[CentOS7] Kerberos Test
본문서는 테스트용으로 작성중인 문서 이며 단순하게 참고 용도로만 부탁 드립니다.
Version 에 따라 안되는 점이 있기 때문에 꼭 동일한 버젼으로 설치 해야 합니다.
RHEL 7.0 / CentOS 7.0 에서 테스트 하였습니다.
상이한 버젼을 사용시 정상적으로 테스트가 안될수 있습니다.
system 구성시 instructor.example.com / system1.example.com 이 필요 합니다.
사전구성시 instructor.example.com 가 dns-server 로 구성 되어 있습니다.
참고사항: /etc/exports 에 *.example.com 으로 wildcard 지정시 dns 에서 역방향 설정을 해야 됩니다.
- instructor.example.com 에서 작업
- Kerberos 설치
[root@instructor ~]# yum install -y krb5-server krb5-workstation pam_krb5
- /etc/krb5.conf 파일수정
- 만약 example.com 가 아닌 다른 부분을 설정 한다면 example.com 을 다른 도메인으로 바꾸시고
- kdc / admin_server 부분을 kerberos 도메인으로 설정 해야 합니다.
- /var/kerberos/krb5kdc/kadm5.acl 파일 수정 필요
[root@instructor ~]# vi /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = EXAMPLE.COM default_ccache_name = KEYRING:persistent:%{uid} [realms] EXAMPLE.COM = { kdc = instructor.example.com admin_server = instructor.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM
- kadm5.acl 파일
# 별도의 도메인 사용시 example.com 이 아닌 test.com 등으로 설정 하시면 됩니다. [root@instructor ~]# vi /var/kerberos/krb5kdc/kadm5.acl */admin@EXAMPLE.COM *
- Kerberos database maintenance utility 을 이용하여 KDC database master key 를 등록 합니다.
[root@instructor ~]# kdb5_util create -s -r EXAMPLE.COM Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'EXAMPLE.COM', master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: [root@instructor ~]#
- kdb5_util 실행시 정지 현상
[root@instructor ~]# kdb5_util create -s -r EXAMPLE.COM Loading random data ~ 중략 정상적으로 실행이 안되고 넘어가지 않습니다. 패키지 설치 [root@instructor ~]# yum install rng-tools [root@instructor ~]# rngd -r /dev/urandom nrgd 작업후 다시 실행시 정상적으로 실행이 됩니다. [root@instructor ~]# kdb5_util create -s -r EXAMPLE.COM Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'EXAMPLE.COM', master key name 'K/M@EXAMPLE.COM' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: [root@instructor ~]#
- krb5kdc / kadmin 데몬 실행 및 활성화
[root@instructor ~]# systemctl start krb5kdc kadmin [root@instructor ~]# systemctl enable krb5kdc kadmin
- test 유저 생성 및 password 설정(Kerberos 와는 다른 패스워드를 설정합니다.)
[root@instructor ~]# useradd test [root@instructor ~]# passwd test
- root/admin 패스워드 설정
- ssh test 를 진행 하기 위하여 일반유저를 생성 합니다.
- test 유저의 암호를 등록 합니다.
[root@instructor ~]# kadmin.local Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local: addprinc root/admin WARNING: no policy specified for root/admin@EXAMPLE.COM; defaulting to no policy Enter password for principal "root/admin@EXAMPLE.COM": Re-enter password for principal "root/admin@EXAMPLE.COM": Principal "root/admin@EXAMPLE.COM" created. kadmin.local: addprinc test WARNING: no policy specified for test@EXAMPLE.COM; defaulting to no policy Enter password for principal "test@EXAMPLE.COM": Re-enter password for principal "test@EXAMPLE.COM": Principal "test@EXAMPLE.COM" created. kadmin.local: quit [root@instructor ~]#
- keytab 파일을 생성 합니다.
[root@instructor krb5kdc]# kadmin.local Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local: addprinc -randkey host/instructor.example.com WARNING: no policy specified for host/instructor.example.com@EXAMPLE.COM; defaulting to no policy Principal "host/instructor.example.com@EXAMPLE.COM" created. kadmin.local: ktadd host/instructor.example.com Entry for principal host/instructor.example.com with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type camellia256-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type camellia128-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type des-hmac-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 2, encryption type des-cbc-md5 added to keytab FILE:/etc/krb5.keytab. kadmin.local: quit [root@instructor krb5kdc]#
- local Test 를 진행 합니다.
