Chapter 1 enterprise level shared file system
1.1 vsftp
1.1.1 overview of vsftp
1. Introduction
- FTP (File Transfer Protocol) is one of the protocols in the TCP/IP protocol group. Used for two-way transfer of files on the Internet. When using FTP to transmit, it is dangerous to a certain extent, because the data is completely unprotected plaintext transmission on the Internet! FTP protocol consists of two parts, one is FTP server, the other is FTP client. The FTP server is used to store files, and users can use the FTP client to access the resources on the FTP server through the FTP protocol. When developing a website, we usually use FTP protocol to transfer the Web page or program to the Web server. In addition, because FTP transmission efficiency is very high, it is generally used when transmitting large files on the network.
- By default, FTP protocol uses 20 and 21 of TCP ports, of which 20 is used to transmit data and 21 is used to transmit control information. However, whether to use 20 as the data transmission port is related to the transmission mode used by FTP. If the active mode is adopted, the data transmission port is 20; If the passive mode is adopted, the specific port to be used should be determined through negotiation between the server and the client.
- vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc. it is a completely free and open source FTP server software that supports many features that other FTP servers do not support. For example: very high security requirements, bandwidth constraints, good scalability, virtual user creation, IPv6 support, high speed.
2. Safety features
- The operators of vsftp programs are generally ordinary users, which reduces the permissions of the corresponding processes and improves the security. It is a safe, high-speed and stable FTP server
- It can be used as a virtual FTP host server based on multiple IP S
- Any instruction that needs to execute higher permission requires upper layer program permission. Anonymous service settings are very convenient. The root directory of anonymous FTP does not need any special directory structure, system programs or other system files
- Most commands required by ftp are integrated into vsftp, and there is basically no need for the system to provide additional commands. No external procedures are executed, thus reducing potential safety hazards
- With chroot function, you can change the user's root directory and limit users to their own home directory
- VSFTP is widely used in the market and is used by many large international companies and free and open source organizations, such as Red Hat, Suse, Debian and OpenBSD
3. Working principle of vsftpd
VSFTP connection type
-
Control connection (continuous connection) → TCP 21 (command channel) → user sends and receives FTP commands
-
Data connection (on-demand connection) → TCP 20 (data channel) → for uploading and downloading data
-
vsftpd is based on C/S mode. There are two transmission modes: active mode and passive mode. The default working mode of vsftp is active mode.
Active (port) mode
- The ftp client side connects from any port P greater than 1024 to port 21 on the ftp server side. Then the ftp client starts listening to port P+N and sends the FTP command "port P+N" to the ftp server. Then, the ftp server side will connect from its own data port (20) to the data port P+N specified by the ftp client side.
- The ftp client side enables port P greater than 1024 to connect to ftp server port 21, and establishes a connection through tcp three-time handshake
- The ftp client sends a PORT request and tells the ftp server that it has opened the P+N PORT to receive data
- The ftp server side uses port 20 and the P+N port of the ftp client side to start data transmission after three handshakes through tcp
[the external link image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-fPXtypoo-1632022854813)(G: \ notes \ Linux operation and maintenance \ enterprise shared file system. assets\image-20210917081853489.png)]
Passive mode
- In passive FTP, the command connection and data connection are initiated by the ftp client, which can solve the problem that the incoming connection from the server to the data PORT of the ftp client is filtered by the firewall. When an FTP connection is opened, the ftp client side opens two arbitrary local ports P > 1024 to connect to PORT 21 of the server. However, unlike active FTP, the ftp client side does not submit the PORT command and allows the ftp server side to connect back and forth to its data PORT, but submits the PASV command. As a result, the ftp server will open an arbitrary non privileged PORT (PORT number greater than 1024) and send the PORT S command to the client. Then, the ftp client side initiates a connection from the local PORT P+N to the PORT S of the ftp server side to transmit data.
