文件共享之ftp、nfs、samba和inotify_rsync实时备份

1.实现基于mysql验证的vsftpd虚拟用户访问

本场景使用两台服务器实现，一台ftp服务器，一台数据库服务器

1.1 安装数据库

[ ~]#yum -y install mariadb-server
[ ~]#systemctl start mariadb.service
[ ~]#systemctl enable mariadb

1.2 在FTP服务器上安装vsftpd，mariadb-devel，pam-devel和pam_mysql包（pam_mysql需要编译安装）

[ ~]# yum install vsftpd mariadb-devel pam-devel -y

[ ~]# yum -y groupinstall "Development Tools"
[ src]# tar xvf pam_mysql-0.7RC1.tar.gz
[ pam_mysql-0.7RC1]# cd pam_mysql-0.7RC1/
[ pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security --with-mysql=/usr --with-pam=/usr
[ pam_mysql-0.7RC1]# make -j 4 && make install

1.3 在数据库服务器上创建虚拟用户账号

1.3.1 建立存储虚拟用户数据库和连接的数据库用户

MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |          
| mysql              |
| performance_schema |
| test               |
| vsftpd             |           
+--------------------+
7 rows in set (0.00 sec)

MariaDB [(none)]> GRANT SELECT ON vsftpd.* TO ‘%‘ IDENTIFIED BY ‘centos‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

1.3.2 准备存储用户的表

MariaDB [(none)]> USE vsftpd;
Database changed
MariaDB [vsftpd]> SHOW TABLES;
Empty set (0.01 sec)

MariaDB [vsftpd]> CREATE TABLE users (
    -> id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
    -> name CHAR(50) BINARY NOT NULL,
    -> password CHAR(48) BINARY NOT NULL
    -> );
Query OK, 0 rows affected (0.06 sec)

MariaDB [vsftpd]> DESC users;
+----------+----------+------+-----+---------+----------------+
| Field    | Type     | Null | Key | Default | Extra          |
+----------+----------+------+-----+---------+----------------+
| id       | int(11)  | NO   | PRI | NULL    | auto_increment |
| name     | char(50) | NO   |     | NULL    |                |
| password | char(48) | NO   |     | NULL    |                |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.00 sec)

1.3.3 测试连接

[ ~]# yum install mariadb -y
[ ~]# mysql -uvsftpd -pcentos -h 10.0.1.244 -e "show databases;"
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
| vsftpd             |
+--------------------+

1.3.4 添加虚拟用户

MariaDB [(none)]> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [vsftpd]> INSERT INTO users(name,password) values(‘test1‘,password(‘centos‘));
Query OK, 1 row affected (0.01 sec)

MariaDB [vsftpd]> INSERT INTO users(name,password) values(‘test2‘,password(‘centos‘));
Query OK, 1 row affected (0.01 sec)

MariaDB [vsftpd]> SELECT * FROM users;
+----+-------+-------------------------------------------+
| id | name  | password                                  |
+----+-------+-------------------------------------------+
|  1 | test1 | *128977E278358FF80A246B5046F51043A2B1FCED |
|  2 | test2 | *128977E278358FF80A246B5046F51043A2B1FCED |
+----+-------+-------------------------------------------+
2 rows in set (0.00 sec)

1.4 在FTP服务器上配置vsftpd服务

1.4.1 在FTP服务器上建立pam认证所需文件

[ ~]# cat /etc/pam.d/vsftpd.mysql ###添加如下两行
auth required pam_mysql.so user=vsftpd passwd=centos host=10.0.1.244 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=centos host=10.0.1.244 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

? auth 表示认证
? account 验证账号密码正常使用
? required 表示认证要通过
? pam_mysql.so模块是默认的相对路径，是相对/lib64/security/路径而言，也可以写绝
对路径；后面为给此模块传递的参数
? user=vsftpd为登录mysql的用户
? passwd=magedu 登录mysql的的密码
? host=mysqlserver mysql服务器的主机名或ip地址
? db=vsftpd 指定连接msyql的数据库名称
? table=users 指定连接数据库中的表名
? usercolumn=name 当做用户名的字段
? passwdcolumn=password 当做用户名字段的密码
? crypt=2 密码的加密方式为mysql password()函数加密

