Chapter 05


Published on


Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Chapter 05

  1. 1. Linux Networking and Security Chapter 5
  2. 2. Configuring File Sharing Services <ul><li>Configure an FTP server for anonymous or regular users </li></ul><ul><li>Set up NFS file sharing between Linux and UNIX systems </li></ul><ul><li>Understand NetWare NCP-Based file sharing </li></ul><ul><li>Use SMB to share files and printers with Windows-based PCs </li></ul>
  3. 3. Running an FTP server <ul><li>The File Transfer Protocol (FTP) was designed for efficient distribution of a single file to multiple remote clients </li></ul><ul><li>Some design characteristics of FTP: </li></ul><ul><ul><li>FTP operates in real-time </li></ul></ul><ul><ul><li>FTP was designed to be used by the public and this is called anonymous FTP </li></ul></ul><ul><ul><li>FTP is very effective for transferring large files </li></ul></ul><ul><ul><li>FTP was not designed as a “shared local disk” </li></ul></ul>
  4. 4. Using an FTP Client <ul><li>Accessing an FTP site requires an FTP client </li></ul><ul><li>Linux includes a text-mode FTP client, some Linux systems include a newer and refined text-mode ftp system called ncftp </li></ul><ul><li>An FTP client session begins with the ftp command </li></ul><ul><ul><li>If the system connects, users are prompted for username and password </li></ul></ul>
  5. 5. Using an FTP Client
  6. 6. Using an FTP Client
  7. 7. Using an FTP Client
  8. 8. Using an FTP Client
  9. 9. Introducing FTP Servers <ul><li>The most widely used FTP server on Linux is the Washington University server, wu-ftp </li></ul><ul><li>Setting up the FTP server is done via a number of configuration files </li></ul><ul><li>In addition to configuration files, there is the anonymous user home directory: </li></ul><ul><ul><li>Anonymous users do not see the entire file system and are limited to a working area, or home directory that designates downloadable files </li></ul></ul>
  10. 10. Introducing FTP Servers
  11. 11. Setting Up FTP Configuration Files <ul><li>The FTP server is configured using the ftpaccess file in the /etc directory </li></ul><ul><ul><li>There are three types of FTP users: Anonymous, Real, and Guest </li></ul></ul><ul><ul><li>Classes of users can be created, which allow you to assign permissions based on groupings </li></ul></ul><ul><ul><li>Permit FTP users to perform file actions using a series of directives naming the file action, followed by yes or no, followed by the classes of user to which the directive applies </li></ul></ul>
  12. 12. Setting Up FTP Configuration Files
  13. 13. Setting Up FTP Configuration Files
  14. 14. Sharing Files with NFS <ul><li>The Network File System (NFS) provides access to remote files systems as if they are part of the local directory structure </li></ul><ul><ul><li>NFS was designed for permanent, long-term connections where remote file systems are used as part of the regular user environment </li></ul></ul><ul><ul><li>NFS does have security concerns and was designed with a trusted network in mind </li></ul></ul><ul><ul><li>NFS is UNIX-centric and does not typically perform well with Windows or NetWare servers </li></ul></ul>
  15. 15. Running the NFS Daemons <ul><li>The NFS protocol is implemented by several daemons, each handling different tasks </li></ul><ul><li>NFS communication is built on the remote procedure call (rpc) system </li></ul><ul><ul><li>This system functions almost like a superserver in that programs are assigned an rpc number </li></ul></ul><ul><ul><li>A program called portmap watches for rpc requests from programs like NFS daemons, then maps them to TCP or UDP ports </li></ul></ul><ul><ul><li>NFS uses the rpc.mountd daemon to make new connections </li></ul></ul>
  16. 16. Accessing Remote NFS File Systems <ul><li>Acting as a client to an NFS server is straightforward; use the mount command for any local hard disk partitioning containing a file system needing access </li></ul><ul><ul><li>The mount point must be created and the host must have allowed mounting of the directory </li></ul></ul><ul><ul><li>Mount options include altering the default buffer size for NFS transfers, read-only or read-write permission, hard or soft mounts, and suppressing automatic mounting at system startup </li></ul></ul>
  17. 17. Exporting Your File System Using NFS <ul><li>To make parts of your file system accessible over the network to other systems, NFS daemons must be running and NFS traffic must be allowed to pass between the hosts </li></ul><ul><ul><li>Beyond this, the /etc/exports file must be set up to define which of the local directories will be available to remote users and how each is used </li></ul></ul><ul><ul><li>NFS uses a security concept called squashing to prevent a user from gaining access to a user account (especially to the root account) simply because they have an ID on the NFS client </li></ul></ul>
  18. 18. NetWare File and Printer Sharing <ul><li>NetWare protocols can be used on Linux to act as NetWare file and print servers, or as a client to other NetWare servers </li></ul><ul><ul><li>To use either the client or server tools for NetWare, IPX must be installed on Linux </li></ul></ul><ul><ul><li>NetWare uses a transport protocol called the NetWare Core Protocol (NCP) </li></ul></ul><ul><ul><li>NetWare is a dedicated network operating system, but in the context of Linux, these servers are limited to file and printer sharing </li></ul></ul>
  19. 19. Accessing NetWare Servers as a Client <ul><li>The ncpfs package implements NCP and provides a number of client utilities allowing log in, file transfer, printing and so forth </li></ul><ul><ul><li>The ncpfs package is not installed by default </li></ul></ul><ul><ul><li>The ncpfs utilities allow the specification of command-line parameters for server contact </li></ul></ul><ul><ul><li>Alternatively, create a .nwclient file in the home directory that contains the NetWare default settings </li></ul></ul>
  20. 20. Accessing NetWare Servers as a Client