- The ftp client side enables port P greater than 1024 to connect to ftp server port 21, and establishes a connection through tcp three-time handshake
- The ftp client sends a PASV request to tell the ftp server that it is in the passive mode
- The listening port on the ftp server side is s > 1024 and tells the ftp client side
- The ftp client side uses the P+N port and the S port of the ftp server side to start data transmission after three handshakes through tcp
[the external chain image transfer fails. The source station may have an anti-theft chain mechanism. It is recommended to save the image and upload it directly (img-Vdz4yBB6-1632022854814)(G: \ notes \ Linux operation and maintenance \ enterprise shared file system. assets\image-20210917081926608.png)]
VSFTP transfer mode
- Binary mode: no data processing, suitable for executable files, compressed files, pictures, etc
- ASCII mode: during text transmission, it automatically adapts to the end characters of the target operating system, such as carriage return
- Switching mode: enter ascii at the FTP > prompt to switch to ACSII mode, and enter bin to switch to Binary mode.
- Red hat default mode of Linux: in the red hat distribution of Linux, VSFTP adopts Binary mode by default, which can ensure that most files can be used normally after transmission
1.1.2 vsftp build ftp service
1. Installation
1.1 server side
close selinux sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux setenforce 0 Query whether the system has its own vsftpd rpm -q vsftpd use yum install vsftpd yum -y install vsftpd start-up systemctl start vsftpd stop it systemctl stop vsftpd View status systemctl status vsftpd restart systemctl restart vsftpd Power on vsftpd systemctl enable vsftpd inspect vsftpd Open or not: ps -e|grep vsftpd
1.2 detailed description of vsftpd configuration directory
- /etc/vsftpd/vsftpd.conf: main configuration file
- /usr/sbin/vsftpd: the main program of vsftpd
- /etc/rc.d/init.d/vsftpd: startup script
- /etc/pam.d/vsftpd: PAM authentication file (the file=/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the user in the / etc/vsftpd/ftpusers file)
- /etc/vsftpd/ftpusers: user list file that prohibits the use of vsftpd. Record the list of users who are not allowed to access the FTP server. The administrator can record some user accounts that threaten the system security in this file, so as to avoid damage to the system caused by the user's greater right to upload and download after logging in from FTP. (Note: in linux-4, this file is in the / etc / directory)
- /etc/vsftpd/user_list: list of users whose use of vsftpd is prohibited or allowed. The user specified in this file cannot access the FTP server by default (i.e. set userlist_deny=YES in / etc/vsftpd/vsftpd.conf). After setting userlist_ When deny = no, only user is allowed_ List to access the FTP server. (Note: in linux-4, this file is in the / etc / directory)
- /var/ftp: anonymous user home directory; The local user's home directory is: / home / user's home directory, that is, enter your home directory after logging in
- /var/ftp/pub: the download directory of anonymous users. This directory needs to be assigned the right root chmod 1777 pub (1 is a special permission, so it cannot be deleted after uploading)
- /etc/logrotate.d/vsftpd.log: the log file of Vsftpd
1.3 client
yum install -y ftp
1.1.3 anonymous user authentication
VSFTP software information:
- Server software name: vsftpd, which needs to be installed
- Client software name: ftp, no installation required
- Service Name: vsftpd
- Port number: 20, 21, random ports within the specified range
- Configuration file: / etc/vsftpd/vsftpd.conf
Anonymous user authentication:
- User account name: ftp or anonymous
- User account password: no password
- Working directory: / var/ftp
- Default permission: it can be downloaded but not uploaded by default. The upload permission consists of two parts (main configuration file and file system)
linux-90: Create a test file on the server side touch lagouedu.txt linux-91: preparation: cd /data touch test.txt 1.Client anonymous login ftp 192.168.198.90 user name: ftp Password: empty, enter directly 2.see ftp Built in commands:? Common commands: ls cd put get delete 3.Test upload file: put /data/test.txt 4.Download server files: get lagouedu.txt 5.sign out ftp: quit
