搭建php-fpm工作方式的LAMP环境,实现wordpress正常访问
centos6对于hph-fpm需要自行编译安装,centos7则源生支持,以下使用一台虚拟机来搭建LAMP环境,并实现wordpress功能.步骤如下:
1. 安装mariadb服务并配置文件:
- 安装服务:
[root@localhost ~]# yum -y install mariadb-server.x86_64
....
Dependency Installed:
mariadb.x86_64 1:5.5.56-2.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7
Complete!
- 配置文件:/etc/my.cnf.d/server.cnf
[root@localhost ~]# vim /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers
[server]
# this is only for the mysqld standalone daemon
[mysqld]
# this is only for embedded server
[embedded]
skip_name_resove=ON #加入这个,取消名字解析
innodb_file_per_table=ON #innodb使用单独的表
# This group is only read by MariaDB-5.5 servers.
# If you use the same .cnf file for MariaDB of different versions,
# use this group for options that older servers don't understand
[mysqld-5.5]
"/etc/my.cnf.d/server.cnf" 29L, 788C
- 检验服务:
[root@localhost ~]# systemctl start mariadb.service
[root@localhost ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 50 *:3306 *:* #3306使命服务启动了
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
[root@localhost ~]# vim /etc/my.cnf.d/server.cnf
- 服务初始化启动选项:
[root@localhost ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y #是否设置root用户
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #是否移除虚拟用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n #是否运行root远程登录
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n #是否删除test表
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #是否重新加载基本表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB! #出现提示说明配置完成.
2. 安装php-fpm:
- 安装服务:
[root@localhost ~]# yum -y install php-mysql php-fpm.x86_64 php-mbstring.x86_64
......
Installed:
php-fpm.x86_64 0:5.4.16-43.el7_4.1 php-mbstring.x86_64 0:5.4.16-43.el7_4.1
php-mysql.x86_64 0:5.4.16-43.el7_4.1
Dependency Installed:
libzip.x86_64 0:0.10.1-8.el7 php-common.x86_64 0:5.4.16-43.el7_4.1
php-pdo.x86_64 0:5.4.16-43.el7_4.1
Complete!
#php-mysql 连接mysql服务的接口
#php-mbstring.x86_64 支持多字节的模块
- 配置文件:
主配置文件:/etc/php-fpm.conf和/etc/php-fpm.d/.conf
环境配置文件:/etc/php.ini, /etc/php.d/.ini
[root@localhost php-fpm.d]# vim www.conf
; Start a new pool named 'www'.
[www]
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: -1
;listen.backlog = -1 #等待请求的队列,-1表示无限制
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any # ';'号表示注释
listen.allowed_clients = 127.0.0.1 #运行访问的客户端地址
...省略...
ping.path = /ping #把这个启动起来
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
ping.response = pong #同上
...省略...
; Set session path to a directory owned by process user
php_value[session.save_handler] = files #设置会话文件及下面的路径
php_value[session.save_path] = /var/lib/php/session #默认不存在,创建之,用户组改成使用该模块的系统用户apache
------------分割线------------
[root@localhost php-fpm.d]# mkdir /var/lib/php/session -pv
mkdir: created directory ‘/var/lib/php/session’
[root@localhost php-fpm.d]# chown apache:apache /var/lib/php/session/
[root@localhost php-fpm.d]#
- 启动服务:
[root@localhost php-fpm.d]# systemctl start php-fpm.service
[root@localhost php-fpm.d]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 5 192.168.122.1:53 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:9000 *:* #说明服务已经启动并监听
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
3. 安装httpd:
- 安装服务:
[root@localhost php-fpm.d]# yum -y install httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: centos.ustc.edu.cn
Package httpd-2.4.6-67.el7.centos.6.x86_64 already installed and latest version
Nothing to do
- 查看fgci模块:
[root@localhost php-fpm.d]# httpd -M
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
allowmethods_module (shared)
auth_basic_module (shared)
auth_digest_module (shared)
authn_anon_module (shared)
authn_core_module (shared)
authn_dbd_module (shared)
authn_dbm_module (shared)
authn_file_module (shared)
authn_socache_module (shared)
authz_core_module (shared)
authz_dbd_module (shared)
authz_dbm_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_owner_module (shared)
authz_user_module (shared)
autoindex_module (shared)
cache_module (shared)
cache_disk_module (shared)
data_module (shared)