  21. 21. Making Linux Into a NetWare Server <ul><li>Most Linux distributions contain a package that lets a system emulate a NetWare server </li></ul><ul><ul><li>The Martin Stovers NetWare Emulator package (mars-nwe) provides NetWare-specific protocols </li></ul></ul><ul><ul><li>In addition to NCP transport protocol, mars-nwe provides the NetWare Routing Information Protocol (RIP) and the Service Addressing Protocol (SAP) that let Linux act as a peer with other NetWare servers </li></ul></ul><ul><ul><li>Configure mars-nwe using the /etc/nwserv.conf </li></ul></ul>
  22. 22. Windows File and Print Integration with Samba <ul><li>To implement the Windows-based protocols such as Server Message Block (SMB), Common Internet File System (CIFS) and NetBIOS in Linux, use the Samba suite </li></ul><ul><ul><li>The server portion of Samba allows a Linux system to appear in Windows networks as if it were another Windows system </li></ul></ul><ul><ul><li>The client portions of Samba also let Linux access Windows systems that are configured to share their resources </li></ul></ul>
  23. 23. Using Samba Client Utilities <ul><li>Samba client utilities allow access to shared Windows resources as if another Windows-based computer </li></ul><ul><ul><li>The smbclient utility is a command-line utility that allows logging into a Windows host, and interacting using a series of commands </li></ul></ul><ul><ul><li>To graphically access a Windows system, mount a Windows share as part of Linux by the standard mount command using a file system type of smbfs </li></ul></ul><ul><ul><li>Printing to a Windows printer is done using the smbprint command </li></ul></ul>
  24. 24. Using Samba Client Utilities
  25. 25. Using Samba Client Utilities
  26. 26. Using Samba Client Utilities
  27. 27. Using Samba Client Utilities
  28. 28. Setting Up a Samba Server <ul><li>Samba includes two server daemons: </li></ul><ul><ul><li>nmbd, which implements the NetBIOS service </li></ul></ul><ul><ul><li>smbd, which implements the SMB file and print sharing </li></ul></ul><ul><ul><li>Both of these daemons must be running to implement a Samba server </li></ul></ul><ul><ul><li>Both are managed using a single script in /etc/rc.d/init.d </li></ul></ul><ul><li>Samba configuration files are typically stored in /etc/samba </li></ul>
  29. 29. Creating Samba Users <ul><li>The user security model requires users to log in with a valid user name and password before using a share on the Samba server </li></ul><ul><ul><li>Several utilities included with the Samba suite allow for everyone with a Linux user account to also log in via Samba </li></ul></ul><ul><ul><li>The following command creates a Samba password for all Linux users: cat /etc/passwd | > /etc/samba/smbpasswd </li></ul></ul>
  30. 30. Using SWAT to Configure SMB <ul><li>SWAT is a browser-based graphical interface that sets up the smb.conf file, restarts the Samba server, and provides some status information on server utilization </li></ul><ul><ul><li>SWAT runs a network service managed by the superserver </li></ul></ul><ul><ul><li>To use SWAT, the SWAT service must be included in the /etc/services file </li></ul></ul><ul><ul><li>SWAT must also be enabled in the superserver configuration </li></ul></ul>
  31. 31. Using SWAT to Configure SMB
  32. 32. Using SWAT to Configure SMB
  33. 33. Using SWAT to Configure SMB
  34. 34. Accessing Samba from Windows <ul><li>Once a Samba server is up and running, there is access to Linux files and printers from any Windows-based host </li></ul><ul><ul><li>All that is required is the correct Windows networking configuration and a valid username and password </li></ul></ul><ul><ul><li>Samba uses only TCP/IP, so TCP/IP should be configured in the Windows environment </li></ul></ul>
  35. 35. Accessing Samba from Windows
  36. 36. Chapter Summary <ul><li>FTP is a widely used Internet protocol that was designed for efficient transfer of files from a server to multiple clients at diverse locations </li></ul><ul><li>The anonymous feature of FTP makes it popular for public download archives </li></ul><ul><li>To access an FTP server, you can use the text-mode client, ftp, graphical clients such as gFTP or IglooFTP, or a Web browser </li></ul><ul><li>The standard FTP server is wu-ftpd </li></ul><ul><li>You can configure classes of users in ftpaccess, then assign permissions to perform different file actions </li></ul>
  37. 37. Chapter Summary <ul><li>The Network File System (NFS) lets you access remote file systems as part of your local directory structure by using the mount command to contact an NFS server </li></ul><ul><li>An NFS server consists of several possible daemons; at the least, nfsd and rpc.mountd are required </li></ul><ul><li>An NFS server is configured using the /etc/exports file, which defines which local directories are available for remote users to mount </li></ul><ul><li>NFS is prone to security holes, but it relies on several layers of security </li></ul>
  38. 38. Chapter Summary <ul><li>The NetWare network operating system can be emulated on Linux as a powerful file-and-print server using the mars-nwe package </li></ul><ul><li>The mars-nwe NetWare emulator is configured using the /etc/nwserv.conf file </li></ul><ul><li>Linux can access NetWare servers as clients using the ncpfs package, which provides a number of command-line tools to manage NetWare servers </li></ul><ul><li>Windows networking uses the NetBIOS and SMB (also called CIFS) protocols, both of which are implemented by the Samba suite in Linux </li></ul>
  39. 39. Chapter Summary <ul><li>Using the Samba client utility smbclient and mounting Windows file systems of type smbfs provide convenient access to shared resources </li></ul><ul><li>A simple Samba server configuration in smb.conf involves defining the server name, basic security options, and defining shares </li></ul><ul><li>SWAT provides graphical configuration and administration functionality for Samba </li></ul><ul><li>Multiple Samba security models are supported, including Windows NT domains and guest accounts, which often use Samba as a dedicated print server </li></ul>