1.1.4 FTP command details
1. Summary
FTP The command line format is: ftp -v -d -i -n -g [host name],among -v Display all response information of the remote server; -n limit ftp Automatic login, i.e. not used; .n etrc Documents; -d Commissioning mode; -g Cancel global file name. ftp The internal commands used are as follows(Brackets indicate options): 1.![cmd[args]]: Perform interaction on the local machine shell,exit go back to ftp Environment, such as:!ls*.zip. 2.$ macro-ame[args]: Execute macro definition macro-name. 3.account[password]: Provide the supplementary password required to access system resources after successful login to the remote system. 4.append local-file[remote-file]: Append the local file to the remote system host. If the remote system file name is not specified, the local file name is used. 5.ascii: use ascii Type transmission mode. 6.bell: After each command is executed, the computer rings once. 7.bin: Use binary file transfer. 8.bye: sign out ftp Session process. 9.case: in use mget Converts uppercase to lowercase in the remote host file name. 10.cd remote-dir: Enter the remote host directory. 11.cdup: Enter the parent directory of the remote host directory. 12.chmod mode file-name: Transfer remote host files file-name The access mode of is set to mode,For example: chmod 777 a.out. 13.close: Interrupt communication with remote server ftp conversation(And open corresponding). 14.cr: use asscii When transferring files in mode, carriage return and line feed are converted to line return. 15.delete remote-file: Delete remote host files. 16.debug[debug-value]: Set the debugging mode and display each command sent to the remote host, such as: deb up 3,If set to 0, it means cancel debug. 17.dir[remote-dir][local-file]: Display the remote host directory and store the results in a local file local-file. 18.disconnection: with close. 19.form format: Set file transfer mode to format,Default to file Way. 20.get remote-file[local-file]: File to remote host remote-file To local hard disk localfile. 21.glob: set up mdelete,mget,mput The file name extension of. By default, the file name is not extended. It is the same as that on the command line-g Parameters. 22.hash: One is displayed for every 1024 bytes transmitted hash Symbol(#). 23.help[cmd]: display ftp Internal command cmd Help information for, such as: help get. 24.idle[seconds]: Set the sleep timer of the remote server to[seconds]Seconds. 25.image: Set binary transfer mode(with binary). 26.lcd[dir]: Switch local working directory to dir. 27.ls[remote-dir][local-file]: Show remote directory remote-dir,And stored in local files local-file. 28.macdef macro-name: Define a macro, encountered macdef The macro definition ends when there is an empty line under. 29.mdelete[remote-file]: Delete remote host files. 30.mdir remote-files local-file: And dir Similar, but multiple remote files can be specified, such as: mdir *.o.*.zipoutfile 31.mget remote-files: Transfer multiple remote files. 32.mkdir dir-name: Create a directory in the remote host. 33.mls remote-file local-file: with nlist,However, multiple file names can be specified. 34.mode[modename]: Set file transfer mode to modename,Default to stream Way. 35.modtime file-name: Displays the last modification time of the remote host file. 36.mput local-file: Transfer multiple files to a remote host. 37.newer file-name: If in the remote machine file-name If the modification time of is more recent than that of the file with the same name on the local hard disk, the file will be retransmitted. 38.nlist[remote-dir][local-file]: Display the file list of the remote host directory and store it in the local hard disk localfile. 39.nmap[inpattern outpattern]: Set the file name mapping mechanism so that some characters in the file can be converted to each other during file transmission, such as: nmap $1.$2.$3[$1,$2].[$2,$3],Then transfer the file a1.a2.a3 When, the file name becomes a1,a2. This command is especially applicable to remote hosts that are not UNIX The situation of the machine. 40.ntrans[inchars[outchars]]: Set the translation mechanism of file name characters, such as ntrans 1R,File name LLL Will become RRR. 41.open host[port]: Create assignment ftp Server connection, you can specify the connection port. 42.passive: Enter passive transmission mode. 43.prompt: Set interactive prompts for multiple file transfers. 