp-admin wp-content wp-load.php wp-signup.php
license.txt wp-blog-header.php wp-cron.php wp-login.php wp-trackback.php
readme.html wp-comments-post.php wp-includes wp-mail.php xmlrpc.php
wp-activate.php wp-config-sample.php wp-links-opml.php wp-settings.php
[root@zcy520ooooo ~]# cp -a wordpress/* /date/www/html/
出现这个页面就成功了一半,按页面提示来操作即可
- 设置数据库权限并创建数据库:
[root@zcy520ooooo ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'wpuser'@'%' IDENTIFIED BY 'wppass';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> CREATE DATABASE wordpress; #创建wordpress数据库
Query OK, 1 row affected (0.00 sec)
- 复制httpd主页目录下wp-config-sample.php并配置
[root@zcy520ooooo ~]# cd /date/www/html/
[root@zcy520ooooo html]# cp wp-config-sample.php wp-config.php
[root@zcy520ooooo html]# vim wp-config.php
-
刷新页面登录wordpress:
刷新后提示点击后现在就开始
点击安装wordpress
点击登陆
填写登陆信息并登录
登陆完成 。
什么是DML?常用SQL举例,每个命令至少1个例子,最多不超过3个例子
DML:数据操纵语文(Data Manipulation Language,DML)是SQL语言中,负责对数据库对象运行数据访问工作的指令集,以INSERT、UPDATE、DELETE、SELECT,分别代表插入、更新、删除与查询,是开发以数据为中心的应用程序必定会使用到的指令
获取命令帮助:
mysql> help KEYWORD
MariaDB [(none)]> help SHOW
Name: 'SHOW'
Description:
SHOW has many forms that provide information about databases, tables,
columns, or status information about the server. This section describes
those following:
SHOW AUTHORS
SHOW {BINARY | MASTER} LOGS
SHOW BINLOG EVENTS [IN 'log_name'] [FROM pos] [LIMIT [offset,] row_count]
SHOW CHARACTER SET [like_or_where]
SHOW COLLATION [like_or_where]
SHOW [FULL] COLUMNS FROM tbl_name [FROM db_name] [like_or_where]
SHOW CONTRIBUTORS
SHOW CREATE DATABASE db_name
SHOW CREATE EVENT event_name
SHOW CREATE FUNCTION func_name
SHOW CREATE PROCEDURE proc_name
SHOW CREATE TABLE tbl_name
SHOW CREATE TRIGGER trigger_name
SHOW CREATE VIEW view_name
SHOW DATABASES [like_or_where]
SHOW ENGINE engine_name {STATUS | MUTEX}
SHOW [STORAGE] ENGINES
SHOW ERRORS [LIMIT [offset,] row_count]
SHOW EVENTS
SHOW FUNCTION CODE func_name
SHOW FUNCTION STATUS [like_or_where]
SHOW GRANTS FOR user
SHOW INDEX FROM tbl_name [FROM db_name]
SHOW MASTER STATUS
SHOW OPEN TABLES [FROM db_name] [like_or_where]
SHOW PLUGINS
SHOW PROCEDURE CODE proc_name
SHOW PROCEDURE STATUS [like_or_where]
SHOW PRIVILEGES
SHOW [FULL] PROCESSLIST
SHOW PROFILE [types] [FOR QUERY n] [OFFSET n] [LIMIT n]
SHOW PROFILES
SHOW SLAVE HOSTS
SHOW SLAVE STATUS
SHOW [GLOBAL | SESSION] STATUS [like_or_where]
SHOW TABLE STATUS [FROM db_name] [like_or_where]
SHOW [FULL] TABLES [FROM db_name] [like_or_where]
SHOW TRIGGERS [FROM db_name] [like_or_where]
SHOW [GLOBAL | SESSION] VARIABLES [like_or_where]
SHOW WARNINGS [LIMIT [offset,] row_count]
like_or_where:
LIKE 'pattern'
| WHERE expr
If the syntax for a given SHOW statement includes a LIKE 'pattern'
part, 'pattern' is a string that can contain the SQL "%" and "_"
wildcard characters. The pattern is useful for restricting statement
output to matching values.
Several SHOW statements also accept a WHERE clause that provides more
flexibility in specifying which rows to display. See
http://dev.mysql.com/doc/refman/5.5/en/extended-show.html.
