linux 文件服务器搭建 ftp sftp smb httpd
服务器配置规划:
sftp 默认安装linux 后开启,windows用户需要安装工具连接。
ftp 安装vsftpd服务,配置虚拟用户,制定上传下载目录
samba:服务安装samba服务器,配置共享目录,设定特定访问权限,和所有人访问权限。访问方式windows 下 \\ip 访问。
httpd :配置文件http方式下载,仅用于浏览器实现文件下载。
系统配置
虚拟机 Oracle VM VirtualBox 6.1
linux centos7.6 最小化安装
配置本地光盘源 文件/etc/yum.repos.d/CentOS-CR.repo
[cr] name=CentOS-$releasever - cr baseurl=file:///mnt/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 enabled=1
安装ftp 服务
[root@localhost ~]# yum install vsftpd -y Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile cr | 3.6 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:3.0.2-25.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================= Package Arch Version Repository Size ================================================================================================================================================= Installing: vsftpd x86_64 3.0.2-25.el7 cr 171 k Transaction Summary ================================================================================================================================================= Install 1 Package Total download size: 171 k Installed size: 353 k Downloading packages: Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : vsftpd-3.0.2-25.el7.x86_64 1/1 Verifying : vsftpd-3.0.2-25.el7.x86_64 1/1 Installed: vsftpd.x86_64 0:3.0.2-25.el7 Complete! [root@localhost ~]#
启动vsftpd服务
[root@localhost ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled) Active: inactive (dead) [root@localhost ~]# systemctl start vsftpd [root@localhost ~]# systemctl status vsftpd ● vsftpd.service - Vsftpd ftp daemon Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2022-08-30 23:16:57 EDT; 1s ago Process: 3787 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS) Main PID: 3788 (vsftpd) CGroup: /system.slice/vsftpd.service └─3788 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf Aug 30 23:16:57 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon... Aug 30 23:16:57 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon. [root@localhost ~]#
创建用户用于配置ftp主账户,虚拟账户权限映射到此用户
[root@localhost ~]# useradd -s /usr/sbin/nologin admin [root@localhost ~]# echo "admin" | passwd --stdin admin Changing password for user admin. passwd: all authentication tokens updated successfully. [root@localhost ~]# id admin uid=1000(admin) gid=1000(admin) groups=1000(admin) [root@localhost ~]# mkdir /data [root@localhost ~]# chown -R admin:admin /data [root@localhost ~]# ls -ld /data drwxr-xr-x. 2 admin admin 6 Aug 30 23:20 /data [root@localhost ~]#
停止防火墙,关掉selinux
[root@localhost vsftpd]# systemctl stop firewalld [root@localhost vsftpd]# systemctl disable firewalld [root@localhost vsftpd]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted [root@localhost vsftpd]#
关闭selnux 之后重启系统
配置vsftpd.conf,配置参考
chroot_list_file=/etc/vsftpd/chroot_list 配置限制用户登陆ftp后切换家目录。
user_config_dir=/etc/vsftpd/vir_user_conf 配置虚拟用户配置文件目录。
vi vsftpd.conf 如下配置文件
anonymous_enable=NO chroot_local_user=NO chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list allow_writeable_chroot=YES local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=NO listen_ipv6=YES userlist_enable=YES tcp_wrappers=YES pam_service_name=vsftpd guest_enable=YES guest_username=admin user_config_dir=/etc/vsftpd/vir_user_conf virtual_use_local_privs=YES
配置vsftpd,配置虚拟用户,创建v_user.txt 编辑加入分别为账号密码分别一行,这里配置了三个虚拟用户,admin,admin1,admin2。
[root@localhost vsftpd]# cat v_user.txt admin admin admin1 admin1 admin2 admin2 [root@localhost vsftpd]# db_load -T -t hash -f v_user.txt v_user.db [root@localhost vsftpd]# ls ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh v_user.db v_user.txt
虚拟用户配置文件,创建vir_user_conf,目录下创建针对虚拟用户的配置文件,创建三个用户登陆的家目录分别为/data/ftp/{admin,admin1,admin2},用户配置文件为 /etc/vsftpd/vir_user_conf/{admin,admin1,admin2},最后需要修改/data/ftp/目录文件为admin:admin
