Your SlideShare is downloading. ×
0
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Chapter 05
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Chapter 05

637

Published on

CS325

CS325

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
637
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Linux Networking and Security Chapter 5
  • 2. Configuring File Sharing Services <ul><li>Configure an FTP server for anonymous or regular users </li></ul><ul><li>Set up NFS file sharing between Linux and UNIX systems </li></ul><ul><li>Understand NetWare NCP-Based file sharing </li></ul><ul><li>Use SMB to share files and printers with Windows-based PCs </li></ul>
  • 3. Running an FTP server <ul><li>The File Transfer Protocol (FTP) was designed for efficient distribution of a single file to multiple remote clients </li></ul><ul><li>Some design characteristics of FTP: </li></ul><ul><ul><li>FTP operates in real-time </li></ul></ul><ul><ul><li>FTP was designed to be used by the public and this is called anonymous FTP </li></ul></ul><ul><ul><li>FTP is very effective for transferring large files </li></ul></ul><ul><ul><li>FTP was not designed as a “shared local disk” </li></ul></ul>
  • 4. Using an FTP Client <ul><li>Accessing an FTP site requires an FTP client </li></ul><ul><li>Linux includes a text-mode FTP client, some Linux systems include a newer and refined text-mode ftp system called ncftp </li></ul><ul><li>An FTP client session begins with the ftp command </li></ul><ul><ul><li>If the system connects, users are prompted for username and password </li></ul></ul>
  • 5. Using an FTP Client
  • 6. Using an FTP Client
  • 7. Using an FTP Client
  • 8. Using an FTP Client
  • 9. Introducing FTP Servers <ul><li>The most widely used FTP server on Linux is the Washington University server, wu-ftp </li></ul><ul><li>Setting up the FTP server is done via a number of configuration files </li></ul><ul><li>In addition to configuration files, there is the anonymous user home directory: </li></ul><ul><ul><li>Anonymous users do not see the entire file system and are limited to a working area, or home directory that designates downloadable files </li></ul></ul>
  • 10. Introducing FTP Servers
  • 11. Setting Up FTP Configuration Files <ul><li>The FTP server is configured using the ftpaccess file in the /etc directory </li></ul><ul><ul><li>There are three types of FTP users: Anonymous, Real, and Guest </li></ul></ul><ul><ul><li>Classes of users can be created, which allow you to assign permissions based on groupings </li></ul></ul><ul><ul><li>Permit FTP users to perform file actions using a series of directives naming the file action, followed by yes or no, followed by the classes of user to which the directive applies </li></ul></ul>
  • 12. Setting Up FTP Configuration Files
  • 13. Setting Up FTP Configuration Files
  • 14. Sharing Files with NFS <ul><li>The Network File System (NFS) provides access to remote files systems as if they are part of the local directory structure </li></ul><ul><ul><li>NFS was designed for permanent, long-term connections where remote file systems are used as part of the regular user environment </li></ul></ul><ul><ul><li>NFS does have security concerns and was designed with a trusted network in mind </li></ul></ul><ul><ul><li>NFS is UNIX-centric and does not typically perform well with Windows or NetWare servers </li></ul></ul>
  • 15. Running the NFS Daemons <ul><li>The NFS protocol is implemented by several daemons, each handling different tasks </li></ul><ul><li>NFS communication is built on the remote procedure call (rpc) system </li></ul><ul><ul><li>This system functions almost like a superserver in that programs are assigned an rpc number </li></ul></ul><ul><ul><li>A program called portmap watches for rpc requests from programs like NFS daemons, then maps them to TCP or UDP ports </li></ul></ul><ul><ul><li>NFS uses the rpc.mountd daemon to make new connections </li></ul></ul>
  • 16. Accessing Remote NFS File Systems <ul><li>Acting as a client to an NFS server is straightforward; use the mount command for any local hard disk partitioning containing a file system needing access </li></ul><ul><ul><li>The mount point must be created and the host must have allowed mounting of the directory </li></ul></ul><ul><ul><li>Mount options include altering the default buffer size for NFS transfers, read-only or read-write permission, hard or soft mounts, and suppressing automatic mounting at system startup </li></ul></ul>
  • 17. Exporting Your File System Using NFS <ul><li>To make parts of your file system accessible over the network to other systems, NFS daemons must be running and NFS traffic must be allowed to pass between the hosts </li></ul><ul><ul><li>Beyond this, the /etc/exports file must be set up to define which of the local directories will be available to remote users and how each is used </li></ul></ul><ul><ul><li>NFS uses a security concept called squashing to prevent a user from gaining access to a user account (especially to the root account) simply because they have an ID on the NFS client </li></ul></ul>
  • 18. NetWare File and Printer Sharing <ul><li>NetWare protocols can be used on Linux to act as NetWare file and print servers, or as a client to other NetWare servers </li></ul><ul><ul><li>To use either the client or server tools for NetWare, IPX must be installed on Linux </li></ul></ul><ul><ul><li>NetWare uses a transport protocol called the NetWare Core Protocol (NCP) </li></ul></ul><ul><ul><li>NetWare is a dedicated network operating system, but in the context of Linux, these servers are limited to file and printer sharing </li></ul></ul>
  • 19. Accessing NetWare Servers as a Client <ul><li>The ncpfs package implements NCP and provides a number of client utilities allowing log in, file transfer, printing and so forth </li></ul><ul><ul><li>The ncpfs package is not installed by default </li></ul></ul><ul><ul><li>The ncpfs utilities allow the specification of command-line parameters for server contact </li></ul></ul><ul><ul><li>Alternatively, create a .nwclient file in the home directory that contains the NetWare default settings </li></ul></ul>