URL: http://dev.mysql.com/doc/refman/5.5/en/show.html
- INSERT:插入
INSERT [INTO] tbl_name [(col1,...)] {VALUES|VALUE} (val1, ...),(...),...
一个()表示一行,tbl_name如果不给出则每一个表都插入
注意:
字符型:引号
数值型:不能用引号
MariaDB [test]> INSERT INTO mage(id,name) VALUES(2,'hoho');
Query OK, 1 row affected (0.32 sec)
MariaDB [test]> INSERT INTO mage(id,name) VALUES(3,'maha');
Query OK, 1 row affected (0.01 sec)
- SELECT:查询
SELECT:
(1) SELECT * FROM tbl_name[,tbl_name2];
返回指定表的所有数据;慎用;
(2) SELECT col1, col2, ... FROM tbl_name;
显示时,字段可以显示为别名;
col_name AS col_alias
(3) SELECT col1, ... FROM tbl_name WHERE clause;
WHERE clause:用于指明挑选条件;
col_name 操作符 value:
age > 30;
操作符(1) :
>, <, >=, <=, ==, !=
组合条件:
and
or
not
操作符(2) :
BETWEEN ... AND ...
LIKE 'PATTERN'
通配符:
%:任意长度的任意字符;
_:任意单个字符;
RLIKE 'PATTERN'
正则表达式对字符串做模式匹配;
IS NULL
IS NOT NULL
(4) SELECT col1, ... FROM tbl_name [WHERE clause] ORDER BY col_name, col_name2, ... [ASC|DESC];
ASC: 升序;
DESC: 降序;
(5)分组:
GROUP BY , 为了聚合:
count(),sum(),avg(),max(),min()
HAVING:对聚合的结果做条件过滤
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 1 | haha |
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
4 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> SELECT id FROM mage WHERE id < 2;
+------+
| id |
+------+
| 1 |
+------+
1 row in set (0.00 sec)
- DELETE:删除
DELETE FROM tbl_name [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
(1) DELETE FROM tbl_name WHERE where_condition
(2) DELETE FROM tbl_name [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> DELETE FROM mage WHERE id = 1;
Query OK, 1 row affected (0.34 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
3 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> DELETE FROM mage WHERE name = 'maha';
Query OK, 2 rows affected (0.33 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
+------+------+
1 row in set (0.00 sec)
- UPDATE:更新
UPDATE [LOW_PRIORITY] [IGNORE] table_reference SET col_name1=value1 [, col_name2=value2] ... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 2 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET id=4 WHERE name = 'hoho';
Query OK, 2 rows affected (0.29 sec)
Rows matched: 2 Changed: 2 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 4 | hoho |
| 4 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 3 | maha |
| 1 | haha |
+------+------+
2 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET name='lalala' WHERE id < 2;
Query OK, 1 row affected (0.29 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+--------+
| id | name |
+------+--------+
| 3 | maha |
| 1 | lalala |
+------+--------+
2 rows in set (0.01 sec)
简述ftp的主动和被动模式,并实现基于pam认证的vsftpd
- 主动模式:
数据传输连接由服务器主动创建,客户端先随机一个端口N,用这个端口连接服务器的21端口来完成命令连接的建立,之后服务器以tcp的20端口主动连接客户端的N+1端口来进行数据传输连接。
- 被动模式:
数据传输连接由客户端的某个随机端口去连接服务器的某个端口,命令连接的方式与主动连接方式一致,完成连接之后服务器会告诉客户端连接的端口M,于是客户端的N+1端口连接服务器的M端口来进行数据传输的连接。
- ftp的一些常用配置信息:
配置文件路径在:/etc/vsftpd/vsftpd.conf
匿名用户的配置:
anonymous_enable=YES #是否开启匿名用户
anon_upload_enable=YES #是否具有上传权限
