文件共享之ftp、nfs、samba和inotify_rsync實時備份
1.實現基於mysql驗證的vsftpd虛擬用戶訪問html
本場景使用兩臺服務器實現,一臺ftp服務器,一臺數據庫服務器mysql
1.1 安裝數據庫web
[root@c5 ~]#yum -y install mariadb-server [root@c5 ~]#systemctl start mariadb.service [root@c5 ~]#systemctl enable mariadb
1.2 在FTP服務器上安裝vsftpd,mariadb-devel,pam-devel和pam_mysql包(pam_mysql須要編譯安裝)sql
[root@c5 ~]# yum install vsftpd mariadb-devel pam-devel -y
[root@c5 ~]# yum -y groupinstall "Development Tools" [root@c5 src]# tar xvf pam_mysql-0.7RC1.tar.gz [root@c5 pam_mysql-0.7RC1]# cd pam_mysql-0.7RC1/ [root@c5 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security --with-mysql=/usr --with-pam=/usr [root@c5 pam_mysql-0.7RC1]# make -j 4 && make install
1.3 在數據庫服務器上建立虛擬用戶帳號數據庫
1.3.1 創建存儲虛擬用戶數據庫和鏈接的數據庫用戶vim
MariaDB [(none)]> CREATE DATABASE vsftpd; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> SHOW DATABASES; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | | vsftpd | +--------------------+ 7 rows in set (0.00 sec) MariaDB [(none)]> GRANT SELECT ON vsftpd.* TO vsftpd@'%' IDENTIFIED BY 'centos'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
1.3.2 準備存儲用戶的表centos
MariaDB [(none)]> USE vsftpd;
Database changed
MariaDB [vsftpd]> SHOW TABLES;
Empty set (0.01 sec)
MariaDB [vsftpd]> CREATE TABLE users (
-> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
-> name CHAR(50) BINARY NOT NULL,
-> password CHAR(48) BINARY NOT NULL
-> );
Query OK, 0 rows affected (0.06 sec)
MariaDB [vsftpd]> DESC users;
+----------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(50) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
1.3.3 測試鏈接bash
[root@c5 ~]# yum install mariadb -y [root@c5 ~]# mysql -uvsftpd -pcentos -h 10.0.1.244 -e "show databases;" +--------------------+ | Database | +--------------------+ | information_schema | | test | | vsftpd | +--------------------+
1.3.4 添加虛擬用戶服務器
MariaDB [(none)]> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [vsftpd]> INSERT INTO users(name,password) values('test1',password('centos'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('test2',password('centos'));
Query OK, 1 row affected (0.01 sec)
MariaDB [vsftpd]> SELECT * FROM users;
+----+-------+-------------------------------------------+
| id | name | password |
+----+-------+-------------------------------------------+
| 1 | test1 | *128977E278358FF80A246B5046F51043A2B1FCED |
| 2 | test2 | *128977E278358FF80A246B5046F51043A2B1FCED |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)
1.4 在FTP服務器上配置vsftpd服務app
1.4.1 在FTP服務器上創建pam認證所需文件
[root@c5 ~]# cat /etc/pam.d/vsftpd.mysql ###添加以下兩行 auth required pam_mysql.so user=vsftpd passwd=centos host=10.0.1.244 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required pam_mysql.so user=vsftpd passwd=centos host=10.0.1.244 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
• auth 表示認證
• account 驗證帳號密碼正常使用
• required 表示認證要經過
• pam_mysql.so模塊是默認的相對路徑,是相對/lib64/security/路徑而言,也能夠寫絕
對路徑;後面爲給此模塊傳遞的參數
• user=vsftpd爲登陸mysql的用戶
• passwd=magedu 登陸mysql的的密碼
• host=mysqlserver mysql服務器的主機名或ip地址
• db=vsftpd 指定鏈接msyql的數據庫名稱
• table=users 指定鏈接數據庫中的表名
• usercolumn=name 當作用戶名的字段
• passwdcolumn=password 當作用戶名字段的密碼
• crypt=2 密碼的加密方式爲mysql password()函數加密
1.4.2 創建虛擬用戶映射的系統用戶及對應的目錄
[root@c5 ~]# useradd -s /sbin/nologin -d /var/ftproot vuser
[root@c5 ~]# chmod 555 /var/ftproot
[root@c5 ~]# mkdir /var/ftproot/{upload,pub}
[root@c5 ~]# setfacl -m u:vuser:rwx /var/ftproot/upload
1.4.3 修改vsftpd的配置文件
[root@c5 ~]# cat /etc/vsftpd/vsftpd.conf pam_service_name=vsftpd.mysql ###需修改 guest_enable=YES ###新添加一下兩項 guest_username=vuser
1.5 測試
1.5.1 啓動vsftpd服務
[root@c5 ~]# systemctl start vsftpd
1.5.2 利用FTP客戶端工具,以虛擬用戶登陸驗證結果
[root@c1 ~]# yum install ftp -y [root@c1 ~]# ftp c5 Connected to c5 (10.0.1.246). 220 (vsFTPd 3.0.2) Name (c5:root): test1 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.
