Your SlideShare is downloading. ×
Chapter 05
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Chapter 05


Published on



Published in: Education, Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Linux Networking and Security Chapter 5
  • 2. Configuring File Sharing Services
    • Configure an FTP server for anonymous or regular users
    • Set up NFS file sharing between Linux and UNIX systems
    • Understand NetWare NCP-Based file sharing
    • Use SMB to share files and printers with Windows-based PCs
  • 3. Running an FTP server
    • The File Transfer Protocol (FTP) was designed for efficient distribution of a single file to multiple remote clients
    • Some design characteristics of FTP:
      • FTP operates in real-time
      • FTP was designed to be used by the public and this is called anonymous FTP
      • FTP is very effective for transferring large files
      • FTP was not designed as a “shared local disk”
  • 4. Using an FTP Client
    • Accessing an FTP site requires an FTP client
    • Linux includes a text-mode FTP client, some Linux systems include a newer and refined text-mode ftp system called ncftp
    • An FTP client session begins with the ftp command
      • If the system connects, users are prompted for username and password
  • 5. Using an FTP Client
  • 6. Using an FTP Client
  • 7. Using an FTP Client
  • 8. Using an FTP Client
  • 9. Introducing FTP Servers
    • The most widely used FTP server on Linux is the Washington University server, wu-ftp
    • Setting up the FTP server is done via a number of configuration files
    • In addition to configuration files, there is the anonymous user home directory:
      • Anonymous users do not see the entire file system and are limited to a working area, or home directory that designates downloadable files
  • 10. Introducing FTP Servers
  • 11. Setting Up FTP Configuration Files
    • The FTP server is configured using the ftpaccess file in the /etc directory
      • There are three types of FTP users: Anonymous, Real, and Guest
      • Classes of users can be created, which allow you to assign permissions based on groupings
      • Permit FTP users to perform file actions using a series of directives naming the file action, followed by yes or no, followed by the classes of user to which the directive applies
  • 12. Setting Up FTP Configuration Files
  • 13. Setting Up FTP Configuration Files
  • 14. Sharing Files with NFS
    • The Network File System (NFS) provides access to remote files systems as if they are part of the local directory structure
      • NFS was designed for permanent, long-term connections where remote file systems are used as part of the regular user environment
      • NFS does have security concerns and was designed with a trusted network in mind
      • NFS is UNIX-centric and does not typically perform well with Windows or NetWare servers
  • 15. Running the NFS Daemons
    • The NFS protocol is implemented by several daemons, each handling different tasks
    • NFS communication is built on the remote procedure call (rpc) system
      • This system functions almost like a superserver in that programs are assigned an rpc number
      • A program called portmap watches for rpc requests from programs like NFS daemons, then maps them to TCP or UDP ports
      • NFS uses the rpc.mountd daemon to make new connections
  • 16. Accessing Remote NFS File Systems
    • Acting as a client to an NFS server is straightforward; use the mount command for any local hard disk partitioning containing a file system needing access
      • The mount point must be created and the host must have allowed mounting of the directory
      • Mount options include altering the default buffer size for NFS transfers, read-only or read-write permission, hard or soft mounts, and suppressing automatic mounting at system startup
  • 17. Exporting Your File System Using NFS
    • To make parts of your file system accessible over the network to other systems, NFS daemons must be running and NFS traffic must be allowed to pass between the hosts
      • Beyond this, the /etc/exports file must be set up to define which of the local directories will be available to remote users and how each is used
      • NFS uses a security concept called squashing to prevent a user from gaining access to a user account (especially to the root account) simply because they have an ID on the NFS client
  • 18. NetWare File and Printer Sharing
    • NetWare protocols can be used on Linux to act as NetWare file and print servers, or as a client to other NetWare servers
      • To use either the client or server tools for NetWare, IPX must be installed on Linux
      • NetWare uses a transport protocol called the NetWare Core Protocol (NCP)
      • NetWare is a dedicated network operating system, but in the context of Linux, these servers are limited to file and printer sharing
  • 19. Accessing NetWare Servers as a Client
    • The ncpfs package implements NCP and provides a number of client utilities allowing log in, file transfer, printing and so forth
      • The ncpfs package is not installed by default
      • The ncpfs utilities allow the specification of command-line parameters for server contact
      • Alternatively, create a .nwclient file in the home directory that contains the NetWare default settings
  • 20. Accessing NetWare Servers as a Client