44.proxy ftp-cmd: In the secondary control connection, execute one ftp Command, which allows the connection of two ftp Server to transfer files between two servers. Article 1 ftp Command must be open,To first establish a connection between the two servers. 45.put local-file[remote-file]: Transfer local files local-file Transfer to remote host. 46.pwd: Displays the current working directory of the remote host. 47.quit: with bye,sign out ftp conversation. 48.quote arg1,arg2...: Send parameters verbatim to remote ftp Server, such as: quote syst. 49.recv remote-file[local-file]: with get. 50.reget remote-file[local-file]: be similar to get,But if local-file If it exists, the transmission is resumed from the last transmission interruption. 51.rhelp[cmd-name]: Ask for help from the remote host. 52.rstatus[file-name]: If no file name is specified, the status of the remote host is displayed; otherwise, the file status is displayed. 53.rename[from][to]: Change the remote host file name. 54.reset: Clear the answer queue. 55.restart marker: From the specified flag marker Start again get or put,For example: restart 130. 56.rmdir dir-name: Delete the remote host directory. 57.runique: Set file name uniqueness storage. If the file exists, add a suffix after the original file..1,.2 Wait. 58.send local-file[remote-file]: with put. 59.sendport: set up PORT Use of commands. 60.site arg1,arg2...: Use parameters as SITE Commands are sent verbatim to the remote ftp host. 61.size file-name: Displays the file size of the remote host, such as: site idle 7200. 62.status: Show current ftp Status. 63.struct[struct-name]: Set the file transfer structure to struct-name,Used by default stream Structure. 64.sunique: Set the remote host file name store to unique(And runique corresponding). 65.system: Displays the operating system type of the remote host. 66.tenex: Set the file transfer type to TENEX The desired type of machine. 67.tick: Sets the byte counter during transmission. 68.trace: Set up package tracking. 69.type[type-name]: Set file transfer type to type-name,Default to ascii,For example: type binary,Set the binary transfer mode. 70.umask[newmask]: Set the default of the remote server umask Set to newmask,For example: umask 3. 71.user user-name[password][account]: Indicate your identity to the remote host. When you need a password, you must enter the password, such as: user anonymous my@email. 72.verbose: Same as command line-v Parameter, i.e. setting detailed report method, ftp All responses from the server will be displayed to the user. The default is on. 73.?[cmd]: with help.
1.2 samba
1.2.1 Samba overview
-
Samba is a communication protocol that uses SMB(Server Message Block) to share files and printers on the LAN by default. By supporting this protocol, samba allows communication between Linux server and Windows system, making cross platform mutual access possible. Samba adopts C/S mode. Its working mechanism is to make NetBIOS (Windows network neighbor communication protocol) and SMB run on TCP/IP communication protocol, and use NetBEUI protocol to enable Windows to browse Linux servers in "network neighbor".
-
The samba server consists of two background applications: smbd and nmbd. Smbd is the core of samba, which is mainly responsible for establishing the dialogue between Linux Samba server and Samba client, verifying user identity and providing access to file and printing system; Nmbd is mainly responsible for publishing the NetBIOS name and browsing service that can be provided by Linux Samba server, so that Windows users can browse the resources shared in Linux Samba server in "network neighborhood". In addition, samba also includes some management tools, such as SMB client, smbmount, testarm, smbpasswd and other programs.
-
Samba server can realize the following functions: WINS and DNS services; Web browsing service; Authentication and authorization between Linux and Windows domains;
-
UNICODE character set and domain name mapping; UNIX share meeting CIFS protocol, etc.
Main applications of samba:
- The main purpose of samba is to communicate between Windows and Unix.
- Shared file and printer services;
- Provide identity authentication;
- Provides host name resolution (NetBIOS name) on Windows networks.
