Raise a file server on linux. How to create a Linux server with your own hands and what you need for this. Standalone file server

When creating a file server, the question of choosing an operating system inevitably arises. There is something to think about here: spend money on Windows Server or pay attention to free Linux and BSD? In the second case, you will still have to decide on the choice of file system, of which there are quite a few in Linux. It is impossible to give an unambiguous answer to the questions posed; we need versatile testing, which we conducted in our test laboratory.

How We Tested

It is impossible to embrace the immensity. So it is in our case. It is not possible to test all variants of file servers. Therefore, we decided to limit ourselves to the most common ones. For Windows Server, these are versions 2003 and 2008 R2, since the former is still widely used, and the latter is interesting with technical innovations, in particular, support for the SMB2 protocol, the NTFS file system.

For the Linux platform, Ubuntu 10.04 LTS was chosen, after conducting a series of additional tests, we found out that the performance of file servers practically does not depend on the Linux distribution, at the same time, there is a certain dependence on the Samba version (in our case, 3.4.7). From the whole variety of file systems, we have chosen the most common and popular: ext3, ext4, reiserfs, XFS, JFS. The FreeNAS distribution was also tested as a member of the BSD family (built on FreeBSD 7.2) with UFS.

The client was Windows 7 32-bit. For XP fans, whether you like it or not, Windows 7 will be the default corporate OS in the coming years.

Two PCs were used for the test platform Core2 Duo E8400 - P45 - 2 GB PC2-8500 connected by a gigabit network. One of them installed Windows 7, the second one installed server operating systems and an additional hard drive was connected 750 Gb Western Digital RE3 used solely for testing. This disk was formatted to the desired file system and configured as a share.

Testing was carried out using the Intel NASPT 1.0.7 package, you can learn more about the tests included in it. For each configuration, we made 5 runs of the test, using the average result as the final result.

File operations

Working with files

On write operations, Windows Server confidently leads, more than twice ahead of Linux, on read operations, the gap between Linux and Windows Server 2003 is almost reduced, but Windows Server 2008 R2 holds high positions, well ahead of both Linux and Windows Server 2003.

In the Linux family of filesystems, reiserfs surprisingly takes the lead when working with large files, ext4 performed rather poorly when writing, and ext 3 when reading. JFS is an underdog in testing, and has problems writing large files, showing unacceptably low results. FreeNAS showed a very modest result, on the lower bar of Linux systems.

Working with folders

When working with a large number of small files distributed in folders of varying degrees of nesting, the result is more uniform. Windows systems lead again, although not by such an impressive margin. SMB2 makes itself felt here as well, bringing Windows Server 2008 R2 to the undoubted leaders with a 40% advantage over Linux.

In Linux, the results are quite even, reiserfs and JFS are slightly leading in writing, there is no clear leader in reading, JFS is an obvious outsider. FreeNAS has comparable results, marginally ahead on reads and marginally behind on writes.

Working with Applications

So, the absolute leader today is Windows Server 2008 R2, the SMB2 protocol shows a significant advantage, leaving no chance for competitors. If you are faced with the task of creating a high-performance file server to work in a modern infrastructure, then there is no choice as such. The new server OS from Microsoft will certainly justify the money spent on it.

Windows Server 2003 takes the second place in the overall standings with 76.31%, given that in some tasks it showed a rather low result and a small gap from Linux solutions (10-15%), deploying new servers under this OS does not seem appropriate. The same should be taken into account when legalizing software; in this case, it is advisable to upgrade to Windows Server 2008 R2 or switch to a Linux solution.

Among Linux solutions, with the exception of JFS, the result is quite even, with a small margin (3-5%) ahead of XFS and reiserfs. JFS is a clear outsider, it is categorically not recommended for use. FreeBSD-based solutions also cannot be recommended for serious use, they lose 10-15% to Linux, not to mention a much more serious lag behind Windows systems.

We hope that our testing will help you make the right decision in choosing the operating and file systems for your file server.

