1. Install NTP server
1 2 3 4 5 6 7 8 9 10 11 |
# apt -y install chrony # vi /etc/chrony/chrony.conf # Line 20~23:Comment the default settings and add the NTP server for your time zone. #pool ntp.ubuntu.com iburst maxsources 4 #pool 0.ubuntu.pool.ntp.org iburst maxsources 1 #pool 1.ubuntu.pool.ntp.org iburst maxsources 1 #pool 2.ubuntu.pool.ntp.org iburst maxsources 2 pool ntp.nict.jp iburst # Add to the last line (Range for which time synchronization is allowed) allow 192.168.11.0/24 |
Configuration Reflection
1 |
# systemctl restart chrony |
Confirmation of operation
1 2 3 4 5 6 7 |
# chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^- ntp-b2.nict.go.jp 1 6 17 42 -977us[ -977us] +/- 6841us ^- ntp-a3.nict.go.jp 1 6 17 43 +354us[ +354us] +/- 5496us ^* ntp-b3.nict.go.jp 1 6 17 43 +117us[+1173us] +/- 5695us ^- ntp-a2.nict.go.jp 1 6 17 42 -800us[ -800us] +/- 7581us |
2. Install FTP server vsftpd
2.1 Installation and configuration
①Install
1 |
# apt install -y vsftpd |
②Allow PORT 21 at UFW
1 2 |
# ufw allow ftp # ufw reload |
③Configuration File Changes
1 |
# vi /etc/vsftpd.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
Line 14 Listen=YES Line 22 Listen_ipv6=NO Line 25 # Do not allow anonymous users to login anonymous_enable=NO Line 28# Allow login by local user accounts local_enable=YES Line 31# Allow use of FTP commands to make changes to files write_enable=YES Line 35# Set permission values to be applied to new files local_umask=022 Line 99# Allow uploads by ASCII ascii_upload_enable=YES Line 100# Allow downloading by ASCII ascii_download_enable=YES Line 122# Change the user's login directory to the user's root directory chroot_local_user=YES Line 123# Users will not be able to access outside the login directory chroot_list_enable=YES Line 125# Users listed in vsftpd.chroot_list are exempt from the above restrictions chroot_list_file=/etc/vsftpd.chroot_list Line 131 #Uncomment ( Enable batch transfer by directory ) ls_recurse_enable=YES |
④Creating vsftpd.chroot_list
1 2 3 |
# vi /etc/vsftpd.chroot_list Fill in only the user name (huong) in the new file and finish saving. huong |
⑤Restart vsftpd
1 2 3 4 |
# systemctl start vsftpd # systemctl enable vsftpd Synchronizing state of vsftpd.service with SysV service script with /usr/lib/systemd/systemd-sysv-install. Executing: /usr/lib/systemd/systemd-sysv-install enable vsftpd |
Start FileZilla and select "Site Manager" from the "File" menu.
Click on "New site"
Enter the following settings for each item and click "Connect"
Protocol : SFTP-SSH File Transfer Protocol
Host : IP address of the server
Port : 2244 (pre-defined SSH port number)
Logon Type : Normal
User : General user name (server login user)
If the connection is successful, the server directory is displayed on the right and the Windows directory on the left.
2.2 Vsftpd Over SSL/TLS
①Create a self-signed certificate.
If you are using a trusted, legitimate certificate such as Let's Encrypt, you do not need to do this work.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# cd /etc/ssl/private # openssl req -x509 -nodes -newkey rsa:3072 -keyout vsftpd.pem -out vsftpd.pem -days 3650 --------------------------------------------------------------------------- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP State or Province Name (full name) [Some-State]:Osaka Locality Name (eg, city) []:Sakai Organization Name (eg, company) [Internet Widgits Pty Ltd]:private Organizational Unit Name (eg, section) []:Admin Common Name (e.g. server FQDN or YOUR name) []:Lepard Email Address []:[administrator Email address] |
➁Edit Vsftpd configuration file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /etc/vsftpd.conf Line 149,150 Comment out and add below #rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key Line 151 change ssl_enable=YES Line 152 add rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_ciphers=HIGH force_local_data_ssl=YES force_local_logins_ssl=YES |
Restart Vsftpd
1 |
# systemctl restart vsftpd |
Start FileZilla and check
As before, select "Site Manager" from the "File" menu, select the appropriate server, click "Connect," and the following screen will appear.
3. File server installation with Samba
Build a file server with access rights that requires user authentication with Samba.
Installation Procedure
(1) Create a shared folder with access rights that requires user authentication.
(2) Create a group with access rights
(3)Create users belonging to groups that can be accessed
(4)Edit configuration file
3.1 samba Install
1 |
# apt -y install samba |
1 |
# mkdir /home/smbshare |
3.3 Create accessible group (smbgroup)
1 2 3 |
# groupadd smbgroup # chgrp smbgroup /home/smbshare # chmod 770 /home/smbshare |
3.4 Configuration File Edit
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# vi /etc/samba/smb.conf # Line 25 : unix charset = UTF-8 # add dos charset = CP932 # add Line 40 : Uncomment Add the network to which access is allowed. interfaces = 127.0.0.0/8 192.168.11.0/24 ens33 Line 101 : Commented out and added #map to guest = bad user security = user # Add to the last line [Smbshare] # Specify shared folder path = /home/smbshare # Allow Write writable = yes # Do not allow guest users guest ok = no # [smbgroup] Grant access only to groups valid users = @smbgroup # Set [smbgroup] as the group for file creation force group = smbgroup # Set file creation permissions to [770]. force create mode = 770 # Set permissions to [770] when creating folders force directory mode = 770 # Inherit permissions of upper folders inherit permissions = yes |
3.5 SMB Restart
1 2 3 4 5 |
# systemctl enable smbd Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable smbd # systemctl start smbd |
3.6 User (smbuser) registration, password setting, group registration
1 2 3 4 5 6 7 |
# useradd smbuser # smbpasswd -a smbuser New SMB password: # password Retype new SMB password: Added user smbuser. # usermod -aG smbgroup smbuser |
3.7 UFW to allow Samba services
1 2 |
# ufw allow samba # ufw reload |
Connect from Windows Explorer
Open Explorer and enter "\\server IP" (in this case 192.168.11.83) in the address field.
Access the server.
You will be asked to enter your authentication information.
User name : User name created in "3.6 User (smbuser) Registration, Password Setting, Group Registration"
Password : Password for the above user
Click "OK"
Confirm that files and folders are newly created when the shared directory information is displayed.