150 likes | 335 Views
COP 4343 Unix System Administration. Unit 15: file server ftp nfs. File server. Remote access to files ftp put/get files from remote hosts nfs tight integration in Unix environment samba share access to/from Windows systems. File Transfer Protocol.
E N D
COP 4343Unix System Administration Unit 15: file server ftp nfs
File server • Remote access to files • ftp • put/get files from remote hosts • nfs • tight integration in Unix environment • samba • share access to/from Windows systems
File Transfer Protocol • designed for efficient distribution of a single file to multiple remote clients • design characteristics • operates in real-time • to be used by general public anonymously • userid: ftp • very effective for transferring large files • not designed as a “shared local disk”
FTP clients • Command line: • ftp, lftp, sftp, ncftp • GUI-based: • gftp • web browsers via URL • ftp://mirror.cs.fiu.edu
FTP server • vsftpd “Probably the most secure and fastest FTP server for UNIX-like systems” • vsftpd.beasts.org • to install on Fedora: • yum install vsftpd
vsFTPd server • configuration: /etc/vsftpd/vsftpd.conf anonymous_enable=YES local_enable=YES write_enable=YES listen=YES tcp_wrappers=YES • check run level & start daemon: • chkconfig vsftpd on • service vsftpd start
vsFTPd server security • open firewall to ports • 20: ftp data • 21: ftp control • enable ftp connection tracking • add module: ip_conntrack_ftp • to: /etc/sysconfig/iptables-config • list of non-allowed users: • /etc/vsftpd.ftpusers
Network File Systems • NFS makes remote files part of the local directory structure • designed for permanent, long-term connections where remote file systems are used as part of the regular user environment • designed with a trusted network in mind • UNIX-centric and does not typically perform well with Windows servers
NFS client • mount command: mount blitz:/disk/137/ege /mnt • mount point must exist • remote host must export directory
NFS client, mount options • hard • if remote access fails, request will hang until server resumes • option: intr • allows hanging process to be killed • soft • if remote access, error will be reported
NFS client, mount options • permission ro: read-only rw: read and write nosuid: disable setuid behavior • more options available for server
NFS client • automatic mounting at system startup • /etc/fstab: blitz:/disk/137/ege /mnt/ege nfs rw,hard,intr 0 0
NFS server • NFS uses RPC • similar to xinetd : uses RPC number • portmap listens for rpc requests, then maps them to TCP or UDP ports • NFS uses the rpc.mountd daemon to make new connections • check services in run level: • portmap • nfs
NFS server: export • configuration: /etc/exports ex: /home blitz(rw) /home *.cs.fiu.edu(ro,root_squash) • options: • rw, ro • root_squash • all_squash • anonuid
NFS server: firewall • problem: RPC mechanism uses random ports • solution: • open firewall to trusted machines rule option: -s 131.94.130.39/32