CentOS 7.0发布过后,发现改了很多新东西,
防火墙从iptables改成了firewall,
MySQL改成了MariaDB,
service已经被systemctl取代,
SELinux也有一部分小改动,本次搭建的系统为未加入任何其他配置和安装,是最初环境,这一点至关重要。我们的配置目的是使授权用户通过账户登陆到指定目录(如/var/www/html)来上传、下载、修改、更新、删除相关文件。同时又保持SeLinux和firewall防火墙的工作状态,使其得以安全有效的运行。
step1 : 安装CentOS7系统然后重启
step2 : 用你添加的账户登陆进去,查看网卡配置是否正确。主要是以下配置——
编辑网络DNS,不编辑DNS,你只能通过IP才能yum,而不是通过域名
# vi /etc/resolv.conf
# (INSERT)nameserver 8.8.8.8
# (INSERT)表示按INSERT键然后输入后面的字符
# (ESC):wq
[root@localhost var]# cat /etc/resolv.conf # Generated by NetworkManager nameserver 114.114.114.114 nameserver 8.8.4.4 nameserver 8.8.8.8
确保网络没有问题,因为我们要用yum联网安装http,ftp
输入命令:systemctl status network.service
[root@localhost localhost]# systemctl status network.service network.service - LSB: Bring up/down networking Loaded: loaded (/etc/rc.d/init.d/network) Active: active (exited) since Thu 2015-10-15 22:36:45 PDT; 2h 4min ago Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.
查看网络信息,绿字active就是正确的
step3 : 安装HTTP服务和FTP服务
# yum install httpd vsftpd
.............. >" Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5 Package : centos-release-7-1.1503.el7.centos.2.8.x86_64 (@anaconda) From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Is this ok [y/N]: y Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : vsftpd-3.0.2-9.el7.x86_64 1/1 Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1 Installed: vsftpd.x86_64 0:3.0.2-9.el7 Complete!
step4 : 安装MariaDB客户端和服务端,MariaDB本质上还是MySQL,所有用法句法都一样
# yum install mariadb mariadb-server
[root@localhost Desktop]# yum install mariadb mariadb-server Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn ..... ..... ..... Installed: mariadb.x86_64 1:5.5.44-1.el7_1 mariadb-server.x86_64 1:5.5.44-1.el7_1 Dependency Installed: perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 perl-DBD-MySQL.x86_64 0:4.023-5.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Data-Dumper.x86_64 0:2.145-3.el7 perl-IO-Compress.noarch 0:2.061-2.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7 Complete!
step5 : 安装php和相关模块,我选择了gd2、xml和mysql,注意这个php-mysql模块,它对应的就是MariaDB,php的版本是5.4.16
# yum install php php-gd php-xml php-mysql
[root@localhost Desktop]# yum install php php-gd php-xml php-mysql Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirror.bit.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn ... ... ... Transaction test succeeded Running transaction Installing : t1lib-5.1.2-14.el7.x86_64 1/9 Installing : libzip-0.10.1-8.el7.x86_64 2/9 Installing : php-common-5.4.16-36.el7_1.x86_64 3/9 Installing : php-pdo-5.4.16-36.el7_1.x86_64 4/9 Installing : php-cli-5.4.16-36.el7_1.x86_64 5/9 Installing : php-5.4.16-36.el7_1.x86_64 6/9 Installing : php-mysql-5.4.16-36.el7_1.x86_64 7/9 Installing : php-gd-5.4.16-36.el7_1.x86_64 8/9 Installing : php-xml-5.4.16-36.el7_1.x86_64 9/9 Verifying : libzip-0.10.1-8.el7.x86_64 1/9 Verifying : t1lib-5.1.2-14.el7.x86_64 2/9 Verifying : php-pdo-5.4.16-36.el7_1.x86_64 3/9 Verifying : php-5.4.16-36.el7_1.x86_64 4/9 Verifying : php-cli-5.4.16-36.el7_1.x86_64 5/9 Verifying : php-gd-5.4.16-36.el7_1.x86_64 6/9 Verifying : php-xml-5.4.16-36.el7_1.x86_64 7/9 Verifying : php-mysql-5.4.16-36.el7_1.x86_64 8/9 Verifying : php-common-5.4.16-36.el7_1.x86_64 9/9 Installed: php.x86_64 0:5.4.16-36.el7_1 php-gd.x86_64 0:5.4.16-36.el7_1 php-mysql.x86_64 0:5.4.16-36.el7_1 php-xml.x86_64 0:5.4.16-36.el7_1 Dependency Installed: libzip.x86_64 0:0.10.1-8.el7 php-cli.x86_64 0:5.4.16-36.el7_1 php-common.x86_64 0:5.4.16-36.el7_1 php-pdo.x86_64 0:5.4.16-36.el7_1 t1lib.x86_64 0:5.1.2-14.el7 Complete!
step6 : 启动这些服务 (注意,之前的版本是 service 服务名 start,CentOS7改为如下方式)
# systemctl start vsftpd.service
# systemctl start httpd.service
# systemctl start mariadb.service
[root@localhost Desktop]# systemctl start vsftpd.service
[root@localhost Desktop]# systemctl start httpd.service
[root@localhost Desktop]# systemctl start mariadb.service
启动成功后,默认不会报错。否则会有提示。注意,这里是mariadb不是mysql
step7 : 检查httpd.service、mariadb.service、vsftpd.service有没有enabled(开机自启动),没有就enable
# systemctl list-unit-files | grep enabled
# 如果没有enabled,就像下面这样启动
# systemctl enable httpd
[root@localhost Desktop]# systemctl list-unit-files | grep enabled cups.path enabled abrt-ccpp.service enabled abrt-oops.service enabled abrt-vmcore.service enabled abrt-xorg.service enabled abrtd.service enabled accounts-daemon.service enabled ksmtuned.service enabled libstoragemgmt.service enabled libvirtd.service enabled ...
