Home

NFS, Samba SWAT, and FTP server - Fedora 7 Linux

PostDateIcon January 11th, 2008

==============================================================
NFS Howto:
==============================================================

NFS stands for Network File System, and is the standard for sharing printers and files on a
directory within Linux and Unix computers. NFS comes from the SUN family, and is widely
adopted as a solution to run along side of Active Directory to provide reliable storage to
Windows Networks.

==============================================================
Objectives for NFS:
==============================================================
 Create a /public directory that is exported to all users as read only. It should allow three computers read/write privileges.

 Create a /home directory that is exported with read/write privileges, to any computer
on the a specific network.

 Create a /private directory that only the administrator can make changes

 All of the directories should include the sync flag. This requires all changes be made to files before a file copy/change is considered to be complete.

 Your NFS resources should be available when you restart your server at any time.

==============================================================

ON THE SERVER::

--------------------------------------------------------------
Install these needed packages:
--------------------------------------------------------------

yum install nfs-utils nfs-utils-lib portmap system-config-nfs

--------------------------------------------------------------
Make the directories for nfs in the /mnt
--------------------------------------------------------------

mkdir /mnt/pub
mkdir /mnt/home
mkdir /mnt/private

--------------------------------------------------------------
Add the following to /etc/exports: Refer to objectives for explanations**
--------------------------------------------------------------

/mnt/pub *(ro,insecure,sync) 142.25.97.106(rw,insecure,sync) 142.25.97.89(rw,insecure,sync) 142.25.97.115(rw,insecure,sync)
/mnt/home 142.25.97.0/255.255.255.0(rw,insecure,sync)
/mnt/private 142.25.97.106(rw,insecure,no_root_squash,sync)

--------------------------------------------------------------
Now Restart nfs and check for errors:
--------------------------------------------------------------

service nfs restart

Note: Should not even give a message or error if working correctly.

--------------------------------------------------------------
To see the list of shared directories:
--------------------------------------------------------------

showmount -e localhost

--------------------------------------------------------------
Get NFS to start automatically on restart:
--------------------------------------------------------------
chkconfig nfs on

--------------------------------------------------------------

NOW ON THE CLIENT:
--------------------------------------------------------------

--------------------------------------------------------------
Create the following directories on the client and chmod them:
--------------------------------------------------------------

mkdir /media/pub
mkdir /media/private
mkdir /media/home

cd /

chmod 777 *

--------------------------------------------------------------
For each individual directory you must mount them:
--------------------------------------------------------------

mount -t nfs 142.25.97.90:/mnt/pub /media/pub

Note: 142.25.97.90 is the servers IP address

--------------------------------------------------------------
Now to test and see if its working, write a file on the server and see if you can see it on the client. Try writing on the server from the client, you may or may not be allowed depending on the ACL.
--------------------------------------------------------------

==============================================================
FTP SERVER
==============================================================

FTP which stands for File Transfer Protocol is one of the original applications created for computers. It has some shortfalls using today’s technology: security, vulnerabilities, and configuration problems.

--------------------------------------------------------------
Install and configure an FTP server with the following settings:

 Anonymous users should not be allowed to login to your server

 Set your FTP Banner to state a welcome message upon login

 Your FTP server should serve up the directory /FTP_ROOT to users upon login

 Ensure that you have logging enabled, and you are aware of the location of logs

 Session timeout should be set to 1 hour

--------------------------------------------------------------
Install vsftpd
--------------------------------------------------------------
yum install vsftpd

--------------------------------------------------------------
Create a user, a group and change the users password:
--------------------------------------------------------------
groupadd ftpuser

useradd ftptest -G ftpuser

passwd ftptest

--------------------------------------------------------------
Create a directory in root called FTP_ROOT
--------------------------------------------------------------

mkdir /FTP_ROOT

chown root:ftpuser /FTP_ROOT

--------------------------------------------------------------
Edit the vsftpd.conf file
--------------------------------------------------------------

Change anonymous_enable=YES to:
anonymous_enable=NO

Change and uncomment if it is commented:
idle_session_timeout=600 to 3600

Change and uncomment if it is commented:
ftpd_banner=Herro mon!!!!