  • 20. Accessing NetWare Servers as a Client
  • 21. Making Linux Into a NetWare Server <ul><li>Most Linux distributions contain a package that lets a system emulate a NetWare server </li></ul><ul><ul><li>The Martin Stovers NetWare Emulator package (mars-nwe) provides NetWare-specific protocols </li></ul></ul><ul><ul><li>In addition to NCP transport protocol, mars-nwe provides the NetWare Routing Information Protocol (RIP) and the Service Addressing Protocol (SAP) that let Linux act as a peer with other NetWare servers </li></ul></ul><ul><ul><li>Configure mars-nwe using the /etc/nwserv.conf </li></ul></ul>
  • 22. Windows File and Print Integration with Samba <ul><li>To implement the Windows-based protocols such as Server Message Block (SMB), Common Internet File System (CIFS) and NetBIOS in Linux, use the Samba suite </li></ul><ul><ul><li>The server portion of Samba allows a Linux system to appear in Windows networks as if it were another Windows system </li></ul></ul><ul><ul><li>The client portions of Samba also let Linux access Windows systems that are configured to share their resources </li></ul></ul>
  • 23. Using Samba Client Utilities <ul><li>Samba client utilities allow access to shared Windows resources as if another Windows-based computer </li></ul><ul><ul><li>The smbclient utility is a command-line utility that allows logging into a Windows host, and interacting using a series of commands </li></ul></ul><ul><ul><li>To graphically access a Windows system, mount a Windows share as part of Linux by the standard mount command using a file system type of smbfs </li></ul></ul><ul><ul><li>Printing to a Windows printer is done using the smbprint command </li></ul></ul>
  • 24. Using Samba Client Utilities
  • 25. Using Samba Client Utilities
  • 26. Using Samba Client Utilities
  • 27. Using Samba Client Utilities
  • 28. Setting Up a Samba Server <ul><li>Samba includes two server daemons: </li></ul><ul><ul><li>nmbd, which implements the NetBIOS service </li></ul></ul><ul><ul><li>smbd, which implements the SMB file and print sharing </li></ul></ul><ul><ul><li>Both of these daemons must be running to implement a Samba server </li></ul></ul><ul><ul><li>Both are managed using a single script in /etc/rc.d/init.d </li></ul></ul><ul><li>Samba configuration files are typically stored in /etc/samba </li></ul>
  • 29. Creating Samba Users <ul><li>The user security model requires users to log in with a valid user name and password before using a share on the Samba server </li></ul><ul><ul><li>Several utilities included with the Samba suite allow for everyone with a Linux user account to also log in via Samba </li></ul></ul><ul><ul><li>The following command creates a Samba password for all Linux users: cat /etc/passwd | mksmbpasswd.sh &gt; /etc/samba/smbpasswd </li></ul></ul>
  • 30. Using SWAT to Configure SMB <ul><li>SWAT is a browser-based graphical interface that sets up the smb.conf file, restarts the Samba server, and provides some status information on server utilization </li></ul><ul><ul><li>SWAT runs a network service managed by the superserver </li></ul></ul><ul><ul><li>To use SWAT, the SWAT service must be included in the /etc/services file </li></ul></ul><ul><ul><li>SWAT must also be enabled in the superserver configuration </li></ul></ul>
  • 31. Using SWAT to Configure SMB
  • 32. Using SWAT to Configure SMB
  • 33. Using SWAT to Configure SMB
  • 34. Accessing Samba from Windows <ul><li>Once a Samba server is up and running, there is access to Linux files and printers from any Windows-based host </li></ul><ul><ul><li>All that is required is the correct Windows networking configuration and a valid username and password </li></ul></ul><ul><ul><li>Samba uses only TCP/IP, so TCP/IP should be configured in the Windows environment </li></ul></ul>
  • 35. Accessing Samba from Windows
  • 36. Chapter Summary <ul><li>FTP is a widely used Internet protocol that was designed for efficient transfer of files from a server to multiple clients at diverse locations </li></ul><ul><li>The anonymous feature of FTP makes it popular for public download archives </li></ul><ul><li>To access an FTP server, you can use the text-mode client, ftp, graphical clients such as gFTP or IglooFTP, or a Web browser </li></ul><ul><li>The standard FTP server is wu-ftpd </li></ul><ul><li>You can configure classes of users in ftpaccess, then assign permissions to perform different file actions </li></ul>
  • 37. Chapter Summary <ul><li>The Network File System (NFS) lets you access remote file systems as part of your local directory structure by using the mount command to contact an NFS server </li></ul><ul><li>An NFS server consists of several possible daemons; at the least, nfsd and rpc.mountd are required </li></ul><ul><li>An NFS server is configured using the /etc/exports file, which defines which local directories are available for remote users to mount </li></ul><ul><li>NFS is prone to security holes, but it relies on several layers of security </li></ul>
  • 38. Chapter Summary <ul><li>The NetWare network operating system can be emulated on Linux as a powerful file-and-print server using the mars-nwe package </li></ul><ul><li>The mars-nwe NetWare emulator is configured using the /etc/nwserv.conf file </li></ul><ul><li>Linux can access NetWare servers as clients using the ncpfs package, which provides a number of command-line tools to manage NetWare servers </li></ul><ul><li>Windows networking uses the NetBIOS and SMB (also called CIFS) protocols, both of which are implemented by the Samba suite in Linux </li></ul>
  • 39. Chapter Summary <ul><li>Using the Samba client utility smbclient and mounting Windows file systems of type smbfs provide convenient access to shared resources </li></ul><ul><li>A simple Samba server configuration in smb.conf involves defining the server name, basic security options, and defining shares </li></ul><ul><li>SWAT provides graphical configuration and administration functionality for Samba </li></ul><ul><li>Multiple Samba security models are supported, including Windows NT domains and guest accounts, which often use Samba as a dedicated print server </li></ul>

×