1. Comparison between samba and ftp
Advantages and disadvantages of ftp
- Advantages: file transfer, application layer protocol, cross platform
- Disadvantages: only file transfer can be realized, and file system mounting cannot be realized; Server side files cannot be modified directly
Samba features
- Using smb/cifs protocol
- Cross platform
- File system mount
- It can modify files on the server side
2. Relationship between SMB protocol and cifs
- With the rapid development of the Internet, Microsoft hopes to extend SMB protocol to the Internet and become a standard for sharing data between computers on the Internet. Therefore, it reorganizes the original SMB protocol with few technical documents and renames it CIFS (Common Internet File System). It enables programs to access files on remote internet computers and require this computer to provide services. The client requests a server program far away from the server to serve it. The server gets the request and returns a response. CIFS is a public or open version of the SMB protocol and is used by Microsoft. SMB protocol is a protocol used for server file access and printing on LAN.
1.2.2 Samba installation
yum install -y samba start-up samba systemctl start smb Set startup systemctl enable smb see samba Service status systemctl status smb
1.2.3 configuring samba
1. Add user and set password
-
Set the account to log in to the samba server and set the password for the samba user. Specific commands:
-
Local user authentication (the default security level of samba server. Users must provide user name and password for authentication before accessing shared resources). This method uses a database file for authentication. The database file is called passdb.tdb. New users can be added to the database through pdbedit -a, but the samba user to be established must first be a system user. It can also be understood that we use pdbedit -a to convert system users into Samba users
Syntax:
pdbedit [parameter] user name
Parameters:
- -a: Create a new Samba account (convert the system user to Samba user and set the password)
- -x: Delete Samba account
- -50: L ist the Samba users and read the passdb.tdb database file.
useradd sambauser set up samba Account password: pdbedit -a sambauser see samba user pdbedit -L sambauser to grant authorization chmod 777 /home/sambauser/ close seliunx sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux setenforce 0 Open shared directory permissions iptables -F
2. Restart the samba server
systemctl restart smb
3.windows client test
- Installing samba service: windows needs to be restarted
- Log in to the samba server through the configuration file explorer for testing
- Log in to the samba server by configuring network mapping for testing
1.3 enterprise level shared file system
Background introduction
-
In a network, multiple computers or multiple users in the same computer use hardware and software resources at the same time. Usually, the number of resources required by multiple users at the same time always exceeds the actual physical resources of the system, but the logical (or virtual) resource allocation can better deal with this contradiction and improve the use efficiency of the computer. However, it must be coordinated and managed by the operating system in order to avoid confusion. There are two main methods: unified management and distribution by the operating system, which is suitable for multiple users in the same computer system; Users notify each other, which is applicable to the network system.
-
File sharing refers to actively sharing your computer files on the network. General file sharing uses P2P mode, and the file itself exists on the user's personal computer. Most people who participate in file sharing also download shared files provided by other users. Sometimes the two actions are linked.
-
The network has brought us a lot of convenience. We can easily share files with others with file sharing. File sharing refers to actively sharing our computer files on the network (Internet or small network). General file sharing uses P2P mode, and the file itself exists on the user's personal computer. Most people who participate in file sharing also download shared files provided by other users. Sometimes the two actions are linked.