1.4.2 建立虚拟用户映射的系统用户及对应的目录

[ ~]# useradd -s /sbin/nologin -d /var/ftproot vuser
[ ~]# chmod 555 /var/ftproot
[ ~]# mkdir /var/ftproot/{upload,pub}
[ ~]# setfacl -m u:vuser:rwx /var/ftproot/upload

1.4.3 修改vsftpd的配置文件

[ ~]# cat /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd.mysql  ###需修改
guest_enable=YES   ###新添加一下两项
guest_username=vuser

1.5 测试

1.5.1 启动vsftpd服务

[ ~]# systemctl start vsftpd

1.5.2 利用FTP客户端工具,以虚拟用户登录验证结果

[ ~]# yum install ftp -y
[ ~]# ftp c5
Connected to c5 (10.0.1.246).
220 (vsFTPd 3.0.2)
Name (c5:root): test1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

2.通过NFS实现服务器/www共享访问

2.1 nfs属于内核模块，所以直接启动nfs服务

[ ~]# systemctl start nfs-server
[ ~]# yum install nfs-utils -y    ###没有nfs时用此命令安装

2.2 创建共享目录

[ ~]# mkdir /www
[ ~]# chown nfsnobody /www

2.3 添加配置

[ ~]# cat /etc/exports
/www *(rw)

2.4 测试

2.4.1 查看本机所有共享

[ ~]# exportfs -v
/www   <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)

2.4.2 远程挂载

[ ~]# mount 10.0.1.242:/www /mnt/nfsshare/
[ ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   60G   21G   40G  35% /
devtmpfs                 983M     0  983M   0% /dev
tmpfs                   1000M     0 1000M   0% /dev/shm
tmpfs                   1000M   98M  902M  10% /run
tmpfs                   1000M     0 1000M   0% /sys/fs/cgroup
/dev/sda1               1014M  166M  849M  17% /boot
tmpfs                    200M   44K  200M   1% /run/user/0
/dev/sr0                 3.8G  3.8G     0 100% /run/media/root/CentOS_6.10_Final
/dev/sr1                  11G   11G     0 100% /run/media/root/CentOS 7 x86_64
10.0.1.242:/www           42G  1.3G   41G   4% /mnt/nfsshare
[ ~]# touch /mnt/nfsshare/test.txt
[ ~]# cd /mnt/nfsshare/
[ nfsshare]# ls
test.txt
[ nfsshare]# cat test.txt 
[ nfsshare]# echo 123 > test.txt
[ nfsshare]# cat test.txt 
123

[ ~]# ll /www/
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 May 19 10:06 test.txt
[ ~]# cat /www/test.txt 
123

2.5 配置开机自动挂在

[ nfsshare]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Sat Jan  4 01:52:46 2020
#
# Accessible filesystems, by reference, are maintained under ‘/dev/disk‘
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /                       xfs     defaults        0 0
UUID=24b6bae0-d077-4259-8529-f778c9c120ce /boot                   xfs     defaults        0 0
/dev/mapper/centos-swap swap                    swap    defaults        0 0
10.0.1.242:/www                  /mnt/nfsshare/ nfs     defaults        0 0

3.配置Samba共享，实现/www目录共享

3.1 在samba服务器上安装samba包

[ ~]# yum -y install samba

3.2 创建samba用户和组

[ ~]# groupadd -r admins
[ ~]# useradd -s /sbin/nologin -G admins rick
[ ~]# smbpasswd -a rick
New SMB password:
Retype new SMB password:
Added user rick.
[ ~]# useradd -s /sbin/nologin mage
[ ~]# smbpasswd -a mage
New SMB password:
Retype new SMB password:
Added user mage.
[ ~]#