anon_mkdir_write_enable=YES #是否可以创建目录
anon_ohter_write_enable=YES #除了写权限是否可以删除修改服务器上的其他文件
anon_umask=077 #文件的掩码权限
系统用户的配置:
local_enable=YES #是否启用本地用户
write_enable=YES #是否具有可写权限
local_umask=022 #文件的掩码权限
userlist_enable=YES #启用/etc/vsftpd/user_list文件来控制可登录用户
userlist_deny=
YES:意味着此为黑名单
NO:白名单(名单中的用户才能登陆)
禁锢所有的ftp本地用户于其家目录中:(需要事先去除用户对家目录的写权限)
chroot_local_user=YES
禁锢文件中指定的ftp本地用户于其家目录中:(需要事先去除用户对家目录的写权限)
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam:
可插入式认证模块,高度模块化,可以查询系统的认证模块。
[root@zcy520ooooo ~]# rpm -ql pam | grep so
/etc/security/console.apps
/etc/security/console.handlers
/etc/security/console.perms
/etc/security/console.perms.d
/usr/lib64/libpam.so.0
/usr/lib64/libpam.so.0.83.1
/usr/lib64/libpam_misc.so.0
/usr/lib64/libpam_misc.so.0.82.0
/usr/lib64/libpamc.so.0
/usr/lib64/libpamc.so.0.82.1
/usr/lib64/security/pam_access.so
/usr/lib64/security/pam_chroot.so
/usr/lib64/security/pam_console.so
/usr/lib64/security/pam_cracklib.so
/usr/lib64/security/pam_debug.so
/usr/lib64/security/pam_deny.so
/usr/lib64/security/pam_echo.so
/usr/lib64/security/pam_env.so
/usr/lib64/security/pam_exec.so
/usr/lib64/security/pam_faildelay.so
/usr/lib64/security/pam_faillock.so
/usr/lib64/security/pam_filter.so
/usr/lib64/security/pam_ftp.so
/usr/lib64/security/pam_group.so
/usr/lib64/security/pam_issue.so
/usr/lib64/security/pam_keyinit.so
/usr/lib64/security/pam_lastlog.so
/usr/lib64/security/pam_limits.so
/usr/lib64/security/pam_listfile.so
/usr/lib64/security/pam_localuser.so
/usr/lib64/security/pam_loginuid.so
/usr/lib64/security/pam_mail.so
/usr/lib64/security/pam_mkhomedir.so
/usr/lib64/security/pam_motd.so
/usr/lib64/security/pam_namespace.so
/usr/lib64/security/pam_nologin.so
/usr/lib64/security/pam_permit.so
/usr/lib64/security/pam_postgresok.so
/usr/lib64/security/pam_pwhistory.so
/usr/lib64/security/pam_rhosts.so
/usr/lib64/security/pam_rootok.so
/usr/lib64/security/pam_securetty.so
/usr/lib64/security/pam_selinux.so
/usr/lib64/security/pam_selinux_permit.so
/usr/lib64/security/pam_sepermit.so
/usr/lib64/security/pam_shells.so
/usr/lib64/security/pam_stress.so
/usr/lib64/security/pam_succeed_if.so
/usr/lib64/security/pam_tally2.so
/usr/lib64/security/pam_time.so
/usr/lib64/security/pam_timestamp.so
/usr/lib64/security/pam_tty_audit.so
/usr/lib64/security/pam_umask.so
/usr/lib64/security/pam_unix.so
/usr/lib64/security/pam_unix_acct.so
/usr/lib64/security/pam_unix_auth.so
/usr/lib64/security/pam_unix_passwd.so
/usr/lib64/security/pam_unix_session.so
/usr/lib64/security/pam_userdb.so
/usr/lib64/security/pam_warn.so
/usr/lib64/security/pam_wheel.so
/usr/lib64/security/pam_xauth.so
/usr/sbin/pam_console_apply
/usr/share/doc/pam-1.1.8/html/sag-see-also.html
/usr/share/doc/pam-1.1.8/txts/README.pam_console
/usr/share/doc/pam-1.1.8/txts/README.pam_postgresok
/usr/share/man/man5/console.apps.5.gz
/usr/share/man/man5/console.handlers.5.gz
/usr/share/man/man5/console.perms.5.gz
/usr/share/man/man8/pam_console.8.gz