dbd_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
echo_module (shared)
env_module (shared)
expires_module (shared)
ext_filter_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
info_module (shared)
log_config_module (shared)
logio_module (shared)
mime_magic_module (shared)
mime_module (shared)
negotiation_module (shared)
remoteip_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_plain_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_memcache_module (shared)
socache_shmcb_module (shared)
status_module (shared)
substitute_module (shared)
suexec_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
vhost_alias_module (shared)
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
lua_module (shared)
mpm_prefork_module (shared)
proxy_module (shared)
lbmethod_bybusyness_module (shared)
lbmethod_byrequests_module (shared)
lbmethod_bytraffic_module (shared)
lbmethod_heartbeat_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_connect_module (shared)
proxy_express_module (shared)
proxy_fcgi_module (shared) #没有这个模块无法与客户端通信的
proxy_fdpass_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_scgi_module (shared)
proxy_wstunnel_module (shared)
systemd_module (shared)
cgi_module (shared)
- 配置文件:添加/etc/httpd/conf.d/fcgi.conf
[root@localhost php-fpm.d]# mkdir -pv /date/www/html
mkdir: created directory ‘/date’
mkdir: created directory ‘/date/www’
mkdir: created directory ‘/date/www/html’
----------------分割线----------------
[root@localhost php-fpm.d]# vim /etc/httpd/conf.d/fcgi.conf
DirectoryIndex index.php #默认主页
ServerName www.magedu.net
DocumentRoot /date/www/html #要创建这个目录
ProxyRequests Off #关闭正向代理
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/date/www/html/$1 #与上面的目录路径一致
#如果用户请求的匹配.php结尾的文件就反代到/var/www/html/$1 目录下.$1代表(.*\.php)
Options None
AllowOverride None
Require all granted
~
~
~
~
~
~
~
~
~
~
"/etc/httpd/conf.d/fcgi.conf" 12L, 313C
:wq
----------------分割线----------------
[root@localhost php-fpm.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
Syntax OK
- 创建测试页面:/date/www/html/index.php
[root@localhost php-fpm.d]# vim /date/www/html/index.php
~
~
:wq
php-fpm安装成功,图中显示为FPM格式的php
4. 安装wordpress:
- 下载解压wordpress:
[root@localhost php-fpm.d]# tar xf /root/wordpress-4.9.4-zh_CN.tar.gz
[root@localhost php-fpm.d]# ls /root/
anaconda-ks.cfg epel-7.repo Pictures wordpress-4.9.4-zh_CN.tar.gz
Desktop File Explorer.lnk Public wordpress-4.9.4-zh_CN.zip
Documents initial-setup-ks.cfg Templates
Downloads Music Videos
- 删除主页文件,将wordpress目录下在文件cp到主页目录中
[root@localhost php-fpm.d]# rm -rf /date/www/html/index.php
[root@localhost php-fpm.d]# cp -a wordpress/* /date/www/html/
出现这个页面就成功了一般,按页面提示来操作即可以
- 设置数据库权限并创建数据库:
[root@localhost php-fpm.d]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 5.5.56-MariaDB MariaDB Server
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input st
MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'wpuser'@'%' IDENTIFIED BY 'wppass';
Query OK, 0 rows affected (0.42 sec)
MariaDB [(none)]> CREATE DATABASE wordpress; #创建wordpress数据库
Query OK, 1 row affected (0.00 sec)
*复制httpd主页目录下wp-config-sample.php并配置
[root@localhost html]# cp wp-config-sample.php wp-config.php #配置文件名称不要改其他的,会报错
[root@localhost html]# vim wp-config.php
/**#@+
* 身份认证密钥与盐。
*
* 修改为任意独一无二的字串!
* 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/
* WordPress.org密钥生成服务}
* 任何修改都会导致所有cookies失效,所有用户将必须重新登录。
*
* @since 2.6.0
*/
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
/**#@-*/
/**
* WordPress数据表前缀。
*
* 如果您有在同一数据库内安装多个WordPress的需求,请为每个WordPress设置
* 不同的数据表前缀。前缀名只能为数字、字母加下划线。
*/
$table_prefix = 'wp_';
* * ABSPATH
*
* @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php
*
* @package WordPress
*/
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress'); #改为数据库的名称
/** MySQL数据库用户名 */
define('DB_USER', 'wpuser'); #改为数据库用户名
/** MySQL数据库密码 */
define('DB_PASSWORD', 'wppass'); #数据库的密码
/** MySQL主机 */
define('DB_HOST', 'localhost'); #允许访问的主机地址
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
/**#@+
* 身份认证密钥与盐。
*
...省略...