- 로그인시 kerberos 인증후 ssh 에 패스워드 없이 접속 할수 있습니다.
[root@instructor ~]# su - test [test@instructor ~]$ kinit Password for test@EXAMPLE.COM: [test@instructor ~]$ klist Ticket cache: KEYRING:persistent:1001:1001 Default principal: test@EXAMPLE.COM Valid starting Expires Service principal 02/16/2019 13:15:31 02/17/2019 13:15:31 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 02/16/2019 13:15:31 [test@instructor ~]$ ssh instructor.example.com The authenticity of host 'instructor.example.com (192.168.0.100)' can't be established. ECDSA key fingerprint is 5b:4e:c4:0b:af:2b:70:50:84:5e:d8:ca:99:23:99:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'instructor.example.com,192.168.0.100' (ECDSA) to the list of known hosts. Last login: Sat Feb 16 13:15:27 2019 [test@instructor ~]$
- 아래 테스트는 별도의 시스템 에서 테스트 합니다.
- ssh client test 진행
[root@rhel70-temp ~]# useradd test [root@rhel70-temp ~]# passwd test [root@rhel70-temp ~]# yum install -y krb5-workstation pam_krb5 [root@rhel70-temp ~]# authconfig --enablekrb5 --update [root@rhel70-temp ~]# scp root@instructor.example.com:/etc/krb5.conf /etc/krb5.conf
- test 유저로 전환후 kinit 을 실행 하여 kerberos 인증을 합니다.
- klist 시 정상적으로 값을 확인할수 있어야 합니다.
- ssh 접속 테스트를 진행 합니다.
[root@rhel70-temp ~]# su - test [test@rhel70-temp ~]$ kinit Password for test@EXAMPLE.COM: [test@rhel70-temp ~]$ klist Ticket cache: KEYRING:persistent:1001:1001 Default principal: test@EXAMPLE.COM Valid starting Expires Service principal 02/16/2019 13:20:21 02/17/2019 13:20:21 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 02/16/2019 13:20:21 [test@rhel70-temp ~]$ ssh instructor.example.com The authenticity of host 'instructor.example.com (192.168.0.100)' can't be established. ECDSA key fingerprint is 5b:4e:c4:0b:af:2b:70:50:84:5e:d8:ca:99:23:99:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'instructor.example.com,192.168.0.100' (ECDSA) to the list of known hosts. Last login: Sat Feb 16 13:15:50 2019 from 192.168.0.100 [test@instructor ~]$
-
NFS kerberos 설정
- /etc/exports 에 wildcard 설정시 dns 역방향 설정이 필요 합니다.
- instructor.example.com 시스템에서 nfs 사용시 설정 하는 내용 입니다.
- Command
# kadmin addprinc -randkey host/instructor.example.com addprinc -randkey host/system1.example.com addprinc -randkey nfs/instructor.example.com addprinc -randkey nfs/system1.example.com addprinc -randkey nfs/instructor ktadd nfs/instructor.example.com ktadd host/instructor.example.com ktadd nfs/instructor ktadd -k /root/system1.keytab host/system1.example.com ktadd -k /root/system1.keytab nfs/system1.example.com
- 작업 참고용 Command 로그
- 일부 설정 중복 으로 인하여 already exists 메시지를 확인 할수 있습니다.