/usr/share/man/man8/pam_console_apply.8.gz
/usr/share/man/man8/pam_postgresok.8.gz
/var/run/console
----------------------------------分割线-----------------------------
[root@zcy520ooooo ~]# ls /etc/pam.d
chfn login postlogin smartcard-auth-ac sudo-i vmtoolsd
chsh other postlogin-ac smtp su-l vsftpd
config-util passwd remote smtp.postfix system-auth
crond password-auth runuser sshd system-auth-ac
fingerprint-auth password-auth-ac runuser-l su systemd-user
fingerprint-auth-ac polkit-1 smartcard-auth sudo vlock
虚拟用户模式登录ftp所用到的用户不是系统本地用户,这些虚拟用户只能对ftp服务器中的文件有写权限而不能对系统中的其他资源有访问权限,提高了安全性。这就是使用pam模块做了认证。
- 创建用户帐号密码文件:
[root@zcy520ooooo ~]# vim /etc/vsftpd/vuser.list
magedu1
123456
magedu2
654321
- 将用户密码文件加密成数据库文件:
[root@zcy520ooooo ~]# yum install libdb-utils #安装转换工具
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.zju.edu.cn
* extras: centos.ustc.edu.cn
* updates: mirrors.aliyun.com
软件包 libdb-utils-5.3.21-24.el7.x86_64 已安装并且是最新版本
无须任何处理
--------------------------------分割线--------------------------------
[root@zcy520ooooo ~]# db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db #转换文件
--------------------------------分割线--------------------------------
[root@zcy520ooooo ~]# chmod 600 /etc/vsftpd/vuser.* #修改密码文件,保证安全性
[root@zcy520ooooo ~]# ll /etc/vsftpd/vuser.*
-rw-------. 1 root root 12288 11月 21 17:25 /etc/vsftpd/vuser.db
-rw-------. 1 root root 30 11月 19 17:22 /etc/vsftpd/vuser.list
- 创建FTP根目录及映射的虚拟用户:
[root@zcy520ooooo ~]# mkdir /var/ftproot
[root@zcy520ooooo ~]# useradd -d /var/ftproot -s /sbin/nologin virtual
useradd:警告:此主目录已经存在。
不从 skel 目录里向其中复制任何文件。
[root@zcy520ooooo ~]# chmod 755 /var/ftproot
[root@zcy520ooooo ~]# ll /var | grep ftproot
drwxr-xr-x. 2 root root 6 11月 21 17:28 ftproot #修改根目录权限
- 创建pam认证:
[root@zcy520ooooo ~]# vim /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
auth required pam_userdb.so db=/etc/vsftpd/vuser #加入最后两行
account required pam_userdb.so db=/etc/vsftpd/vuser #文件后缀不能带
- 配置/etc/vsftpd/vsftpd.conf文件:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO #这里改成NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
...省略...
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES #允许虚拟用户登录
guest_username=virtual #虚拟用户名字
pam_service_name=vsftpd #虚拟用户的pam文件名称
virtual_use_local_privs=YES #开启虚拟用户功能
user_config_dir=/etc/vsftpd/vusers_dir #虚拟用户的配置目录,需要自己创建
- 创建虚拟用户的目录文件并配置:
[root@zcy520ooooo ~]# mkdir /etc/vsftpd/vusers_dir
[root@zcy520ooooo ~]# cd /etc/vsftpd/vusers_dir
[root@zcy520ooooo vusers_dir]# touch magedu1 magedu2
[root@zcy520ooooo vusers_dir]# vim magedu2
anon_upload_enable=YES
anon_mkdir_enable=YES
- 重启服务并测试:
[root@zcy520ooooo vusers_dir]# systemctl restart vsftpd
[root@zcy520ooooo vusers_dir]# lftp -u virtual 192.168.80.4
口令:
lftp [email protected]:~> ls
简述NFS服务原理及配置
NFS是网络文件系统,NFS能够通过片网络实现在不同主机之间彼此资源的共享。NFS主要借助RPC(远程过程调用)来实现文件共享,NFS的配置文件及格式用法如下:
- 服务端配置:
/etc/exports或/etc/exports.d/*
/PATH/TO/SOME_DIR clients1(export_options,...) clients2(export_options,...)