Samba is an open source software package for nix systems that implements some of the features provided by Windows Server. Samba can act as a domain controller, an Active Directory service, and can browse printers and directories over the network. As part of this note, we will consider using Samba as a file server. The motivation for using Samba rather than, say, FTP may be different. At least with her help Very convenient to transfer files between Windows and Linux machines. Just mount the directory and go.

Below will be considered the installation of Samba under CentOS. Installation under other Linux distributions is practically no different. The rest of the text assumes that Samba is running on a machine with the address 10.24.5.42.

Sharing the catalog for everyone

Samba installation:

sudo yum install samba

We check that in /etc/samba/smb.conf in the section Not line commented out:

You can also change the name of the workgroup. I had it written like this:

workgroup = MYGROUP

At the end of the file add:

comment = Samba File Server Share
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755

sudo mkdir -p /srv/samba/share
sudo chown nobody:nobody /srv/samba/share/

sudo service smb start
sudo service nmb start

# start services at system startup
sudo chkconfig nmb on
sudo chkconfig smb on

Now, say, in the default Unity file manager, you can attach to smb://10.24.5.42/share , create directories there and upload files to them. And also check that these changes occur not only locally, but also on the server.

The Samba logs are in /var/log/samba/. The ports used by Samba are 139 and 445. They can be forwarded via SSH or using Ncat . It works, I checked.

Login and password access

Giving access to the directory to everyone is unsafe. Let's fix this situation:

sudo adduser smbuser
sudo smbpasswd -a smbuser
sudo mkdir -p /srv/samba/smbuser
sudo chown smbuser:smbuser / srv/ samba/ smbuser

In /etc/samba/smb.conf add:

path = /srv/samba/smbuser
available = yes
valid users = smbuser
read only = no
browsable = yes
public = yes
writable=yes

sudo service smb restart
sudo service nmb restart

Mounting a directory on Linux and Windows:

Hooray, files are successfully rummaged between Windows and Linux!

Mounting via CLI

If the GUI is not available, you can mount the directory like this:

sudo yum install samba-client samba-common cifs-utils
mkdir smbuser
sudo mount.cifs // 10.24.5.42/ smbuser / home/ eax/ smbuser \
-o user=smbuser,password=PASSWORD,uid=1000 # 1000 - uid of our user

If the catalog is no longer needed, we speak.

In this tutorial, we are going to learn how to install and set up a Samba server on Ubuntu 16.04. Samba is a free and open source implementation of the SMB/CIFS protocol for Unix and Linux that allows communication between files and printers on Unix/ and Windows machines on a local network.

Samba is a software package, the two most important of which are:

• smbd: Provides SMB/CIFS service (file and print sharing) and can also act as a Windows domain controller.
• nmbd: provides a NetBIOS naming service

How to Install Samba Server on Ubuntu 16.04

Samba is included with most Linux distributions. To install Samba on , just run:

sudo apt install samba

The latest stable version available is 4.5.3, released December 19, 2016. To check the version Samba , run

Sudo smbstatus

sudo smbd --version

Sample output:

Samba version 4.3.11-Ubuntu

To check if the Samba service is running, run the following commands.

systemctl status smbd systemctl status nmbd

To start these two services, run the following commands:

sudo systemctl start smbd sudo systemctl start nmbd

After launch, smbd will listen on port 139 and 445.

Editing the configuration file

There is only one configuration file that needs to be edited: /etc/samba/smb.conf .

sudo nano /etc/samba/smb.conf

In the section, make sure the value work group belong to the workgroup of Windows computers.

Workgroup = WORKGROUP

Scroll down to the bottom of the file. (In the nano text editor, press CTRL+W and then CTRL+V .) Include the new section as shown below. Replace username with your desired username.

Comment = Home Public Folder path = /home/username/ writable = yes valid users = username

Home Share is the name of the folder that will be displayed on the Windows network. A comment is a description of the shared folder. The next 3 lines indicate that only the specified user valid users has permission to access the /home/username/ directory, which is also writable. The above configuration will disable anonymous access.