...
... systemd-readahead-replay.service enabled tuned.service enabled vmtoolsd.service enabled avahi-daemon.socket enabled cups.socket enabled dm-event.socket enabled iscsid.socket enabled iscsiuio.socket enabled lvm2-lvmetad.socket enabled rpcbind.socket enabled default.target enabled graphical.target enabled remote-fs.target enabled [root@localhost Desktop]# systemctl list-unit-files | grep httpd httpd.service disabled
enable
[root@localhost Desktop]# systemctl enable httpd ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service' [root@localhost Desktop]# systemctl enable mariadb ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service' [root@localhost Desktop]# systemctl enable vsftpd ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service' [root@localhost Desktop]# systemctl list-unit-files | grep vsftpd vsftpd.service enabled
step8 : 在root组中加入一个htmler账户用来ftp到/var/www/html并给它添加密码
# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler (添加用户,-g 指定用户组; -M, --no-create-home; -d指定主目录,如目录不存在,使用-m选项,可以创建主目录;-s,指定用户的登录Shell;htmler 创建的用户)
# passwd htmler
# 输入密码
[root@localhost Desktop]# useradd -g root -M -d /var/www/html -s /sbin/nologin htmler [root@localhost Desktop]# passwd htmler Changing password for user htmler. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully.
step9 : 把/var/www/html的所有权给htmler.root
# chown -R htmler.root /var/www/html
[root@localhost Desktop]# chown -R htmler:root /var/www/html
step10 : 配置vsftpd,禁止匿名用户登陆
# vi /etc/vsftpd/vsftpd.conf
# (INSERT) anonymous_enable=YES 改为 anonymous_enable=NO
# (ESC):wq
# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. # When SELinux is enforcing check for SE bool ftp_home_dir local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access #anon_upload_enable=YES
step11 : 配置防火墙和SELinux
# firewall-cmd --permanent --zone=public --add-service=ftp
# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# 重新载入
# firewall-cmd --reload
[root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=ftp success [root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=http success [root@localhost Desktop]# firewall-cmd --permanent --zone=public --add-service=https success [root@localhost Desktop]# firewall-cmd --reload success
step12 : 查找ftp相关的SELinux bool值,给ftp访问放行
# getsebool -a | grep ftp
# setsebool -P ftpd_full_access on
# -P写入磁盘,不会重启消失,但耗时较长,耐心等待,这是最后一步了
[root@localhost Desktop]# getsebool -a | grep ftp ftp_home_dir --> off ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> off ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off sftpd_anon_write --> off sftpd_enable_homedirs --> off sftpd_full_access --> off sftpd_write_ssh_home --> off tftp_anon_write --> off tftp_home_dir --> off [root@localhost Desktop]# setsebool -P ftpd_full_access on
测试一下ftp:
测试HTTP,在/var/www/html目录下vim phpinfo.php文件:
[root@localhost html]# cat phpinfo.php <!doctype html> <html> <head> <meta charset="utf-8"> <title>PHP info</title> </head> <body> <?php echo phpinfo();//show PHP info ?> </body> </html>
如下:
测试成功,very good!
HTTP、FTP测试均已成功,添加的htmler拥有对这些文件的有效权限,可以使用Dreamweaver连接ftp进行测试。如果你的网站程序需要某些777的权限,你也可以直接在Dreamweaver远端界面中通过FTP修改的。
**************************************************个性化界面**************************************************
修改环境变量PS1,写入/etc/profile或/etc/bashrc对全部用户生效;写入~/.bash_profile或~/.bashrc 只对当前用户生效。在PS1中配置字符序列颜色的格式为:
[e[F;Bm] 需要改变颜色的字符串 [e[0m]
[e[F;Bm]:开始颜色输入
[e[0m]:关闭颜色输入
F:为字体颜色,编号30~37;
B:为背景色,编号40~47,当B为1时,将显示加亮加粗的文字。
颜色表
同一提示行中使用一种颜色:export PS1="[e[36;1m][u@h W]\$ [e[0m]"
-------------------------------------------------
| 前景 | 背景 | 颜色 |
-------------------------------------------------
| 30 | 40 | 黑色 |
| 31 | 41 | 红色 |
| 32 | 42 | 绿色 |
| 33 | 43 | 黄色 |
| 34 | 44 | 蓝色 |
| 35 | 45 | 紫色 |
| 36 | 46 | 青色 |
| 37 | 47 | 白色 |
-------------------------------------------------
-----------------------------------------
| 代码 | 代码意义 |
-----------------------------------------
| 0 | OFF,关闭颜色 |
| 1 | 高亮显示 |
| 4 | 显示下划线 |
| 5 | 闪烁显示 |
| 7 | 反白显示 |
| 8 | 颜色不可见 |
-----------------------------------------
有了这个颜色提示,妈妈再也不担心你找不到上一行命令在哪里了。
同一提示行中使用几种颜色:export PS1="[e[34;1m][[e[36;1m]u@[e[32;1m]h [e[31;1m]W[e[34;1m]]\$ [e[0m]"
2015年10月16日16:51:54