clients :
single host : ipv4,ipv6,FQDN ;
network : address/netmask , 支持长短格式的掩码 ;
wildcards : 主机名通配,例如:*.magedu.com ;
netgroups:NIS域内的主机组 ; @group_name ;
anonymous : 使用*通配所有主机 ;
常用 Options:
ro : 只读
rw:读写 ;
sync:同步;
async:异步;
secure:客户端端口小于1024,否则就要使用insecure选项
User ID Mapping:
root_squash:压缩root用户,一般指将其映射为nfsnobody;
no_root_squash:不压缩root用户;
all_squash:压缩所有用户;
anonuld and anongid:将压缩的用户映射为此处指定的用户;
- 客户端配置:
NFS 客户端:
mount -t nfs sername:/path/to/share /path/to/mount_point [-rvVwfnsh ][-o options]
showmount - show mount information for an NFS server 显示NFS挂载点信息
showmount -e NFS_SERVER_IP:查看指定的nfs server上导出的所有文件系统;
showmount -a :在nfs server上查看nfs服务的所有客户端列表;
exportfs:
exportfs
-r:重新导出;
-a:所有文件系统;
-v:详细信息;
-u:取消导出文件系统;
# exportfs -ar
# exports -au
因为NFS依赖RPC服务,所以安装NFS时要先安装rpcbind服务,下面演示一下NFS文件共享。
1. 在服务端配置:
- 安装服务:
[root@zcy520ooooo ~]# yum install -y nfs-utils
......
已安装:
nfs-utils.x86_64 1:1.3.0-0.54.el7
作为依赖被安装:
gssproxy.x86_64 0:0.7.0-17.el7 keyutils.x86_64 0:1.5.8-3.el7
libbasicobjects.x86_64 0:0.1.1-29.el7 libcollection.x86_64 0:0.7.0-29.el7
libevent.x86_64 0:2.0.21-4.el7 libini_config.x86_64 0:1.3.1-29.el7
libnfsidmap.x86_64 0:0.25-19.el7 libpath_utils.x86_64 0:0.2.1-29.el7
libref_array.x86_64 0:0.1.5-29.el7 libtirpc.x86_64 0:0.2.4-0.10.el7
libverto-libevent.x86_64 0:0.2.5-4.el7 quota.x86_64 1:4.01-17.el7
quota-nls.noarch 1:4.01-17.el7 rpcbind.x86_64 0:0.2.0-44.el7
tcp_wrappers.x86_64 0:7.6-77.el7
完毕!
[root@zcy520ooooo ~]# yum install -y rpcbind
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.shu.edu.cn
软件包 rpcbind-0.2.0-44.el7.x86_64 已安装并且是最新版本
无须任何处理
- 创建共享目录:
[root@zcy520ooooo ~]# mkdir /tmp/test
- 配置文件:
[root@zcy520ooooo ~]# vim /etc/exports
/tmp/test 192.168.80.178(rw,sync,no_root_squash)
#/tmp/test 共享目录, 192.168.80.178:共享的客户端
#(rw,sync,no_root_squash)客户端用户的权限
- 启动服务:
[root@zcy520ooooo ~]# systemctl start nfs rpcbind
[root@zcy520ooooo ~]# systemctl status nfs rpcbind
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since 四 2018-11-22 10:04:17 CST; 9s ago
Process: 14084 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 14080 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 14079 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 14084 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
11月 22 10:04:17 zcy520ooooo systemd[1]: Starting NFS server and services...
11月 22 10:04:17 zcy520ooooo systemd[1]: Started NFS server and services.
● rpcbind.service - RPC bind service
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since 四 2018-11-22 10:04:17 CST; 10s ago
Process: 14048 ExecStart=/sbin/rpcbind -w $RPCBIND_ARGS (code=exited, status=0/SUCCESS)
Main PID: 14050 (rpcbind)
CGroup: /system.slice/rpcbind.service
└─14050 /sbin/rpcbind -w
11月 22 10:04:17 zcy520ooooo systemd[1]: Starting RPC bind service...
11月 22 10:04:17 zcy520ooooo systemd[1]: Started RPC bind service.
2. 客户端配置:
- 查看共享目录:
[root@zcy520ooooo ~]# showmount -e 192.168.80.4
Export list for 192.168.80.4:
/tmp/test 192.168.80.178
- 挂载共享目录
[root@zcy520ooooo ~]# mount -t nfs 192.168.80.4:/tmp/test /mnt
[root@zcy520ooooo ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=486756k,nr_inodes=121689,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)
...省略...