2.經過NFS實現服務器/www共享訪問
2.1 nfs屬於內核模塊,因此直接啓動nfs服務
[root@c1 ~]# systemctl start nfs-server [root@c1 ~]# yum install nfs-utils -y ###沒有nfs時用此命令安裝
2.2 建立共享目錄
[root@c1 ~]# mkdir /www [root@c1 ~]# chown nfsnobody /www
2.3 添加配置
[root@c1 ~]# cat /etc/exports /www *(rw)
2.4 測試
2.4.1 查看本機全部共享
[root@c1 ~]# exportfs -v /www <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
2.4.2 遠程掛載
[root@centos7 ~]# mount 10.0.1.242:/www /mnt/nfsshare/ [root@centos7 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 60G 21G 40G 35% / devtmpfs 983M 0 983M 0% /dev tmpfs 1000M 0 1000M 0% /dev/shm tmpfs 1000M 98M 902M 10% /run tmpfs 1000M 0 1000M 0% /sys/fs/cgroup /dev/sda1 1014M 166M 849M 17% /boot tmpfs 200M 44K 200M 1% /run/user/0 /dev/sr0 3.8G 3.8G 0 100% /run/media/root/CentOS_6.10_Final /dev/sr1 11G 11G 0 100% /run/media/root/CentOS 7 x86_64 10.0.1.242:/www 42G 1.3G 41G 4% /mnt/nfsshare [root@centos7 ~]# touch /mnt/nfsshare/test.txt [root@centos7 ~]# cd /mnt/nfsshare/ [root@centos7 nfsshare]# ls test.txt [root@centos7 nfsshare]# cat test.txt [root@centos7 nfsshare]# echo 123 > test.txt [root@centos7 nfsshare]# cat test.txt 123
[root@c1 ~]# ll /www/ total 0 -rw-r--r-- 1 nfsnobody nfsnobody 0 May 19 10:06 test.txt [root@c1 ~]# cat /www/test.txt 123
2.5 配置開機自動掛在
[root@centos7 nfsshare]# cat /etc/fstab # # /etc/fstab # Created by anaconda on Sat Jan 4 01:52:46 2020 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # /dev/mapper/centos-root / xfs defaults 0 0 UUID=24b6bae0-d077-4259-8529-f778c9c120ce /boot xfs defaults 0 0 /dev/mapper/centos-swap swap swap defaults 0 0 10.0.1.242:/www /mnt/nfsshare/ nfs defaults 0 0
3.配置Samba共享,實現/www目錄共享
3.1 在samba服務器上安裝samba包
[root@c4 ~]# yum -y install samba
3.2 建立samba用戶和組
[root@c4 ~]# groupadd -r admins [root@c4 ~]# useradd -s /sbin/nologin -G admins rick [root@c4 ~]# smbpasswd -a rick New SMB password: Retype new SMB password: Added user rick. [root@c4 ~]# useradd -s /sbin/nologin mage [root@c4 ~]# smbpasswd -a mage New SMB password: Retype new SMB password: Added user mage. [root@c4 ~]#
3.3 建立samba共享目錄
[root@c4 ~]# mkdir -p /testdir/smbshare [root@c4 ~]# chgrp admins /testdir/smbshare [root@c4 ~]# chmod 2775 /testdir/smbshare
3.4 samba服務器配置
vim /etc/samba/smb.conf ###增長以下兩行 [share] path = /testdir/smbshare write list = @admins [root@c4 ~]# systemctl start smb nmb
3.5 samba客戶端訪問
3.5.1 安裝客戶端
[root@c5 ~]# yum -y install cifs-utils
3.5.2 用rick用戶掛載smb共享並訪問
[root@c5 ~]# mkdir /mnt/rick [root@c5 ~]# mount -o username=rick //10.0.1.245/share /mnt/rick/ Password for rick@//10.0.1.245/share: ****** [root@c5 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 42G 1.7G 40G 5% / devtmpfs 909M 0 909M 0% /dev tmpfs 920M 0 920M 0% /dev/shm tmpfs 920M 17M 903M 2% /run tmpfs 920M 0 920M 0% /sys/fs/cgroup /dev/sda1 497M 130M 367M 27% /boot tmpfs 184M 0 184M 0% /run/user/0 //10.0.1.245/share 42G 1.3G 41G 3% /mnt/rick [root@c5 ~]# echo "Hello rick." > /mnt/rick/rick.txt