  • 21. Making Linux Into a NetWare Server
    • Most Linux distributions contain a package that lets a system emulate a NetWare server
      • The Martin Stovers NetWare Emulator package (mars-nwe) provides NetWare-specific protocols
      • In addition to NCP transport protocol, mars-nwe provides the NetWare Routing Information Protocol (RIP) and the Service Addressing Protocol (SAP) that let Linux act as a peer with other NetWare servers
      • Configure mars-nwe using the /etc/nwserv.conf
  • 22. Windows File and Print Integration with Samba
    • To implement the Windows-based protocols such as Server Message Block (SMB), Common Internet File System (CIFS) and NetBIOS in Linux, use the Samba suite
      • The server portion of Samba allows a Linux system to appear in Windows networks as if it were another Windows system
      • The client portions of Samba also let Linux access Windows systems that are configured to share their resources
  • 23. Using Samba Client Utilities
    • Samba client utilities allow access to shared Windows resources as if another Windows-based computer
      • The smbclient utility is a command-line utility that allows logging into a Windows host, and interacting using a series of commands
      • To graphically access a Windows system, mount a Windows share as part of Linux by the standard mount command using a file system type of smbfs
      • Printing to a Windows printer is done using the smbprint command
  • 24. Using Samba Client Utilities
  • 25. Using Samba Client Utilities
  • 26. Using Samba Client Utilities
  • 27. Using Samba Client Utilities
  • 28. Setting Up a Samba Server
    • Samba includes two server daemons:
      • nmbd, which implements the NetBIOS service
      • smbd, which implements the SMB file and print sharing
      • Both of these daemons must be running to implement a Samba server
      • Both are managed using a single script in /etc/rc.d/init.d
    • Samba configuration files are typically stored in /etc/samba
  • 29. Creating Samba Users
    • The user security model requires users to log in with a valid user name and password before using a share on the Samba server
      • Several utilities included with the Samba suite allow for everyone with a Linux user account to also log in via Samba
      • The following command creates a Samba password for all Linux users: cat /etc/passwd | > /etc/samba/smbpasswd
  • 30. Using SWAT to Configure SMB
    • SWAT is a browser-based graphical interface that sets up the smb.conf file, restarts the Samba server, and provides some status information on server utilization
      • SWAT runs a network service managed by the superserver
      • To use SWAT, the SWAT service must be included in the /etc/services file
      • SWAT must also be enabled in the superserver configuration
  • 31. Using SWAT to Configure SMB
  • 32. Using SWAT to Configure SMB
  • 33. Using SWAT to Configure SMB
  • 34. Accessing Samba from Windows
    • Once a Samba server is up and running, there is access to Linux files and printers from any Windows-based host
      • All that is required is the correct Windows networking configuration and a valid username and password
      • Samba uses only TCP/IP, so TCP/IP should be configured in the Windows environment
  • 35. Accessing Samba from Windows
  • 36. Chapter Summary
    • FTP is a widely used Internet protocol that was designed for efficient transfer of files from a server to multiple clients at diverse locations
    • The anonymous feature of FTP makes it popular for public download archives
    • To access an FTP server, you can use the text-mode client, ftp, graphical clients such as gFTP or IglooFTP, or a Web browser
    • The standard FTP server is wu-ftpd
    • You can configure classes of users in ftpaccess, then assign permissions to perform different file actions
  • 37. Chapter Summary
    • The Network File System (NFS) lets you access remote file systems as part of your local directory structure by using the mount command to contact an NFS server
    • An NFS server consists of several possible daemons; at the least, nfsd and rpc.mountd are required
    • An NFS server is configured using the /etc/exports file, which defines which local directories are available for remote users to mount
    • NFS is prone to security holes, but it relies on several layers of security
  • 38. Chapter Summary
    • The NetWare network operating system can be emulated on Linux as a powerful file-and-print server using the mars-nwe package
    • The mars-nwe NetWare emulator is configured using the /etc/nwserv.conf file
    • Linux can access NetWare servers as clients using the ncpfs package, which provides a number of command-line tools to manage NetWare servers
    • Windows networking uses the NetBIOS and SMB (also called CIFS) protocols, both of which are implemented by the Samba suite in Linux
  • 39. Chapter Summary
    • Using the Samba client utility smbclient and mounting Windows file systems of type smbfs provide convenient access to shared resources
    • A simple Samba server configuration in smb.conf involves defining the server name, basic security options, and defining shares
    • SWAT provides graphical configuration and administration functionality for Samba
    • Multiple Samba security models are supported, including Windows NT domains and guest accounts, which often use Samba as a dedicated print server