192.168.80.4:/tmp/test on /mnt type nfs4 (rw,relatime,vers=4.1,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.80.178,local_lock=none,addr=192.168.80.4)
- 测试NFS:
在客户端挂载目录下创建目录
[root@zcy520ooooo ~]# cd /mnt/
[root@zcy520ooooo mnt]# ls
[root@zcy520ooooo mnt]# touch a.txt
[root@zcy520ooooo mnt]#
----------------------------------分割线------------------------------
在服务器端查看对应目录下是否有文件
[root@zcy520ooooo test]# ls
a.txt #网络共享文件同步过来了
简述samba服务,并实现samba配置
SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是客户机/服务器型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。通过设置“NetBIOS over TCP/IP”使得Samba不但能与局域网络主机分享资源,还能与全世界的电脑分享资源,samba常用的配置及命令如下:
samba的配置:
/etc/samba/smb.conf
两类配置段:
全局配置
[global]
Network-Related Options
workgroup =
server string =
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 192.168.12. 192.168.13.
Loggin Options
log file = /var/log/samba/log.%m
max log size = 50
Standalone Server Options
security = user
设定安全级别:取值有四个;
share:匿名共享;
user:使用samba服务自我管理的帐号和密码进行用户认证;用户必须是系统用户,但密码非为/etc/shadow中的密码,而由samba自行管理的文件,其密码文件格式由passdb backend进行定义;
server:由第三方服务进行统一认证;
domain:使用DC进行认证;基于kerberos协议进行;
passdb backend = tdbsam
Printing Options
load printers = yes
cups options = raw
共享文件系统配置
[SHARED_NAME]
有三类:
[homes]:每个samba用户定义其是否能够通过samba服务访问自己的家目录;
[printers]:定义打印服务;
[shared_fs]:定义共享的文件系统;
常用指令:
comment:注释信息;
path:当前共享所映射的文件系统路径; browseable:是否可浏览,指是否可被用户查看;
guest ok:是否允许来宾帐号访问;
public:是否公开所有用户;
writable:是否可写;
read only:是否为只读;
write list:拥有写权限的用户列表:
用户名
@组名
+组名samba用户管理:
smbpasswd
smbpasswd [option] USERNAME
-a:添加
-x:删除
-d:禁用
-e:启用
pdbedit
-L:列出samba服务中的所有用户;
-a,--create:添加用户为samba用户;
-u,--user=USER:要管理的用户;
-x,--delete:删除用户;
-t,--password-from-stdin:从标准输出接收字符串作为用户密码;
使用空提示符,而后将密码输入两次;
查看服务器端的共享:
# smbclient -L HOST -U USERNAME
获取到共享信息之后,
交互式文件访问:
# smbclint //SERVER/shared_name -U USERNAME
基于挂载的方式访问:
mount -t cifs //SERVER/shared_name /mount_point -o username=USERNAME,password=PASSWORD
注意:挂载操作的用户,与-o选项中指定用户直接产生映射关系;
此时,访问挂载点,是以-o选项中的username指定的用户身份进行;本地用户对指定的路径访问,首先得拥有对应的本地文件系统权限;
smbstatus命令:
显示samba服务的相关共享的访问状态信息;
-b:显示简要格式信息;
-v:显示详细格式信息;
下面演示一下samba的配置
1. 服务端配置:
- 安装服务:
[root@zcy520ooooo test]# yum install -y samba
......省略
已安装:
samba.x86_64 0:4.7.1-9.el7_5
作为依赖被安装:
cups-libs.x86_64 1:1.6.3-35.el7 libldb.x86_64 0:1.2.2-1.el7
libtalloc.x86_64 0:2.1.10-1.el7 libtdb.x86_64 0:1.3.15-1.el7
libtevent.x86_64 0:0.9.33-2.el7 libwbclient.x86_64 0:4.7.1-9.el7_5
pytalloc.x86_64 0:2.1.10-1.el7 samba-client-libs.x86_64 0:4.7.1-9.el7_5
samba-common.noarch 0:4.7.1-9.el7_5 samba-common-libs.x86_64 0:4.7.1-9.el7_5
samba-common-tools.x86_64 0:4.7.1-9.el7_5 samba-libs.x86_64 0:4.7.1-9.el7_5
完毕!