[root@c4 ~]# ls /testdir/smbshare/ -l total 4 -rwxr--r-- 1 rick admins 12 May 19 15:41 rick.txt [root@c4 ~]# ll /testdir/smbshare/ total 4 -rwxr--r-- 1 rick admins 12 May 19 15:41 rick.txt [root@c4 ~]# cat /testdir/smbshare/rick.txt Hello rick.
3.5.3 用mage用戶掛載smb共享並訪問
[root@c5 ~]# mkdir /mnt/mage [root@c5 ~]# mount -o username=mage //10.0.1.245/share /mnt/mage/ Password for mage@//10.0.1.245/share: ****** [root@c5 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 42G 1.7G 40G 5% / devtmpfs 909M 0 909M 0% /dev tmpfs 920M 0 920M 0% /dev/shm tmpfs 920M 17M 903M 2% /run tmpfs 920M 0 920M 0% /sys/fs/cgroup /dev/sda1 497M 130M 367M 27% /boot tmpfs 184M 0 184M 0% /run/user/0 //10.0.1.245/share 42G 1.3G 41G 3% /mnt/rick //10.0.1.245/share 42G 1.3G 41G 3% /mnt/mage
[root@c5 ~]# mount -o username=mage //10.0.1.245/share /mnt/mage/ Password for mage@//10.0.1.245/share: ****** [root@c5 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 42G 1.7G 40G 5% / devtmpfs 909M 0 909M 0% /dev tmpfs 920M 0 920M 0% /dev/shm tmpfs 920M 17M 903M 2% /run tmpfs 920M 0 920M 0% /sys/fs/cgroup /dev/sda1 497M 130M 367M 27% /boot tmpfs 184M 0 184M 0% /run/user/0 //10.0.1.245/share 42G 1.3G 41G 3% /mnt/rick //10.0.1.245/share 42G 1.3G 41G 3% /mnt/mage [root@c5 ~]# touch /mnt/mage/magefile.txt touch: cannot touch ‘/mnt/mage/magefile.txt’: Permission denied ###注:由於mage用戶不屬於admin組,因此沒有寫權限
4.使用rsync+inotify實現/www目錄實時同步
4.1 實現實時同步
1.要利用監控服務(inotify),監控同步數據服務器目錄中信息的變化 2.發現目錄中數據產生變化,就利用rsync服務推送到備份服務器上 3.利用腳本進行結合
4.2 查看服務器內核是否支持inotify
[root@c5 ~]# ll /proc/sys/fs/inotify #列出下面的文件,說明服務器內核支持inotify total 0 -rw-r--r-- 1 root root 0 May 19 15:57 max_queued_events -rw-r--r-- 1 root root 0 May 19 15:57 max_user_instances -rw-r--r-- 1 root root 0 May 19 15:57 max_user_watches
4.3 安裝inotify
4.3.1 安裝epel源
[root@c5 ~]# yum install epel-release.noarch -y
4.3.2 安裝inotify軟件
[root@c5 ~]# yum install inotify-tools -y
4.3.3 配置 rsync 服務器端的配置文件
[root@c4 ~]# cat /etc/rsyncd.conf # /etc/rsyncd: configuration file for rsync daemon mode # See rsyncd.conf man page for more options. # configuration example: uid = root gid = root use chroot = no max connections = 0 ignore errors exclude = lost+found/ log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock reverse lookup = no hosts allow = 10.0.1.0/24 [backup] path = /backup comment = backup read only = no auth users = rsyncuser secrets file = /etc/rsync.pass
4.3.4 服務器端生成驗證文件,準備目錄並啓動rsync服務
[root@c4 ~]# echo "centos" > /etc/rsync.pass [root@c4 ~]# chmod 600 /etc/rsync.pass [root@c4 ~]# mkdir /backup [root@c4 ~]# systemctl start rsyncd
4.3.5 客戶端配置密碼文件和建立要同步的目錄
[root@c5 ~]# echo "rsyncuser:centos" > /etc/rsync.pass [root@c5 ~]# chmod 600 /etc/rsync.pass [root@c5 ~]# mkdir /data [root@c5 ~]# touch /data/123.txt