:wq
*刷新页面登录wordpress:
点击现在就开始
点击安装wordpress
点击登陆
填写登陆信息并登录
最终登陆界面,大功告成.
什么是DML?常用SQL举例,每个命令至少1个例子,最多不超过3个例子
DML:数据操纵语言(Data Manipulation Language, DML)是SQL语言中,负责对数据库对象运行数据访问工作的指令集,以INSERT、UPDATE、DELETE、SELECT,分别代表插入、更新、删除与查询,是开发以数据为中心的应用程序必定会使用到的指令
获取命令帮助:
mysql> help KEYWORD
MariaDB [(none)]> help SHOW
Name: 'SHOW'
Description:
SHOW has many forms that provide information about databases, tables,
columns, or status information about the server. This section describes
those following:
SHOW AUTHORS
SHOW {BINARY | MASTER} LOGS
SHOW BINLOG EVENTS [IN 'log_name'] [FROM pos] [LIMIT [offset,] row_count]
SHOW CHARACTER SET [like_or_where]
SHOW COLLATION [like_or_where]
SHOW [FULL] COLUMNS FROM tbl_name [FROM db_name] [like_or_where]
SHOW CONTRIBUTORS
SHOW CREATE DATABASE db_name
SHOW CREATE EVENT event_name
SHOW CREATE FUNCTION func_name
...省略...
-
INSERT :插入
INSERT [INTO] tbl_name [(col1,...)] {VALUES|VALUE} (val1, ...),(...),... 一个()表示一行,tbl_name如果不给出则没一个表都插入 注意: 字符型:引号 数值型:不能用引号
MariaDB [test]> INSERT INTO mage(id,name) VALUES(2,'hoho');
Query OK, 1 row affected (0.32 sec)
MariaDB [test]> INSERT INTO mage(id,name) VALUES(3,'maha');
Query OK, 1 row affected (0.01 sec)
-
SELECT:查询
(1) SELECT * FROM tbl_name; #从tbl_name中查询所有 (2) SELECT col1, col2, ... FROM tbl_name; 显示时,字段可以显示为别名:col_name AS col_alias (3) SELECT col1, ... FROM tbl_name WHERE clause; WHERE clause:用于指明挑选条件; col_name 操作符 value: age > 30; 操作符(1) : >, <, >=, <=, ==, != 组合条件: and or not 操作符(2) : BETWEEN ... AND ... LIKE 'PATTERN' 通配符: %:任意长度的任意字符 _:任意单个字符; RLIKE 'PATTERN' 正则表达式对字符串做模式匹配 IS NULL IS NOT NULL (4) SELECT col1, ... FROM tbl_name [WHERE clause] ORDER BY col_name, col_name2, ... [ASC|DESC]; ASC: 升序; DESC: 降序;
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 1 | haha |
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
4 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> SELECT id FROM mage WHERE id < 2;
+------+
| id |
+------+
| 1 |
+------+
1 row in set (0.00 sec)
-
DELETE:删除
DELETE FROM tbl_name [WHERE where_condition] [ORDER BY ...] [LIMIT row_count] (1) DELETE FROM tbl_name WHERE where_condition (2) DELETE FROM tbl_name [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> DELETE FROM mage WHERE id = 1;
Query OK, 1 row affected (0.34 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 3 | maha |
| 4 | maha |
+------+------+
3 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> DELETE FROM mage WHERE name = 'maha';
Query OK, 2 rows affected (0.33 sec)
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
+------+------+
1 row in set (0.00 sec)
-
UPDATE:更新
UPDATE [LOW_PRIORITY] [IGNORE] table_reference SET col_name1=value1 [, col_name2=value2] ... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count]
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 2 | hoho |
| 2 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET id=4 WHERE name = 'hoho';
Query OK, 2 rows affected (0.29 sec)
Rows matched: 2 Changed: 2 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 4 | hoho |
| 4 | hoho |
| 3 | maha |
| 1 | haha |
+------+------+
4 rows in set (0.00 sec)
--------------分割线--------------
MariaDB [test]> SELECT * FROM mage;
+------+------+
| id | name |
+------+------+
| 3 | maha |
| 1 | haha |
+------+------+
2 rows in set (0.00 sec)
MariaDB [test]> UPDATE mage SET name='lalala' WHERE id < 2;
Query OK, 1 row affected (0.29 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [test]> SELECT * FROM mage;
+------+--------+
| id | name |
+------+--------+
| 3 | maha |
| 1 | lalala |
+------+--------+
2 rows in set (0.01 sec)
简述ftp的主动和被动模式,并实现基于pam认证的vsftpd
- 主动模式:
数据传输连接由服务器主动创建,客户端先随机一个端口N,用这个的端口连接服务器的21端口来完成命令连接的建立,之后服务器以tcp的20端口主动连接客户端的N+1端口来进行数据传输连接.