- 配置文件:
[root@zcy520ooooo test]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[homes] #添加一条
comment = samba test dir
path = /tmp/sambatest
writeable = Yes
create mask = 0600
public = Yes
browseable = No
--------------分割线----------------------------------------------------
[root@zcy520ooooo ~]# mkdir /tmp/sambatest
- 添加samba用户:
[root@zcy520ooooo test]# useradd smbtest
[root@zcy520ooooo test]# smbpasswd -a smbtest
New SMB password:
Retype new SMB password:
Added user smbtest.
- 启动服务:
[root@zcy520ooooo ~]# systemctl start smb nmb
[root@zcy520ooooo ~]# systemctl status smb nmb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2018-11-22 11:31:54 CST; 6s ago
Main PID: 16737 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─16737 /usr/sbin/smbd --foreground --no-process-group
├─16742 /usr/sbin/smbd --foreground --no-process-group
├─16743 /usr/sbin/smbd --foreground --no-process-group
└─16744 /usr/sbin/smbd --foreground --no-process-group
11月 22 11:31:54 zcy520ooooo systemd[1]: Starting Samba SMB Daemon...
11月 22 11:31:54 zcy520ooooo smbd[16737]: [2018/11/22 11:31:54.293808, 0] ../lib/util/become_daemon.c...ady)
11月 22 11:31:54 zcy520ooooo smbd[16737]: STATUS=daemon 'smbd' finished starting up and ready to ser...ions
11月 22 11:31:54 zcy520ooooo systemd[1]: Started Samba SMB Daemon.
● nmb.service - Samba NMB Daemon
Loaded: loaded (/usr/lib/systemd/system/nmb.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2018-11-22 11:31:54 CST; 6s ago
Main PID: 16739 (nmbd)
Status: "nmbd: ready to serve connections..."
CGroup: /system.slice/nmb.service
└─16739 /usr/sbin/nmbd --foreground --no-process-group
11月 22 11:31:54 zcy520ooooo systemd[1]: Starting Samba NMB Daemon...
11月 22 11:31:54 zcy520ooooo nmbd[16739]: [2018/11/22 11:31:54.233285, 0] ../lib/util/become_daemon.c...ady)
11月 22 11:31:54 zcy520ooooo systemd[1]: Started Samba NMB Daemon.
11月 22 11:31:54 zcy520ooooo nmbd[16739]: STATUS=daemon 'nmbd' finished starting up and ready to ser...ions
Hint: Some lines were ellipsized, use -l to show in full.
2. 客户端配置:
- 安装客户端服务:
[root@zcy520ooooo ~]# yum install -y samba-client
...省略...
已安装:
samba-client.x86_64 0:4.7.1-9.el7_5
作为依赖被安装:
cups-libs.x86_64 1:1.6.3-35.el7 libarchive.x86_64 0:3.1.2-10.el7_2
libldb.x86_64 0:1.2.2-1.el7 libsmbclient.x86_64 0:4.7.1-9.el7_5
libtalloc.x86_64 0:2.1.10-1.el7 libtdb.x86_64 0:1.3.15-1.el7
libtevent.x86_64 0:0.9.33-2.el7 libwbclient.x86_64 0:4.7.1-9.el7_5
samba-client-libs.x86_64 0:4.7.1-9.el7_5 samba-common.noarch 0:4.7.1-9.el7_5
samba-common-libs.x86_64 0:4.7.1-9.el7_5
完毕!
- 连接服务端:
[root@zcy520ooooo ~]# smbclient //192.168.80.4/smbtest -U smbtest
Enter SAMBA\smbtest's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Nov 22 11:37:19 2018
.. D 0 Thu Nov 22 11:37:19 2018
20961280 blocks of size 1024. 19548164 blocks available
- 挂载目录:
[root@zcy520ooooo ~]# mount -t cifs //192.168.80.4/smbtest /tmp/smb -o username=smbtest,password=zcy65047
[root@zcy520ooooo ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=486756k,nr_inodes=121689,mode=755)
...省略...
//192.168.80.4/smbtest on /tmp/smb type cifs (rw,relatime,vers=1.0,cache=strict,username=smbtest,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.80.4,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)