-
There are many important problems in file sharing, two of which are the most important. The first problem is whether it is centralized or sub network structure, and users' privacy and anonymity. The latter has become an important issue after copyright owners Sue some file sharing users. The second problem is the use of so-called "spyware" to collect and sell user data. Early client programs accepted only one protocol, so a client program either accepted only Napster or Gnutella. There was a movement to build software using multiple protocols on the client. The main purpose of this campaign is that a user doesn't have to use different programs to do the same thing. Sometimes the file shared by some people is very popular, so many people will want to get the file from him, which may lead to the person's system can not meet all needs. Decentralization is a way to alleviate this problem, especially if many people are sharing this file, then the file can be obtained from different places. Decentralization is also used to address the threat to centralism, which can come from legal complaints or hostile users. A decentralized network cannot be attacked as a whole. Attackers can only attack individual members, while the rest of the whole network still works. In order to prevent someone from collecting only the files provided by others and refusing to share them, some systems later introduced the functions of exchange and scoring. In such a system, a user shares only if he can expect to be paid. KaZaA uses a very simple scoring system. The client program calculates the priority of the user and tells the priority of the user in a section of the file. But soon after the system was invented, someone changed the client program so that the client user always has the highest priority. Another client program that uses the scoring system is eMule. EMule's client program applies the multi-source file transfer protocol, which monitors how many files a user downloads or uploads to another user. Sometimes this scoring system doesn't seem to affect the speed of download. If the user has an idle upload tunnel, it accepts the other party, uploads 8MB data to the other party, and then puts the other party at the end of its queue. If the other party's score is x2, the other party will wait half the time compared with the user whose score is x1, and the user will upload 8MB of data. If both sides transmit data to each other, their scores will continue to rise and the speed of transmission will also increase. BitTorrent protocol also has a very good scoring system. If a user only downloads and does not upload, his download speed is very low. Today's system is more effective in uploading and downloading functions and in preventing violations of the law.
Shared classification
- Sharing of data and applications.
1.1 a printing server shall be established in the printing shared LAN to provide printing services for all users of the LAN.
1.2 mail function the mail server can provide mail forwarding, distribution, CC and other services based on user name for all employees in the enterprise, and can complete convenient management, backup, deletion, recovery and recovery on the server.
1.3 the most common network chat applications are qq, wechat and other applications, which can realize voice and video communication between users in different physical locations in real time and quickly.
1.4 real time messages, such as Yahoo IM, MSN and other applications, can realize message forwarding within LAN and Internet.
1.5 database server is an important part of enterprise LAN, which can realize the functions of data sharing, reducing redundancy, centralized storage and management, maintainability and security. - File sharing service is common in network storage. FTP and TFTP services are used to enable users to easily and safely access the resources on the shared server on the workgroup computer, and FTP resources are mostly free.
- Resource backup with the development of network attacks and viruses, resource backup has also become an indispensable part of resource sharing. Most modern enterprises adopt real-time and efficient resource backup, so as to protect the company's information to the greatest extent in case of network collapse and play the greatest role in disaster recovery.
- Networking: including customer resources, capability resources and other resources that can be applied to each other.
- Equipment.
Resource sharing in LAN
Printer sharing
- Install the print server. Install a local printer on any computer in the LAN, including printer hardware connection and software installation, so that the computer itself can print. This computer is called a print server for the network and its properties are set to shared. Remember the identity of this computer at this time.
- The workstation is equipped with a network printer. Install a network printer on the workstation, double-click "Add Printer", select "network printer" next, and then next, browse in the shared printer window, find the ID on which the shared printer is installed, and select "next". Other workstations to share printers should be installed in this way to share network printers.
Folder or drive sharing
- In the network, the folder or drive on one workstation can be shared by other workstations. The use methods are as follows. Settings for folder or drive sharing. In the computer window, right-click the folder or drive icon, select properties, and then click share. When sharing the hard disk drive, select the "new share" button, write the name in the "share name" in the "new share" dialog box, and click OK. Be careful not to use "default share" here. Use of workstations. Double click the "network neighborhood" icon, then double-click the "whole network" icon, then double-click the "Microsoft Windows Network", and then double-click the Workgroup icon to see the icons of computers in the local area network; Double click the computer icon of the shared folder or drive, and the folder or drive icon will appear. At this time, you can use it as your own folder or drive.
1.3.1rsync
- rsync is a data mirror backup tool for unix like systems. A tool that supports fast full backup and incremental backup, supports local replication, remote synchronization, etc., similar to scp command; rsync command logs in to the target host for user identity authentication before synchronizing files. Data synchronization can only be carried out after authentication. The identity authentication method depends on the protocol type used. rsync generally uses two protocols for data synchronization: ssh protocol and rsync protocol.
