CentOS 7.0發布過后,發現改了很多新東西,
防火牆從iptables改成了firewall,
MySQL改成了MariaDB,
service已經被systemctl取代,
SELinux也有一部分小改動,本次搭建的系統為未加入任何其他配置和安裝,是最初環境,這一點至關重要。我們的配置目的是使授權用戶通過賬戶登陸到指定目錄(如/var/www/html)來上傳、下載、修改、更新、刪除相關文件。同時又保持SeLinux和firewall防火牆的工作狀態,使其得以安全有效的運行。
step1 : 安裝CentOS7系統然后重啟
step2 : 用你添加的賬戶登陸進去,查看網卡配置是否正確。主要是以下配置——
編輯網絡DNS,不編輯DNS,你只能通過IP才能yum,而不是通過域名
# vi /etc/resolv.conf
# (INSERT)nameserver 8.8.8.8
# (INSERT)表示按INSERT鍵然后輸入后面的字符
# (ESC):wq
[root@localhost var]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 114.114.114.114 nameserver 8.8.4.4 nameserver 8.8.8.8
確保網絡沒有問題,因為我們要用yum聯網安裝http,ftp
輸入命令:systemctl status network.service
[root@localhost localhost]# systemctl status network.service network.service - LSB: Bring up/down networking Loaded: loaded (/etc/rc.d/init.d/network) Active: active (exited) since Thu 2015-10-15 22:36:45 PDT; 2h 4min ago Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
查看網絡信息,綠字active就是正確的
step3 : 安裝HTTP服務和FTP服務
# yum install httpd vsftpd
.............. >" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-1.1503.el7.centos.2.8.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : vsftpd-3.0.2-9.el7.x86_64 1/1 Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1 Installed: vsftpd.x86_64 0:3.0.2-9.el7 Complete!
step4 : 安裝MariaDB客戶端和服務端,MariaDB本質上還是MySQL,所有用法句法都一樣
# yum install mariadb mariadb-server
[root@localhost Desktop]# yum install mariadb mariadb-server Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn ..... ..... ..... Installed: mariadb.x86_64 1:5.5.44-1.el7_1 mariadb-server.x86_64 1:5.5.44-1.el7_1 Dependency Installed: perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete!
step5 : 安裝php和相關模塊,我選擇了gd2、xml和mysql,注意這個php-mysql模塊,它對應的就是MariaDB,php的版本是5.4.16
# yum install php php-gd php-xml php-mysql
[root@localhost Desktop]# yum install php php-gd php-xml php-mysql Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn ... ... ... Transaction test succeeded Running transaction Installing : t1lib-5.1.2-14.el7.x86_64 1/9 Installing : libzip-0.10.1-8.el7.x86_64 2/9 Installing : php-common-5.4.16-36.el7_1.x86_64 3/9 Installing : php-pdo-5.4.16-36.el7_1.x86_64 4/9 Installing : php-cli-5.4.16-36.el7_1.x86_64 5/9 Installing : php-5.4.16-36.el7_1.x86_64 6/9 Installing : php-mysql-5.4.16-36.el7_1.x86_64 7/9 Installing : php-gd-5.4.16-36.el7_1.x86_64 8/9 Installing : php-xml-5.4.16-36.el7_1.x86_64 9/9 Verifying : libzip-0.10.1-8.el7.x86_64 1/9 Verifying : t1lib-5.1.2-14.el7.x86_64 2/9 Verifying : php-pdo-5.4.16-36.el7_1.x86_64 3/9 Verifying : php-5.4.16-36.el7_1.x86_64 4/9 Verifying : php-cli-5.4.16-36.el7_1.x86_64 5/9 Verifying : php-gd-5.4.16-36.el7_1.x86_64 6/9 Verifying : php-xml-5.4.16-36.el7_1.x86_64 7/9 Verifying : php-mysql-5.4.16-36.el7_1.x86_64 8/9 Verifying : php-common-5.4.16-36.el7_1.x86_64 9/9 Installed: php.x86_64 0:5.4.16-36.el7_1 php-gd.x86_64 0:5.4.16-36.el7_1 php-mysql.x86_64 0:5.4.16-36.el7_1 php-xml.x86_64 0:5.4.16-36.el7_1 Dependency Installed: libzip.x86_64 0:0.10.1-8.el7 php-cli.x86_64 0:5.4.16-36.el7_1 php-common.x86_64 0:5.4.16-36.el7_1 php-pdo.x86_64 0:5.4.16-36.el7_1 t1lib.x86_64 0:5.1.2-14.el7 Complete!
step6 : 啟動這些服務 (注意,之前的版本是 service 服務名 start,CentOS7改為如下方式)
# systemctl start vsftpd.service
# systemctl start httpd.service
# systemctl start mariadb.service
[root@localhost Desktop]# systemctl start vsftpd.service
[root@localhost Desktop]# systemctl start httpd.service
[root@localhost Desktop]# systemctl start mariadb.service
啟動成功后,默認不會報錯。否則會有提示。注意,這里是mariadb不是mysql
step7 : 檢查httpd.service、mariadb.service、vsftpd.service有沒有enabled(開機自啟動),沒有就enable
# systemctl list-unit-files | grep enabled
# 如果沒有enabled,就像下面這樣啟動
# systemctl enable httpd
[root@localhost Desktop]# systemctl list-unit-files | grep enabled cups.path enabled abrt-ccpp.service enabled abrt-oops.service enabled abrt-vmcore.service enabled abrt-xorg.service enabled abrtd.service enabled accounts-daemon.service enabled ksmtuned.service enabled libstoragemgmt.service enabled libvirtd.service enabled ...