Save and close the file, and then run the following command to check if there are syntax errors.

testparm

User creation

Samba defaults to user as the security mode, which means that clients must enter a username and password to access the shared folder. To add a user to Ubuntu, run the following command:

sudo adduser username

You will be prompted to set a Unix password. Additionally, you need to set a separate Samba password for the user using the following command:

sudo smbpasswd -a username

Now all that's left to do is restart the smbd daemon.

sudo systemctl restart smbd

Samba access to shared folder from Windows

On a Windows computer that is on the same network, open File Explorer and click Network in the left pane. You will see a samba server. Double-click the shared folder and enter the username and password.

Samba access to share folder from Ubuntu computer

In the File Manager, go to the Network tab in the left pane and select Windows Network.

Select a workgroup, Samba server, and shared folder, and then enter the Samba username and password.

Adding multiple users or groups

If multiple accounts need to gain access to a shared folder, then you need to change the legal users as shown in the /etc/samba/smb.conf file below.

Valid users = user1, user2, user3

Also use smbpasswd to set the Samba password for each of these users.

sudo smbpasswd -a user1 sudo smbpasswd -a user2 sudo smbpasswd -a user3

To allow a group of users to access a shared folder, use the following /etc/samba/smb.conf configuration.

Valid users = @sambashare

Create a group.

sudo groupadd sambashare

Then add users to this group

sudo gpasswd -a user1 sambashare sudo gpasswd -a user2 sambashare sudo gpasswd -a user3 sambashare

The group must have write permission to the shared folder, which can be achieved with the following two commands.

Set sambashare as group owner of the shared folder:

sudo chgrp sambashare /path/to/shared/folder -R

Grant write access to the group.

sudo chmod g+w /path/to/shared/folder/ -R

I hope this article helped you set up a Samba server on Ubuntu 16.04. As always, if you found this post helpful, please leave a comment.

To create a terminal, file (FTP) or mail server on Linux, you must be able to work in this operating system. Otherwise, it will be difficult to understand. The OS does not need a powerful computer. Because it does not spend extra resources on graphic design. Linux distributions can be deployed even on an old PC. Therefore, Linux or Ubuntu Server is often used to create various servers.

The corresponding script, which you can easily create yourself, should contain the following code for this purpose. Use this entry to verify that the script has run and, if the login is successful, responds to a notification email sent to the correct address. The prerequisite is that the script is given permission 755, which is achieved with the following command.

Disable unused ports

Open ports generally do not pose much of a security risk. If you were able to implement a minimal system install and access a small number of third party applications, the number of other required ports is manageable. For risk, these public interfaces will only be used if react programs have security gaps and criminals will take advantage of this fact. As the number of applications increases, this dangerous potential grows.

A lot of different literature has been written about this. Some Linux books are thousands of pages long. You will have to work through the terminal and enter all commands manually. But still, you can make a small DIY Linux server that will include file storage, Web services, and a mail protocol.

Ubuntu Server is based on the Linux operating system. It does not require a modern processor, a good video card or a large amount of RAM. With Linux, you can deploy a server even on an old laptop. And it will have all the necessary components: mail, FTP, Web.

Regular software updates

For this reason, it is useful to protect your server from such attacks by blocking all unused open ports. You can use this tool to create fixed traffic control rules, including the definition of desired or unwanted ports. There is usually no software without the vulnerabilities mentioned in the previous section. However, exploitable misprogramming must first be discovered by cybercriminals before they can attack. As a rule, known vulnerabilities are closed again through published updates in a very short time.

You can download a Linux disk image from Ubuntu.ru. Choose any version with Server (not Desktop!). The download will go through a torrent client. This image must be written to a disc or USB flash drive (using LiveUSB). You can also use a virtual drive.

Ubuntu has a simplified interface. It has no graphical frills. This OS is great for making a DIY Linux server. With it, computer resources will be used for the needs of the domain. After all, she needs very little to work.

If you are constantly updated with updates to the operating system and installed programs and make new updates in a timely manner, ensure that your server is best protected. Almost all server systems also allow you to automatically download and install important security updates in the background.