Official website address
https://rsync.samba.org/
Download address
https://rsync.samba.org/download.html
rsync benefits
- rsync has the advantages of high security, fast backup and supporting incremental backup. rsync can solve the data backup requirements with low real-time requirements, such as regularly backing up the file server data to the remote server, regularly mirroring the local disk, etc.
Insufficient rsync
With the continuous expansion of application system scale, higher requirements are put forward for data security and reliability, and rsync reveals many shortcomings. First, when rsync synchronizes data, all files need to be scanned for comparison, and then differential transmission. If the number of files reaches the order of millions or more, scanning files is very time-consuming, and sometimes only a small part of the data has changed, so rsync becomes very inefficient. Secondly, rsync cannot monitor and synchronize data in real time. Although it can trigger synchronization through the Linux daemon, there will be a time difference between the two triggering actions, which may lead to inconsistency between the data on the server and the client, and the data cannot be completely recovered in case of failure in the later stage.
Experimental environment
- Server side: linux-90 192.168.198.90
- Client: linux-91 192.168.198.91
1. Install rsync
Both client and server need to be installed
yum install -y rsync
2. Modify the configuration file
- On some versions of the system, the file may not exist by default.
address = 192.168.198.90 #rsync service binding IP port 873 #Default service port 873 log file = /var/log/rsyncd.log #Log file location pid file = /var/run/rsyncd.pid #Process number file location [lagou] #Share name: used to connect. It is written on the url. Remember comment = lagou directory backup #Shared descriptive discourse path = /lagouedu #Actual shared directory read only = no #Allow read only dont compress = *.gz *.bz2 #Which file types are not compressed auth users = zhangsan #Login user name (non system user, you need to create it yourself) secrets file = /etc/rsyncd_users.db #Account password file required for authentication (to be created by yourself - same as above)
- linux-90:
vi /etc/rsyncd.conf
address=192.168.198.90 port 873 log file=/var/log/rsyncd.log pid file=/var/run/rsyncd.pid [lagou] comment=lagou directory backup path=/lagouedu read only=no dont compress =*.gz *.bz2 auth users=zhangsan secrets file=/etc/rsyncd_users.db
3. Create the account password file required for authentication
linux-90: vi /etc/rsyncd_users.db The contents of the document are as follows: zhangsan:123456 The permission must be modified, or the client login will report an error chmod 600 /etc/rsyncd_users.db Create shared directory: mkdir -p /lagouedu cd /lagouedu Create file: touch {1..5}.txt ls
4. Start service
linux-90: rsync --daemon netstat -antp | grep :873
5. Set the mapping user to have permissions on the shared directory
linux-90: setfacl -m u:nobody:rwx /lagouedu
6. Download test
rule of grammar:
- rsync -avz rsync: / / user name @ server address / shared module name / local directory
linux-91: rsync -avz rsync://zhangsan@192.168.198.90/lagou /data cd /data ls
7. Upload test
rule of grammar:
- rsync -avz / local directory / * rsync: / / user name @ server address / shared module name
linux-90: rm -rf * linux-91: rsync -avz /data/* rsync://zhangsan@192.168.198.90/lagou
8. Delete test
–delete:
- Delete more files than the local server (there are no source addresses, and some destination addresses are deleted)
linux-91: touch 7.txt rsync -avz --delete rsync://zhangsan@192.168.198.90/lagou /data ls
9. Password free login test
- The password free rsync protocol can be implemented by means of an environment variable. Generated on the client side.
rule of grammar:
- export RSYNC_PASSWORD = virtual user password (client generated)
linux-91: export RSYNC_PASSWORD=123456 touch 7.txt rsync -avz --delete rsync://zhangsan@192.168.198.90/lagou /data ls