...
... systemd-readahead-replay.service enabled tuned.service enabled vmtoolsd.service enabled avahi-daemon.socket enabled cups.socket enabled dm-event.socket enabled iscsid.socket enabled iscsiuio.socket enabled lvm2-lvmetad.socket enabled rpcbind.socket enabled default.target enabled graphical.target enabled remote-fs.target enabled [root@localhost Desktop]# systemctl list-unit-files | grep httpd httpd.service disabled
enable
[root@localhost Desktop]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' [root@localhost Desktop]# systemctl enable mariadb ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service' [root@localhost Desktop]# systemctl enable vsftpd ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service' [root@localhost Desktop]# systemctl list-unit-files | grep vsftpd vsftpd.service enabled
step8 : 在root組中加入一個htmler賬戶用來ftp到/var/www/html並給它添加密碼
# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler (添加用戶,-g 指定用戶組; -M, --no-create-home; -d指定主目錄,如目錄不存在,使用-m選項,可以創建主目錄;-s,指定用戶的登錄Shell;htmler 創建的用戶)
# passwd htmler
# 輸入密碼
[root@localhost Desktop]# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler [root@localhost Desktop]# passwd htmler Changing password for user htmler. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
step9 : 把/var/www/html的所有權給htmler.root
# chown -R htmler.root /var/www/html
[root@localhost Desktop]# chown -R htmler:root /var/www/html
step10 : 配置vsftpd,禁止匿名用戶登陸
# vi /etc/vsftpd/vsftpd.conf
# (INSERT) anonymous_enable=YES 改為 anonymous_enable=NO
# (ESC):wq
# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access #anon_upload_enable=YES
step11 : 配置防火牆和SELinux
# firewall-cmd --permanent --zone=public --add-service=ftp
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# 重新載入
# firewall-cmd --reload
[root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=ftp success [root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=http success [root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=https success [root@localhost Desktop]# firewall-cmd --reload success
step12 : 查找ftp相關的SELinux bool值,給ftp訪問放行
# getsebool -a | grep ftp
# setsebool -P ftpd_full_access on
# -P寫入磁盤,不會重啟消失,但耗時較長,耐心等待,這是最后一步了
[root@localhost Desktop]# getsebool -a | grep ftp ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off tftp_home_dir --> off [root@localhost Desktop]# setsebool -P ftpd_full_access on
測試一下ftp:
測試HTTP,在/var/www/html目錄下vim phpinfo.php文件:
[root@localhost html]# cat phpinfo.php <!doctype html> <html> <head> <meta charset="utf-8"> <title>PHP info</title> </head> <body> <?php echo phpinfo();//show PHP info ?> </body> </html>
如下:
測試成功,very good!
HTTP、FTP測試均已成功,添加的htmler擁有對這些文件的有效權限,可以使用Dreamweaver連接ftp進行測試。如果你的網站程序需要某些777的權限,你也可以直接在Dreamweaver遠端界面中通過FTP修改的。
**************************************************個性化界面**************************************************
修改環境變量PS1,寫入/etc/profile或/etc/bashrc對全部用戶生效;寫入~/.bash_profile或~/.bashrc 只對當前用戶生效。在PS1中配置字符序列顏色的格式為:
\[\e[F;Bm\] 需要改變顏色的字符串 \[\e[0m\]
\[\e[F;Bm\]:開始顏色輸入
\[\e[0m\]:關閉顏色輸入
F:為字體顏色,編號30~37;
B:為背景色,編號40~47,當B為1時,將顯示加亮加粗的文字。
顏色表
同一提示行中使用一種顏色:export PS1="\[\e[36;1m\][\u@\h \W]\\$ \[\e[0m\]"
-------------------------------------------------
| 前景 | 背景 | 顏色 |
-------------------------------------------------
| 30 | 40 | 黑色 |
| 31 | 41 | 紅色 |
| 32 | 42 | 綠色 |
| 33 | 43 | 黃色 |
| 34 | 44 | 藍色 |
| 35 | 45 | 紫色 |
| 36 | 46 | 青色 |
| 37 | 47 | 白色 |
-------------------------------------------------
-----------------------------------------
| 代碼 | 代碼意義 |
-----------------------------------------
| 0 | OFF,關閉顏色 |
| 1 | 高亮顯示 |
| 4 | 顯示下划線 |
| 5 | 閃爍顯示 |
| 7 | 反白顯示 |
| 8 | 顏色不可見 |
-----------------------------------------
有了這個顏色提示,媽媽再也不擔心你找不到上一行命令在哪里了。
同一提示行中使用幾種顏色:export PS1="\[\e[34;1m\][\[\e[36;1m\]\u@\[\e[32;1m\]\h \[\e[31;1m\]\W\[\e[34;1m\]]\\$ \[\e[0m\]"
2015年10月16日16:51:54