Transcript COP 4343

COP 4343
Unix System Administration
Unit 15: file server
– ftp
– nfs
1
File server
• Remote access to files
• ftp
– put/get files from remote hosts
• nfs
– tight integration in Unix environment
• samba
– share access to/from Windows systems
2
File Transfer Protocol
• designed for efficient distribution of a
single file to multiple remote clients
• design characteristics
– operates in real-time
– to be used by general public anonymously
• userid: ftp
– very effective for transferring large files
– not designed as a “shared local disk”
3
FTP clients
• Command line:
– ftp, lftp, sftp, ncftp
• GUI-based:
– gftp
• web browsers via URL
– ftp://mirror.cs.fiu.edu
4
FTP server
• vsftpd
“Probably the most secure and fastest FTP
server for UNIX-like systems”
• vsftpd.beasts.org
• to install on Fedora:
– yum install vsftpd
5
vsFTPd server
• configuration: /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
listen=YES
tcp_wrappers=YES
• check run level & start daemon:
– chkconfig vsftpd on
– service vsftpd start
6
vsFTPd server security
• open firewall to ports
– 20: ftp data
– 21: ftp control
• enable ftp connection tracking
– add module: ip_conntrack_ftp
– to: /etc/sysconfig/iptables-config
• list of non-allowed users:
– /etc/vsftpd.ftpusers
7
Network File Systems
• NFS makes remote files part of the local
directory structure
– designed for permanent, long-term
connections where remote file systems are
used as part of the regular user environment
– designed with a trusted network in mind
– UNIX-centric and does not typically perform
well with Windows servers
8
NFS client
• mount command:
mount blitz:/disk/137/ege /mnt
– mount point must exist
– remote host must export directory
9
NFS client, mount options
• hard
– if remote access fails, request will hang until
server resumes
– option: intr
• allows hanging process to be killed
• soft
– if remote access, error will be reported
10
NFS client, mount options
• permission
ro: read-only
rw: read and write
nosuid: disable setuid behavior
• more options available for server
11
NFS client
• automatic mounting at system startup
• /etc/fstab:
blitz:/disk/137/ege /mnt/ege nfs rw,hard,intr 0 0
12
NFS server
• NFS uses RPC
– similar to xinetd : uses RPC number
– portmap listens for rpc requests, then maps
them to TCP or UDP ports
– NFS uses the rpc.mountd daemon to make
new connections
• check services in run level:
– portmap
– nfs
13
NFS server: export
• configuration: /etc/exports
ex: /home blitz(rw)
/home *.cs.fiu.edu(ro,root_squash)
• options:
– rw, ro
– root_squash
– all_squash
– anonuid
14
NFS server: firewall
• problem:
RPC mechanism uses random ports
• solution:
– open firewall to trusted machines
rule option:
-s 131.94.130.39/32
15