3.3 创建samba共享目录

[ ~]# mkdir -p /testdir/smbshare
[ ~]# chgrp admins /testdir/smbshare
[ ~]# chmod 2775 /testdir/smbshare

3.4 samba服务器配置

vim /etc/samba/smb.conf    ###增加如下两行
[share]
path = /testdir/smbshare
write list = @admins
[ ~]# systemctl start smb nmb

3.5 samba客户端访问

3.5.1 安装客户端

[ ~]# yum -y install cifs-utils

3.5.2 用rick用户挂载smb共享并访问

[ ~]# mkdir /mnt/rick
[ ~]# mount -o username=rick //10.0.1.245/share /mnt/rick/
Password for //10.0.1.245/share:  ******
[ ~]# df -h
Filesystem          Size  Used Avail Use% Mounted on
/dev/sda2            42G  1.7G   40G   5% /
devtmpfs            909M     0  909M   0% /dev
tmpfs               920M     0  920M   0% /dev/shm
tmpfs               920M   17M  903M   2% /run
tmpfs               920M     0  920M   0% /sys/fs/cgroup
/dev/sda1           497M  130M  367M  27% /boot
tmpfs               184M     0  184M   0% /run/user/0
//10.0.1.245/share   42G  1.3G   41G   3% /mnt/rick
[ ~]# echo "Hello rick." > /mnt/rick/rick.txt

[ ~]# ls /testdir/smbshare/ -l
total 4
-rwxr--r-- 1 rick admins 12 May 19 15:41 rick.txt
[ ~]# ll /testdir/smbshare/
total 4
-rwxr--r-- 1 rick admins 12 May 19 15:41 rick.txt
[ ~]# cat /testdir/smbshare/rick.txt 
Hello rick.

3.5.3 用mage用户挂载smb共享并访问

[ ~]# mkdir /mnt/mage
[ ~]# mount -o username=mage //10.0.1.245/share /mnt/mage/
Password for //10.0.1.245/share:  ******
[ ~]# df -h
Filesystem          Size  Used Avail Use% Mounted on
/dev/sda2            42G  1.7G   40G   5% /
devtmpfs            909M     0  909M   0% /dev
tmpfs               920M     0  920M   0% /dev/shm
tmpfs               920M   17M  903M   2% /run
tmpfs               920M     0  920M   0% /sys/fs/cgroup
/dev/sda1           497M  130M  367M  27% /boot
tmpfs               184M     0  184M   0% /run/user/0
//10.0.1.245/share   42G  1.3G   41G   3% /mnt/rick
//10.0.1.245/share   42G  1.3G   41G   3% /mnt/mage

[ ~]# mount -o username=mage //10.0.1.245/share /mnt/mage/
Password for //10.0.1.245/share:  ******
[ ~]# df -h
Filesystem          Size  Used Avail Use% Mounted on
/dev/sda2            42G  1.7G   40G   5% /
devtmpfs            909M     0  909M   0% /dev
tmpfs               920M     0  920M   0% /dev/shm
tmpfs               920M   17M  903M   2% /run
tmpfs               920M     0  920M   0% /sys/fs/cgroup
/dev/sda1           497M  130M  367M  27% /boot
tmpfs               184M     0  184M   0% /run/user/0
//10.0.1.245/share   42G  1.3G   41G   3% /mnt/rick
//10.0.1.245/share   42G  1.3G   41G   3% /mnt/mage
[ ~]# touch /mnt/mage/magefile.txt
touch: cannot touch ‘/mnt/mage/magefile.txt’: Permission denied
###注：因为mage用户不属于admin组，所以没有写权限

4.使用rsync+inotify实现/www目录实时同步

4.1 实现实时同步

1.要利用监控服务（inotify），监控同步数据服务器目录中信息的变化
2.发现目录中数据产生变化，就利用rsync服务推送到备份服务器上
3.利用脚本进行结合