This is how you configure when and how you regularly check for updates, whether you want to install installed updates, and when the system should reboot. Other scripts, such as automatic updates, will then be used for automatic installations. Make sure you have an up to date update process that allows you to update updates. This allows you to better understand and fix errors that result from the upgrade process.

Its installation goes like this:

• Select the language and region in which you live.
• Think of an administrator name. It is used to manage the server.
• Also enter a username in the "Username for your account" field. Under this account you will communicate with Ubuntu technical support.

Hackers who want to gain access to your server or applications running on it have basically different options. One of the simplest and most commonly used types of attack is the so-called brute force method. The attacker tries to access the passwords with a tool that tries to log in one at a time. However, the more careful you are about assigning your passwords, the more unlikely this method will be successful. In particular, if you offer a service with a subscription mechanism, you should assume that not every user is as conscientious and discreet as necessary.

Specify a username in Ubuntu

• Enter password. Confirm it.

• Specify the domain, if any. It will contain all services: file (FTP), mail, hosting for sites, and so on.
• Wait for the system to install.
• After that, she will offer additional components.

Here is a list of what is needed for a Linux server and its full operation:

Of course, there is no need for complex, expensive software to protect against such attacks. Because each login attempt is logged, responded to, and written to log files, simple analysis tools can help. You can individually set the number of attempts to lock a lock or how long it must be valid.

Set up the server securely: install monitoring tools from the start

You can also go one step further and set up two-factor authentication to connect to your server to further secure your login. If you want to protect the server, the listed measures against external adversity are not of great importance. However, it is equally important to ensure that the interaction of hardware and software functions as desired. This is by no means a one-time thing that is completed once your server environment has successfully started, but a long-term task that you should never lose sight of.

• Open SSh. Used for remote administration. It will come in handy if you decide to manage the service from another computer. Then on a PC with Linux, you can turn off the monitor and video adapter.
• LAMP. A set of Linux utilities that includes Apache (Web server). MySQL (databases) and PHP (programming language for CMS). These components are needed to create the control interface.

• samba fileserver. Allows you to set up file sharing between computers. If you need an FTP server, select this item.
• Virtual machine host. Install if you are going to use virtualization features.
• print server. network printers.
• DNS server. Domain name system. With it, you can recognize an IP address by a computer name and vice versa.
• mail server. Mail server.
• PostgreSQL database. Object-relational databases.

Choose what you need and confirm the installation. At the first start, you will need to enter the administrator login and password. The console will open. It is similar to the Windows command line or MS DOS operating system interface.

With so many different system processes, this is of course easier said than done, so you should have access to help tools right from the start that monitor all activity on your server and alert you to any incidents.

Trust is good, backups are better

Once launched, an open application selectively controls processes, files, clouds, hosts, programs, or scripts. It is, however, somewhat more complex, but in the main version is also open source and can be extended by various plugins. With configuration recommendations, you greatly increase the level of server security. However, even the best configuration cannot provide 100% server protection.

Initially, you will need to check for updates. Enter the command "sudo apt-get update" or "sudo apt-get upgrade" without quotes. After the update, you can start configuring all server components: FTP, mail, Web.

For Ubuntu, there is a pseudo-graphical interface - Midnight Commander. This is an analogue of the Norton Commander shell, which was developed for the MS DOS system. It is easier to work with such an interface - everything is clearer than in the console.

Program errors, hardware failures, or personal negligence can lead to data loss in the worst case. For server operators, the security aspect plays a decisive role. For those who develop and implement a comprehensive protection concept, prepare for emergencies. Apart from classic measures such as security software, backup, password protection and encryption, there are also some useful tools and frameworks that can support them in the fight against intruders.

Chapter 26: Restoring Access

Chapter 28: Workshop Data Backup Topics

Launching a Linux terminal

In modern Linux, the terminal is used instead of the console. To enter it:

1. Open Applications.
2. Click Standard.
3. There will be a "Terminal".

You can enter commands into it in the same way as in Ubuntu Server.