- 被动模式:
数据传输连接由客户端的某个随机端口去连接服务器的某个端口,命令连接的方式与主动连接方式一致,完成连接之后服务器会告诉客户端连接的端口M,于是客户端的N+1端口连接服务器的M端口来进行数据传输的连接.
-
ftp的一些常用配置信息:
配置文件路径在:/etc/vsftpd/vsftpd.conf匿名用户: anonymous_enable=YES #是否开启匿名用户 anon_upload_enable=YES #是否具有上传权限 anon_mkdir_write_enable=YES #是否可以创建目录 anon_other_write_enable=YES #除了写权限是否可以删除修改服务器上的其他文件 anon_umask=077 #文件的掩码权限 系统用户: local_enable=YES #是否启用本地用户 write_enable=YES #是否具有可写权限 local_umask=022 #文件的掩码权限 userlist_enable=YES #启用/etc/vsftpd/user_list文件来控制可登录用户 userlist_deny= YES:意味着此为黑名单 NO:白名单(名单中的用户才能登陆) chroot_local_user=YES 禁锢所有本地用户 于其家目录之中;(需要事先去除用户对家目录的写权限) chroot_list_enable=YES #启用家目录禁锢列表功能 chroot_list_file=/etc/vsftpd/chroot_list 禁锢列表中文件存在的用户于其家目录中;(需要事先去除用户对家目录的写权限)
pam:
可插入式认证模块,高度模块化,可以查询系统的认证模块.
[root@localhost ~]# rpm -ql pam | grep so
/etc/security/console.apps
/etc/security/console.handlers
/etc/security/console.perms
/etc/security/console.perms.d
/usr/lib64/libpam.so.0
/usr/lib64/libpam.so.0.83.1
/usr/lib64/libpam_misc.so.0
/usr/lib64/libpam_misc.so.0.82.0
/usr/lib64/libpamc.so.0
/usr/lib64/libpamc.so.0.82.1
/usr/lib64/security/pam_access.so
/usr/lib64/security/pam_chroot.so
/usr/lib64/security/pam_console.so
/usr/lib64/security/pam_cracklib.so
/usr/lib64/security/pam_debug.so
/usr/lib64/security/pam_deny.so
---------------------分割线---------------------
[root@localhost ~]# ls /etc/pam.d/
atd login smartcard-auth-ac
chfn other smtp
chsh passwd smtp.postfix
config-util password-auth sshd
crond password-auth-ac su
cups pluto sudo
fingerprint-auth polkit-1 sudo-i
fingerprint-auth-ac postlogin su-l
gdm-autologin postlogin-ac system-auth
gdm-fingerprint ppp system-auth-ac
gdm-launch-environment remote systemd-user
gdm-password runuser vlock
gdm-pin runuser-l vmtoolsd
gdm-smartcard setup xserver
liveinst smartcard-auth
虚拟用户模式登录ftp所用到的用户不是系统本地用户,这些虚拟用户只能对ftp服务器中的文件有写权限而不能对系统中的其他资源有访问权限,提高了安全性.这是又就使用pam模块了做认证.
- 创建用户帐号密码文件:
[root@localhost ~]# vim /etc/vsftpd/vuser.list
magedu1
123456
magedu2
654321
~
:wq
- 将用户密码文件加密成数据库文件:
[root@localhost ~]# yum -y install db4-utils #安装转换工具db4
...忽略...
