in Linux, rhce

RHCE6 Preperation (7) – vsftp,ISCSI,SMB

1, control the FTP access the system, Clients within the example.com domain should have anonymous FTP access to your machine, Clients outside example.com should NOT have access to your FTP Service

modify the /etc/hosts.allow

vsftpd: .example.com

modify the /etc/hosts.deny

vsftpd: ALL

start the vsftpd and make it auto on

/etc/init.d/vsftpd start
chckconfig vsftpd on

2, connect to ISCSI target from instructor.example.com, you should mount this filesystem to /mnt/iscsi directory and automatically useable at system boot time

check the iscsi (iscsi-initiator-utils) installed or not, if not installed, needs to install,

rpm –qa |grep iscsi-initiator-utils
yum –y install iscsi-initiator-utils

discover the iscsi, and after the command, it will display the iqn text for the usage in the next command,

iscsiadm -m discovery -t st -p 192.168.0.254

login to iscsi server,

iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -l

check the iscsi attached or not,

dmesg |tail
fdisk -l

format the attached iscsi, by fdisk /dev/sdb, then n,p,1, w

mkfs.ext4 /dev/sdb1

create the folder of /mnt/iscsi and mount the iscsi to /mnt/iscsi

mount /dev/sdb1 /mnt/iscsi

add to auto mount when startup, to get the UUID use the command:

blkid /dev/sdb1

modify the /etc/fstab, add one line,

UUID="the return of blkid command"   /mnt/iscsi  ext4   defaults,_netdev  0 0

check the iscsi attached,

mount -a
df -h

to delete the iscsi attached,

iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -u
iscsiadm -m node -T iqn.2010-09.com.example:rdisks.server3 -p 192.168.0.254 -o delete

3, Share the /common directory via SMB, the workgroup as SAMBA, share’s name as common, common share must be available to example.com domain client only, The common share must be browseable, mary  will have read access to the share,authenticating with the same password “password”,if necessary

install the samba,

yum install -y 'samba*'

modify the samba configuration file, /etc/samba/smb.conf

modify the line 74 as:

workgroup = SAMBA

At last of smb.conf, add the following, or can copy from the text above and modify,  command ‘v’ to select block, and ‘y’ to copy, ‘p’ to paste,

[common]
comment = common
path = /common
public = yes
writable = yes
browseable = yes

line 80 to add 192.168.0 to allow example.com

hosts allow = 127. 192.168.12. 192.168.13. 192.168.0.

Or other answers or saying is to use the iptables to restrict the only the example.com can access the smb server,

iptables -I INPUT -p tcp ! -s 192.168.0.0/24 --dport 445 -j REJECT
service iptables save

add mary to the samba user list, here will ask you the set the password of mary:

smbpasswd –a mary

check the common folder context, check the current folder context first

ls -lZ

change to samba_share_t,

chcon –Rt samba_share_t /common

make sure the common folder access condition as 775, and selinux setting by getsebool and setsebool command, use_samba_home_dirs and samba_enbale_home_dirs as on and use -P parameters to set as permanent.
restart the smb service,

service smb restart
chkconfig smb on

access from local to test,

smbclient -L //127.0.0.1/ -U mary

mount to local folder:

mount -t cifs //127.0.0.1/common /mnt/smb -o username=mary

the command line will ask the password of mary, which is ‘password’ set before.

 

make it writable needs to do two things,

a, SElinux configuration,

setsebool -P samba_export_all_rw on

b, make the shared folder access condition as 775, or 777

chmod 777 /common

test to create file in the smb service,

mount -t cifs //127.0.0.1/common /mnt/smb -o username=mary
touch test.txt

Write a Comment

Comment