We already have a server! Let's write it in the console. With this we have finished all the work, we can already create our own web pages, it is important that you have a good editor that would be convenient to program. We can call the server for all computers connected to the network and provide different services to users. To do this, we need enough to create a computer that can meet our needs. We can set up a server that offers web services, files, and printing.

Chapter 11 Configuring a Read-Only File Server

11.1. Creating a Shared Directory

Let's get started with the Samba server by setting up a simple read-only file server. Every client (even anonymous clients using guest access) will be able to read the contents of the shared files.

The first step is to create a directory and place some test files in it.

# mkdir -p /srv/samba/readonly # cd /srv/samba/readonly/ # echo "It's cold today." >winter.txt # echo "It's hot today." >summer.txt # ls-l total 8 -rw-r—r— 1 root root Jan 17 21 05:49 summer.txt -rw-r—r— 1 root root Jan 21 18 05:49 winter.txt #

11.2. Configuring Shared Directory Options

11.2.1. The global parameters section of the smb.conf configuration file

In this example, the Samba server is in a workgroup named WORKGROUP (which is the default workgroup). We also set the server description string, which can be seen by users exploring the network using the net view command, Windows Explorer, or the smbclient utility.

# head -5 smb.conf workgroup = WORKGROUP server string = Public Anonymous File Server netbios name = TEACHER0 security = share

You may have noticed a line in the above section of the server configuration file. This line sets the standard mode for restricting access to our Samba server. Setting the access mode allows clients (which could be the smbclient utility, any version of Windows, another Samba server,) to provide a password to access each of the shared resources. This is one of the options for using the SMB/CIFS protocol. Another use of this protocol (called user mode) allows the client to provide a username and password combination before the server obtains information about the shared resource the client wishes to access.

11.2.2. Share settings section of the smb.conf configuration file

Our shared resource will be named pubread, and the path (specified using the path parameter) will be the path to the previously created directory. Each user will be able to access this directory (due to the use of the parameter value) read-only (according to the parameter value).

Path=/srv/samba/readonly comment=files to read read only=yes guest ok=yes

Below is a very similar configuration used by the Samba server from the Ubuntu 11.10 distribution.

[email protected]:~# cat /etc/samba/smb.conf workgroup=LINUXTR netbios name=UBU1110 security=share path=/srv/samba/readonly read only=yes guest ok=yes

In fact, the name of the Linux distribution you use is not critical. The following is a similar configuration used by the Samba server from the Debian 6 distribution and is essentially identical to the one above.

[email protected]:~# cat /etc/samba/smb.conf workgroup=LINUXTR netbios name=DEBIAN6 security=share path=/srv/samba/readonly read only=yes guest ok=yes

11.3. Server restart

After testing the configuration file using the utility, you should restart the Samba server (so that you do not have to wait for the distribution of information about the shared resource between network computers).

# service smb restart Shutting down SMB services: [ OK ] Shutting down NMB services: [ OK ] Starting SMB services: [ OK ] Starting NMB services: [ OK ]

11.4. Checking if a Shared Resource Exists

11.4.1. Checking with the smbclient utility

Now you can check for the existence of a shared resource using the utility. Our shared resource is the fourth shared resource in the list.

# smbclient -NL 127.0.0.1 Domain= OS= Server= Sharename Type Comment ——— —- ——- IPC$ IPC IPC Service (Public Anonymous File Server) global$ Disk pub0 Disk pubread Disk files to read Domain= OS= Server= Server Comment ——— — —- TEACHER0 Samba 3.0.33-3.7.el5 W2003EE Workgroup Master ——— ——- WORKGROUP W2003EE

11.4.2. Checking using Windows OS

The last step in checking for the existence of a shared resource is to read the file from the Samba server's shared directory using a computer running Microsoft Windows. First of all, we must use the command to mount the pubread shared directory as a disk drive, denoted by the letter K:.

C:\> net use K:\\teacher0\pubread The command completed successfully.

After that, we must check the ability to view the contents of the shared directory and read files from this directory.

C:\> dir k: Volume in drive K is pubread Volume Serial Number is 0C82-11F2 Directory of K:\ 21/01/2009 05:49