4.4 客戶端測試同步數據
[root@c5 ~]# rsync -avz --password-file=/etc/rsync.pass /data/ rsyncuser@10.0.1.245::backup sending incremental file list ./ 123.txt sent 105 bytes received 38 bytes 286.00 bytes/sec total size is 0 speedup is 0.00
[root@c4 ~]# ls /backup/ 123.txt
4.5 客戶端建立inotify_rsync.sh腳本實現實時同步
4.5.1 建立腳本
[root@c5 ~]# cat inotify_rsync.sh
#!/bin/bash
SRC='/data/'
DEST='rsyncuser@10.0.1.245::backup'
inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
4.5.2 後臺運行腳本進行測試
[root@c5 ~]# nohup sh inotify_rsync.sh & [1] 24745 [root@c5 ~]# nohup: ignoring input and appending output to ‘nohup.out’ [root@c5 ~]# touch /data/test1.txt [root@c5 ~]# echo hello > /data/test1.txt [root@c5 ~]# tailf /var/log/changelist.log At 22:32 on 2020-05-19, file /data/123.txt was backuped up via rsync At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync
###服務器端 [root@c4 backup]# pwd /backup [root@c4 backup]# ll total 4 -rw-r--r-- 1 root root 6 May 19 22:40 test1.txt [root@c4 backup]# cat test1.txt hello
5.使用iptables實現:放行Telnet,ftp,web服務器,方行samba服務,其餘端口服務所有拒絕
[root@centos6 ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 80 -j ACCEPT
[root@centos6 ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 21 -j ACCEPT
[root@centos6 ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 23 -j ACCEPT
[root@centos6 ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 139 -j ACCEPT
[root@centos6 ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 445 -j ACCEPT
[root@centos6 ~]# iptables -A INPUT -j DROP
[root@centos6 ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
39 4962 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:22
6 394 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:23
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.110 tcp dpt:445
81 8786 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 49 packets, 5983 bytes)
pkts bytes target prot opt in out source destination
###測試 [root@centos6 ~]# yum install httpd -y [root@centos6 ~]# ls /var/www/html/ [root@centos6 ~]# echo this is for iptables > /var/www/html/index.html [root@centos6 ~]# cat /var/www/html/index.html this is for iptables [root@centos6 ~]# service httpd start [root@c5 ~]# curl 10.1.1.110 this is for iptables
相關文章
- 1. 文件共享服務 FTP,NFS 和 Samba
- 2. Samba和NFS文件共享
- 3. 文件共享:samba,iscsi,NFS
- 4. nfs samba 文件共享
- 5. Linux文件共享服務 FTP,NFS 和 Samba
- 6. 文件共享&文件傳輸samba ftp nfs
- 7. Linux文件共享服務【FTP】【NFS】【SAMBA】(圖文)
- 8. 文件共享服務,FTP,NFS,SAMBA配置
- 9. Linux曲徑通幽:文件共享(FTP、Samba、NFS、SCP、RSYNC)
- 10. 三種常見的文件共享服務--ftp,nfs,samba
- 更多相關文章...
- • MySQL數據庫備份(INTO OUTFILE) - MySQL教程
- • Redis的兩種備份(持久化)方式:RDB和AOF - Redis教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
- • SpringBoot中properties文件不能自動提示解決方法
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