Verifying : libdb4-utils-4.8.30-13.el7.x86_64 1/2
Verifying : libdb4-4.8.30-13.el7.x86_64 2/2
Installed:
libdb4-utils.x86_64 0:4.8.30-13.el7
Dependency Installed:
libdb4.x86_64 0:4.8.30-13.el7
Complete!
----------------分割线----------------
[root@localhost ~]# db_load -T -t hash -f /etc/vsftpd/vuser.list /etc/vsftpd/vuser.db # 转换文件
----------------分割线----------------
[root@localhost ~]# chmod 600 /etc/vsftpd/vuser.* #修改密码文件,保证安全性
[root@localhost ~]# ll /etc/vsftpd/vuser.*
-rw-------. 1 root root 12288 May 3 23:48 /etc/vsftpd/vuser.db
-rw-------. 1 root root 31 May 3 23:41 /etc/vsftpd/vuser.list
- 创建FTP根目录及映射的虚拟用户:
[root@localhost ~]# mkdir /var/ftproot
----------------分割线----------------
[root@localhost ~]# useradd -d /var/ftproot/ -s /sbin/nologin virtual
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
----------------分割线----------------
[root@localhost ~]# chmod 755 /var/ftproot/ #修改根目录权限
- 创建pam认证:
[root@localhost ~]# vim /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
auth required pam_userdb.so db=/etc/vsftpd/vuser #加入最后两行
account required pam_userdb.so db=/etc/vsftpd/vuser #文件后缀不能带
~
:wq
- 配置/etc/vsftpd/vsftpd.conf文件:
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO #这里改成NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
...省略...
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
guest_enable=YES #允许虚拟用户登录
guest_username=virtual #虚拟用户名字
pam_service_name=vsftpd #虚拟用户的pam文件名称
virtual_use_local_privs=YES #开启虚拟用户功能
user_config_dir=/etc/vsftpd/vusers_dir #虚拟用户的配置目录,需要自己创建
:wq
*创建虚拟用户的目录文件并配置:
[root@localhost ~]# mkdir /etc/vsftpd/vusers_dir
[root@localhost ~]# cd /etc/vsftpd/vusers_dir
[root@localhost vusers_dir]# touch magedu1 magedu2
[root@localhost vusers_dir]# vim magedu2
anon_upload_enable=YES
anon_mkdir_enable=YES
:wq
- 重启服务并测试:
[root@localhost vusers_dir]# systemctl restart vsftpd
[root@localhost vusers_dir]# lftp -u virtual 192.168.1.108
Password:
lftp [email protected]:~>
简述NFS服务原理及配置
NFS是网络文件系统,NFS能够通过片网络实现在不同主机之间彼此资源的共享.NFS主要借助RPC(远程过程调用)来实现文件分享,NFS的配置文件及格式用法如下:
- 服务端配置:
/etc/exports或/etc/exports.d/*
/PATH/TO/SOME_DIR clients1(export_options, ...) clients2(export_options, ...)
clients:
single host:ipv4, ipv6, FQDN
network:address/netmask, 支持长短格式的掩码
wildcards:主机名通配,例如:*.magedu.com
netgroups:NIS域内的主机组;@group_name
anonymous:使用*通配所有主机;
常用 Options:
ro:只读方式读取数据
rw:读写
sync:同步
async:异步
secure:客户端端口小于1024,否则就要使用insecure选项
User ID Mapping:
root_squash:压缩root用户,一般指将其映射为nfsnobody
no_root_squash:不压缩root用户,允许root用户访问挂载的NFS卷
all_squash:压缩所有用户
anonuid and anongid:将压缩的用户映射为此处指定的用户
*客户端配置:
NFS 客户端:
mount -t nfs servername:/path/to/share /path/to/mount_point [-rvVwfnsh ] [-o options]
showmount -显示NFS挂载点信息
showmount -e NFS_SERVER_IP: 查看指定的nfs server上导出的所有文件系统
showmount -a:在nfs server上查看nfs服务的所有客户端列表
exportfs:
-r:重新导出
-a:所有文件系统
-v:详细信息
-u:取消导出文件系统
# exportfs -ar
# exportfs -au
因为NFS依赖RPC服务,所以安装NFS时要先安装rpcbind服务.下面演示一下NFS文件分享.
1.在服务端配置:
*安装服务:
[root@localhost ~]# yum -y install nfs-utils.x86_64
Loaded plugins: fastestmirror, langpacks
base | 3.6 kB 00:00:00
epel | 4.7 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
...省略...