Add the following:
local_root=/FTP_ROOT

AND check to see if these are like so:

write_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
dirlist_enable=YES
no_anon_password=YES
file_open_mode=0777

--------------------------------------------------------------
Reload the service and test with a ftp program.
--------------------------------------------------------------

service vsftpd restart

--------------------------------------------------------------
Get vsftp to start on restart automatically:
--------------------------------------------------------------
chkconfig vsftpd on

==============================================================
Samba
==============================================================

Samba which stands for Server Message Block or SMB. Microsoft’s
CIFS was built on the SMB protocol. As Microsoft developed CIFS, the Samba developers have upgraded Samba accordingly. Samba allows your computer to act as a client, a member server, or even a Primary Domain Controller (PDC)

OBJECTIVES:

 Create two users (Instructor01, Instructor01) and add them to a group called Instructors

 Create three users (Student01, Student02, Student03) and add them to a group called Students

 Create an Instructor Samba share that allows members of the instructors group to write to the directory, and prevents all other users from reading or writing to this share.

 Create a Student share that allows the Students read only, and the Instructors read/write permissions.

 Users access to their home directories once authenticated with the Samba Server to read/write files into their structures.

--------------------------------------------------------------
Installing Samba
--------------------------------------------------------------
yum install samba* swat

Note: Might be already installed with modern releases.

--------------------------------------------------------------
Create users and groups.
--------------------------------------------------------------
groupadd instructors
useradd instructor01 -G instructors
useradd instructor02 -G instructors

groupadd students
useradd student01 -G students
useradd student02 -G students
useradd student03 -G students

--------------------------------------------------------------
Give the users a password using smbpasswd
Note: If you want to give the users access to the system, then use passwd and smbpasswd for the samba share as well.
--------------------------------------------------------------
smbpasswd username

--------------------------------------------------------------
Configure and make the shares:
--------------------------------------------------------------
mkdir -p /home/shares/students/
mkdir -p /home/shares/instructors/

chown root:Instructors /home/shares/students
chown root:Instructors /home/shares/instructors
chmod 775 /home/shares/students
chmod 775 /home/shares

--------------------------------------------------------------
Edit swat and add in the IP of the machine that will be using the shares.
--------------------------------------------------------------
vi /etc/xinetd.d/swat

Change

only_from = 127.0.0.1

To

only_from = 127.0.0.1 clientIPgoesHere

--------------------------------------------------------------
Add these to the automatic startup and reboot.
--------------------------------------------------------------
chkconfig smb on
chkconfig nmb on
chkconfig swat on

shutdown -r now

--------------------------------------------------------------
Connect to swat with in your Internet viewing program on the machine with the specified IP;)
--------------------------------------------------------------
http://sambaserverIP:901

E.g.:

http: //142.25.97.135:901

--------------------------------------------------------------
The entries for the shares in /etc/samba/smb.conf should look like:
--------------------------------------------------------------

[students]
comment = students
path = /home/shares/students
valid users = instructor01, instructor02, student01, student02, student03
admin users = instructor01, instructor02
read list = instructor01, instructor02, student01, student02, student03
write list = instructor01, instructor02
read only = No
available = YES

[instructors]
comment = instructors
path = /home/shares/instructors
valid users = instructor01, instructor02
admin users = instructor01, instructor02
read list = instructor01, instructor02
write list = instructor01, instructor02
read only = No
available = Yes

--------------------------------------------------------------
Create a share in the web interface:
--------------------------------------------------------------
Pretty self explanitory here.
On the specified client type the \\IPaddress\sharename and you should be good to go :)

--------------------------------------------------------------
Conclusion:
--------------------------------------------------------------
Samba, NFS and FTP are usefull utilities for an Administrator to know, however, by themselves they are only a stepping stone.
They are full of security holes and flaws that are ready to be exploited by malicious persons, but when combined with other technologies only then are they usefull and secure.

--------------------------------------------------------------
Resources:
--------------------------------------------------------------
http://vsftpd.beasts.org/vsftpd_conf.html
http://linux.saini.co.in/2007/09/08/vsftpd-very-secure-ftp-server-config...
Red Hat Certified Engineer Linux Study Guide - Chapter 10
http://www.samba.org/
http://www.howtoforge.com/samba-fileserver-with-swat-fedora8-p2
http://www.howtoforge.net/high_availability_nfs_drbd_heartbeat

PostCategoryIcon Share this   | PostTagIcon Tags: Documentation, Fedora 7, Linux Documentation
Post new comment
The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.
Navigation
Syndicate
Syndicate content
Share this
Powered by Drupal, an open source content management system

® Ron Brash 2010 | About Me | Contact | Sitemap