[root@localhost vsftpd]# mkdir -p /etc/vsftpd/vir_user_conf/ [root@localhost vsftpd]# mkdir -p /data/ftp/{admin,admin1,admin2} [root@localhost vsftpd]# touch /etc/vsftpd/vir_user_conf/{admin,admin1,admin2} [root@localhost vsftpd]# touch /data/ftp/admin/admin-test [root@localhost vsftpd]# touch /data/ftp/admin1/admin1-test [root@localhost vsftpd]# touch /data/ftp/admin2/admin2-test [root@localhost vsftpd]# chown -R admin:admin /data/ [root@localhost vsftpd]# ls -lR /data/ftp/ /data/ftp/: total 0 drwxr-xr-x. 2 admin admin 24 Aug 30 23:44 admin drwxr-xr-x. 2 admin admin 25 Aug 30 23:44 admin1 drwxr-xr-x. 2 admin admin 25 Aug 30 23:44 admin2 /data/ftp/admin: total 0 -rw-r--r--. 1 admin admin 0 Aug 30 23:44 admin-test /data/ftp/admin1: total 0 -rw-r--r--. 1 admin admin 0 Aug 30 23:44 admin1-test /data/ftp/admin2: total 0 -rw-r--r--. 1 admin admin 0 Aug 30 23:44 admin2-test [root@localhost vsftpd]#
admin用户配置文件
local_root=/data/ftp/admin write_enable=YES anon_world_readable_only=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
admin1用户配置文件
local_root=/data/ftp/admin1 write_enable=YES anon_world_readable_only=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
admin2配置文件
local_root=/data/ftp/admin2 write_enable=YES anon_world_readable_only=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES
配置pam文件/etc/pam.d/vsftpd,加入以下文本,其余的注释掉
auth required pam_userdb.so db=/etc/vsftpd/v_user
account required pam_userdb.so db=/etc/vsftpd/v_user
限制ftp用户切换目录,将需要限制的用户加入chroot_list
[root@localhost vsftpd]# cat chroot_list
admin
[root@localhost vsftpd]#
重启vsftpd,登陆验证
登陆admin,验证切换目录,验证文件上传
文件上传成功,切换目录限制成功,用户不能切换到其他目录
验证admin1 用户,验证切换目录,验证文件上传
验证成功,用户上传成功,用户无限制,可以切换目录。
验证admin2 用户,验证切换目录,验证文件上传
文件上传下载成功,目录切换无限制,可以切换根目录。
搭建samba服务器
yum install samba -y
修改配置文件 /etc/samba/smb.conf
[smbshare] comment = share my file path = /data/smb/ browseable = yes public = no writeable = yes valid users =@admin create mask = 0664 directory mask = 0775 force user = admin force group = admin available = yes unix charset = UTF-8 dos charset = cp936 [share] comment = share all path = /tmp/ browseable = yes public = yes writable = no
创建/data/smb文件夹,将权限修改为admin:admin,修改smb服务使用的admin账户密码,修改后才能登陆
[root@localhost ~]# mkdir /data/smb/ -p [root@localhost ~]# chown -R admin:admin /data/smb/ [root@localhost ~]# pdbedit -a -u admin new password: retype new password: Unix username: admin NT username: Account Flags: [U ] User SID: S-1-5-21-3787976277-2559902122-3613698349-1000 Primary Group SID: S-1-5-21-3787976277-2559902122-3613698349-513 Full Name: Home Directory: \\localhost\admin HomeDir Drive: Logon Script: Profile Path: \\localhost\admin\profile Domain: LOCALHOST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff time: Wed, 06 Feb 2036 10:06:39 EST Password last set: Wed, 31 Aug 2022 01:29:43 EDT Password can change: Wed, 31 Aug 2022 01:29:43 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [root@localhost ~]# systemctl restart smb [root@localhost ~]#
验证登陆
登陆成功
网页文件服务器搭建,仅供于网页版下载文件使用
安装httpd服务
yum install httpd -y
登陆网页
修改/var/www/html ,删除原来的html文件夹,新建html软连接链接到需要共享的目录,修改配置文件welcome.conf 参数Options -Indexes修改为为Options +Indexes,
[root@localhost ~]# ll /var/www/html lrwxrwxrwx 1 root root 10 Aug 25 23:21 /var/www/html -> /data/smb/
welcome.conf 配置如下
[root@localhost ~]# cat /etc/httpd/conf.d/welcome.conf | grep -v ^# <LocationMatch "^/+$"> Options +Indexes ErrorDocument 403 /.noindex.html </LocationMatch> <Directory /usr/share/httpd/noindex> AllowOverride None Require all granted </Directory> Alias /.noindex.html /usr/share/httpd/noindex/index.html [root@localhost ~]#
乱码解决,修改httpd.conf 配置文件,加入IndexOptions Charset=UTF-8,重新启动服务。
配置如下,列出部分代码配置
AddDefaultCharset UTF-8 IndexOptions Charset=UTF-8 <IfModule mime_magic_module> # # The mod_mime_magic module allows the server to use various hints from the # contents of the file itself to determine its type. The MIMEMagicFile # directive tells the module where the hint definitions are located. # MIMEMagicFile conf/magic </IfModule>
修改配置,刷新页面后