Updated:
nfs-utils.x86_64 1:1.3.0-0.48.el7_4.2
Complete!
[root@localhost ~]# yum -y install rpcbind
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package rpcbind-0.2.0-42.el7.x86_64 already installed and latest version
Nothing to do
- 创建分享目录:
[root@localhost ~]# mkdir /tmp/test
*配置文件:
[root@localhost ~]# vim /etc/exports
/tmp/test 192.168.1.105(rw,sync,no_root_squash)
~
~
#/tmp/test 分享目录, 192.168.1.105 :分享的客户端
# (rw,sync,no_root_squash) 客户端用户的权限
~
~
:wq
- 启动服务:
[root@localhost ~]# systemctl start nfs rpcbind
[root@localhost ~]# systemctl status nfs rpcbind
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: active (exited) since Fri 2018-05-04 18:31:41 CST; 1min 56s ago
Process: 45371 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Process: 45364 ExecStartPre=/bin/sh -c /bin/kill -HUP `cat /run/gssproxy.pid` (code=exited, status=0/SUCCESS)
Process: 45362 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=1/FAILURE)
Main PID: 45371 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/nfs-server.service
May 04 18:31:41 localhost.localdomain systemd[1]: Starting NFS server and services...
May 04 18:31:41 localhost.localdomain exportfs[45362]: exportfs: Failed to stat /etc/test...y
May 04 18:31:41 localhost.localdomain systemd[1]: Started NFS server and services.
● rpcbind.service - RPC bind service
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; indirect; vendor preset: enabled)
Active: active (running) since Fri 2018-05-04 18:31:41 CST; 1min 56s ago
Process: 45357 ExecStart=/sbin/rpcbind -w $RPCBIND_ARGS (code=exited, status=0/SUCCESS)
Main PID: 45359 (rpcbind)
2. 客户端配置:
- 查看分享目录:
[root@localhost ~]# showmount -e 192.168.1.108
Export list for 192.168.1.108:
/tmp/test 192.168.1.105
- 挂载分享目录:
[root@localhost ~]# mount -t nfs 192.168.1.108:/tmp/test /tmp/test
[root@localhost ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=917556k,nr_inodes=229389,mode=755)
...省略...
/dev/sda1 on /boot type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/centos-home on /home type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/42 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=186708k,mode=700,uid=42,gid=42)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=186708k,mode=700)
gvfsd-fuse on /run/user/0/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
192.168.1.108:/tmp/test on /tmp/test type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.105,local_lock=none,addr=192.168.1.108)
*测试NFS:
在客户端挂载目录下创建目录
[root@localhost test]# vim nfs.txt
this is a client nfs file
~
~
:wq
-------------分割线-------------
在服务器端查看对应目录下是否有文件
[root@localhost test]# ls
nfs.txt
[root@localhost test]# cat nfs.txt #网络分享文件同步过来了
this is a client nfs file
简述samba服务,并实现samba配置
SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是客户机/服务器型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。通过设置“NetBIOS over TCP/IP”使得Samba不但能与局域网络主机分享资源,还能与全世界的电脑分享资源,samba常用的配置以及命令 如下:
samba的配置:
/etc/samba/smb.conf
两类配置段:
全局配置
[global]
Network-Related Options
workgroup =
server string =
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
hosts allow = 127. 192.168.12. 192.168.13.