4.2 查看服务器内核是否支持inotify

[ ~]# ll /proc/sys/fs/inotify #列出下面的文件，说明服务器内核支持inotify
total 0
-rw-r--r-- 1 root root 0 May 19 15:57 max_queued_events
-rw-r--r-- 1 root root 0 May 19 15:57 max_user_instances
-rw-r--r-- 1 root root 0 May 19 15:57 max_user_watches

4.3 安装inotify

4.3.1 安装epel源

[ ~]# yum install epel-release.noarch -y

4.3.2 安装inotify软件

[ ~]# yum install inotify-tools -y

4.3.3 配置 rsync 服务器端的配置文件

[ ~]# cat /etc/rsyncd.conf
# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:

uid = root
gid = root
use chroot = no
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
hosts allow = 10.0.1.0/24

[backup]
path = /backup
comment = backup
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pass

4.3.4 服务器端生成验证文件，准备目录并启动rsync服务

[ ~]# echo "centos" > /etc/rsync.pass
[ ~]# chmod 600 /etc/rsync.pass
[ ~]# mkdir /backup
[ ~]# systemctl start rsyncd

4.3.5 客户端配置密码文件和创建要同步的目录

[ ~]# echo "rsyncuser:centos" > /etc/rsync.pass
[ ~]# chmod 600 /etc/rsync.pass
[ ~]# mkdir /data
[ ~]# touch /data/123.txt

4.4 客户端测试同步数据

[ ~]# rsync -avz --password-file=/etc/rsync.pass /data/ ::backup
sending incremental file list
./
123.txt

sent 105 bytes  received 38 bytes  286.00 bytes/sec
total size is 0  speedup is 0.00

[ ~]# ls /backup/
123.txt

4.5 客户端创建inotify_rsync.sh脚本实现实时同步

4.5.1 创建脚本

[ ~]# cat inotify_rsync.sh 
#!/bin/bash
SRC=‘/data/‘
DEST=‘::backup‘
inotifywait -mrq --timefmt ‘%Y-%m-%d %H:%M‘ --format ‘%T %w %f‘ -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done

4.5.2 后台运行脚本进行测试

[ ~]# nohup sh inotify_rsync.sh &
[1] 24745
[ ~]# nohup: ignoring input and appending output to ‘nohup.out’
[ ~]# touch /data/test1.txt
[ ~]# echo hello > /data/test1.txt
[ ~]# tailf /var/log/changelist.log 
At 22:32 on 2020-05-19, file /data/123.txt was backuped up via rsync
At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync
At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync
At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync
At 22:40 on 2020-05-19, file /data/test1.txt was backuped up via rsync

###服务器端
[ backup]# pwd
/backup
[ backup]# ll
total 4
-rw-r--r-- 1 root root 6 May 19 22:40 test1.txt
[ backup]# cat test1.txt 
hello

5.使用iptables实现：放行Telnet，ftp，web服务器，方行samba服务，其他端口服务全部拒绝

[ ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 80 -j ACCEPT
[ ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 21 -j ACCEPT
[ ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 23 -j ACCEPT
[ ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 139 -j ACCEPT
[ ~]# iptables -A INPUT -p tcp -d 10.1.1.110 --dport 445 -j ACCEPT
[ ~]# iptables -A INPUT -j DROP
[ ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   39  4962 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:22 
    6   394 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:80 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:21 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:23 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:139 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            10.1.1.110          tcp dpt:445 
   81  8786 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 49 packets, 5983 bytes)
 pkts bytes target     prot opt in     out     source               destination

###测试
[ ~]# yum install httpd -y
[ ~]# ls /var/www/html/
[ ~]# echo this is for iptables > /var/www/html/index.html
[ ~]# cat /var/www/html/index.html
this is for iptables
[ ~]# service httpd start

[ ~]# curl 10.1.1.110
this is for iptables

文件共享之ftp、nfs、samba和inotify_rsync实时备份

相关推荐