1, control the FTP access the system, Clients within the example.com domain should have anonymous FTP access to your machine, Clients outside example.com should NOT have access to your FTP Service
modify the /etc/hosts.allow
vsftpd: .example.com
modify the /etc/hosts.deny
vsftpd: ALL
start the vsftpd and make it auto on
/etc/init.d/vsftpd start
chckconfig vsftpd on
2, connect to ISCSI target from instructor.example.com, you should mount this filesystem to /mnt/iscsi directory and automatically useable at system boot time
check the iscsi (iscsi-initiator-utils) installed or not, if not installed, needs to install,
rpm –qa |grep iscsi-initiator-utils yum –y install iscsi-initiator-utils
discover the iscsi, and after the command, it will display the iqn text for the usage in the next command,
iscsiadm -m discovery -t st -p 192.168.0.254
login to iscsi server,
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -l
check the iscsi attached or not,
dmesg |tail
fdisk -l
format the attached iscsi, by fdisk /dev/sdb, then n,p,1, w
mkfs.ext4 /dev/sdb1
create the folder of /mnt/iscsi and mount the iscsi to /mnt/iscsi
mount /dev/sdb1 /mnt/iscsi
add to auto mount when startup, to get the UUID use the command:
blkid /dev/sdb1
modify the /etc/fstab, add one line,
UUID="the return of blkid command" /mnt/iscsi ext4 defaults,_netdev 0 0
check the iscsi attached,
mount -a df -h
to delete the iscsi attached,
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -u
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -o delete
3, Share the /common directory via SMB, the workgroup as SAMBA, share’s name as common, common share must be available to example.com domain client only, The common share must be browseable, mary will have read access to the share,authenticating with the same password “password”,if necessary
install the samba,
yum install -y 'samba*'
modify the samba configuration file, /etc/samba/smb.conf
modify the line 74 as:
workgroup = SAMBA
At last of smb.conf, add the following, or can copy from the text above and modify, command ‘v’ to select block, and ‘y’ to copy, ‘p’ to paste,
[common] comment = common path = /common public = yes writable = yes browseable = yes
line 80 to add 192.168.0 to allow example.com
hosts allow = 127. 192.168.12. 192.168.13. 192.168.0.
Or other answers or saying is to use the iptables to restrict the only the example.com can access the smb server,
iptables -I INPUT -p tcp ! -s 192.168.0.0/24 --dport 445 -j REJECT service iptables save
add mary to the samba user list, here will ask you the set the password of mary:
smbpasswd –a mary
check the common folder context, check the current folder context first
ls -lZ
change to samba_share_t,
chcon –Rt samba_share_t /common
make sure the common folder access condition as 775, and selinux setting by getsebool and setsebool command, use_samba_home_dirs and samba_enbale_home_dirs as on and use -P parameters to set as permanent.
restart the smb service,
service smb restart
chkconfig smb on
access from local to test,
smbclient -L //127.0.0.1/ -U mary
mount to local folder:
mount -t cifs //127.0.0.1/common /mnt/smb -o username=mary
the command line will ask the password of mary, which is ‘password’ set before.
make it writable needs to do two things,
a, SElinux configuration,
setsebool -P samba_export_all_rw on
b, make the shared folder access condition as 775, or 777
chmod 777 /common
test to create file in the smb service,
mount -t cifs //127.0.0.1/common /mnt/smb -o username=mary
touch test.txt