Logging Options
log file = /var/log/samba/log.%m
max log size = 50
Standalone Server Options
security = user #设定安全级别:取值有四个
share:匿名共享
user:使用samba服务自我管理的账号和密码进行用户认证;用户必须是系统用户,但密码非为/etc/shadow中的密码,而由samba自行管理的文件,其密码文件的格式由passdb backend进行定义
server:由第三方服务进行统一认证
domain:使用DC进行认证;基于kerberos协议进行;
passdb backend = tdbsam
Printing Options
load printers = yes
cups options = raw
[SHARED_NAME] 共享文件系统配置
有三类:
[homes]:为每个samba用户定义其是否能够通过samba服务访问自己的家目录
[printers]:定义打印服务
[shared_fs]:定义共享的文件系统;
常用指令:
comment:注释信息
path:当前共享所映射的文件系统路径
browseable:是否可浏览,指是否可被用户查看
guest ok:是否允许来宾账号访问
public:是否公开所有用户
writable:是否可写
read only:是否为只读
write list:拥有写权限的用户列表
用户名
@组名
+组名
samba用户管理:
smbpasswd
smbpasswd [options] USERNAME
-a:添加
-x:删除
-d:禁用
-e:启用
pdbedit
-L:列出samba服务中的所有用户
-a, --create:添加用户为samba用户
-u, --user=USER:要管理的用户;
-x, --delete:删除用户
-t, --password-from-stdin:从标准输出接收字符串作为用户密码
使用空提示符,而后将密码输入两次
查看服务器端的共享:
smbclient -L SMB_SERVER [-U USERNAME]
交互式文件访问:
smbclient //SMB_SERVER/SHARE_NAME [-U USERNAME]
挂载访问:
mount -t cifs //SMB_SERVER/SAHRE_NAME -o username=USERNAME,password=PASSWORD
注意:挂载操作的用户,与-o选项中指定用户直接产生映射关系;
此时,访问挂载点,是以-o选项中的username指定的用户身份进行;本地用户对指定的路径访问,首先得拥有对应的本地文件系统权限;
smbstatus命令:显示samba服务的相关共享的访问状态信息
-b:显示简要格式信息
-v:显示详细格式信息
下面演示一下samba的配置;
1.服务端配置:
- 安装服务:
[root@localhost test]# yum -y install samba
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Resolving Dependencies
...省略...
Dependency Updated:
libsmbclient.x86_64 0:4.6.2-12.el7_4 libwbclient.x86_64 0:4.6.2-12.el7_4
samba-client-libs.x86_64 0:4.6.2-12.el7_4 samba-common.noarch 0:4.6.2-12.el7_4
Complete!
- 配置文件:
[root@localhost test]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
...省略...
[homes]
comment = samba test dir
path = /tmp/sambatest
writeable = Yes
create mask = 0600
public = Yes
browseable = No
:wq
- 添加samba用户:
[root@localhost test]# useradd smbtest
[root@localhost test]# smbpasswd -a smbtest
New SMB password:
Retype new SMB password:
Added user smbtest.
- 启动服务:
[root@localhost test]# systemctl start smb nmb
[root@localhost test]# systemctl status smb nmb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-04 20:26:10 CST; 7s ago
Main PID: 47137 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─47137 /usr/sbin/smbd
├─47138 /usr/sbin/smbd
├─47139 /usr/sbin/smbd
└─47140 /usr/sbin/smbd
May 04 20:26:09 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
May 04 20:26:10 localhost.localdomain smbd[47137]: [2018/05/04 20:26:10.114204, 0] ../l...y)
May 04 20:26:10 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
May 04 20:26:10 localhost.localdomain smbd[47137]: STATUS=daemon 'smbd' finished start...ns
● nmb.service - Samba NMB Daemon
Loaded: loaded (/usr/lib/systemd/system/nmb.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2018-05-04 20:26:09 CST; 8s ago
Main PID: 47135 (nmbd)
Status: "nmbd: ready to serve connections..."
CGroup: /system.slice/nmb.service
└─47135 /usr/sbin/nmbd
2.客户端配置:
- 安装客户端服务:
[root@localhost test]# yum -y install samba-client
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
Repository epel-debuginfo is listed more than once in the configuration
Repository epel-source is listed more than once in the configuration
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirrors.aliyun.com
...省略...
Installed:
samba-client.x86_64 0:4.6.2-12.el7_4
Complete!
*连接服务端:
[root@localhost test]# smbclient //192.168.1.108/smbtest -U smbtest
Enter SAMBA\smbtest's password:
Domain=[LOCALHOST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Fri May 4 20:13:24 2018
.. D 0 Fri May 4 20:41:59 2018
18971044 blocks of size 1024. 13750820 blocks available
*挂载目录:
[root@localhost test]# mount -t cifs //192.168.1.108/smbtest /tmp/smb -o username=smbtest,password=123456
[root@localhost test]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
...省略...
192.168.1.108:/tmp/test on /tmp/test type nfs4 (rw,relatime,vers=4.1,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.105,local_lock=none,addr=192.168.1.108)
//192.168.1.108/smbtest on /tmp/smb type cifs (rw,relatime,vers=1.0,cache=strict,username=smbtest,domain=LOCALHOST,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.108,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)