[root@instructor ~]# kadmin Authenticating as principal root/admin@EXAMPLE.COM with password. Password for root/admin@EXAMPLE.COM: kadmin: addprinc -randkey host/instructor.example.com WARNING: no policy specified for host/instructor.example.com@EXAMPLE.COM; defaulting to no policy add_principal: Principal or policy already exists while creating "host/instructor.example.com@EXAMPLE.COM". kadmin: kadmin: addprinc -randkey host/system1.example.com kadmin: Unknown request "kadmin:". Type "?" for a request list. kadmin: [root@instructor ~]# [root@instructor ~]# [root@instructor ~]# [root@instructor ~]# kadmin Authenticating as principal root/admin@EXAMPLE.COM with password. Password for root/admin@EXAMPLE.COM: kadmin: addprinc -randkey host/instructor.example.com WARNING: no policy specified for host/instructor.example.com@EXAMPLE.COM; defaulting to no policy add_principal: Principal or policy already exists while creating "host/instructor.example.com@EXAMPLE.COM". kadmin: addprinc -randkey host/system1.example.com WARNING: no policy specified for host/system1.example.com@EXAMPLE.COM; defaulting to no policy Principal "host/system1.example.com@EXAMPLE.COM" created. kadmin: addprinc -randkey nfs/instructor.example.com WARNING: no policy specified for nfs/instructor.example.com@EXAMPLE.COM; defaulting to no policy Principal "nfs/instructor.example.com@EXAMPLE.COM" created. kadmin: addprinc -randkey nfs/system1.example.com WARNING: no policy specified for nfs/system1.example.com@EXAMPLE.COM; defaulting to no policy Principal "nfs/system1.example.com@EXAMPLE.COM" created. kadmin: addprinc -randkey nfs/instructor WARNING: no policy specified for nfs/instructor@EXAMPLE.COM; defaulting to no policy Principal "nfs/instructor@EXAMPLE.COM" created. kadmin: ktadd nfs/instructor.example.com Entry for principal nfs/instructor.example.com with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type camellia256-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type camellia128-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type des-hmac-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor.example.com with kvno 2, encryption type des-cbc-md5 added to keytab FILE:/etc/krb5.keytab. kadmin: ktadd host/instructor.example.com Entry for principal host/instructor.example.com with kvno 3, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type camellia256-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type camellia128-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type des-hmac-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal host/instructor.example.com with kvno 3, encryption type des-cbc-md5 added to keytab FILE:/etc/krb5.keytab. kadmin: ktadd nfs/instructor Entry for principal nfs/instructor with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type des3-cbc-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type camellia256-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type camellia128-cts-cmac added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type des-hmac-sha1 added to keytab FILE:/etc/krb5.keytab. Entry for principal nfs/instructor with kvno 2, encryption type des-cbc-md5 added to keytab FILE:/etc/krb5.keytab. kadmin: ktadd -k /root/client.keytab host/system1.example.com Entry for principal host/system1.example.com with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:/root/client.keytab. Entry for principal host/system1.example.com with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:/root/client.keytab. kadmin: ktadd -k /root/client.keytab nfs/system1.example.com Entry for principal nfs/system1.example.com with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type camellia256-cts-cmac added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type camellia128-cts-cmac added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:/root/client.keytab. Entry for principal nfs/system1.example.com with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:/root/client.keytab. kadmin:
- 설정확인
kadmin: listprincs K/M@EXAMPLE.COM host/instructor.example.com@EXAMPLE.COM host/system1.example.com@EXAMPLE.COM kadmin/admin@EXAMPLE.COM kadmin/changepw@EXAMPLE.COM kadmin/instructor.example.com@EXAMPLE.COM krbtgt/EXAMPLE.COM@EXAMPLE.COM nfs/instructor.example.com@EXAMPLE.COM nfs/instructor@EXAMPLE.COM nfs/system1.example.com@EXAMPLE.COM root/admin@EXAMPLE.COM test@EXAMPLE.COM kadmin: quit [root@instructor ~]#
- nfs 공유 디렉토리 생성
- test 시 *.example.com 으로 대역을 주면 설정이 안됩니다.
[root@instructor ~]# mkdir /{public,protected} [root@instructor ~]# vi /etc/exports /public 192.168.0.*(rw,sync) /protected 192.168.0.*(rw,sec=krb5p)
- dns 역방향 설정후 아래와 같이 설정 해도 됩니다.
nslookup 으로 ip 로 도메인을 확인 할수 있어야 합니다. [root@instructor ~]# nslookup > system1.example.com Server: 192.168.0.100 Address: 192.168.0.100#53 Name: system1.example.com Address: 192.168.0.20 > 192.168.0.20 Server: 192.168.0.100 Address: 192.168.0.100#53 20.0.168.192.in-addr.arpa name = system1.example.com. > [root@instructor ~]# cat /etc/exports /public *.example.com(rw,sync) /protected *.example.com(rw,sec=krb5p) [root@instructor ~]#
- /etc/sysconfig/nfs 설정 변경
[root@instructor ~]# vi /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2"
- nfs-server , nfs-secure-server 실행 및 활성화
[root@instructor ~]# authconfig --enablekrb5 --update [root@instructor ~]# systemctl start nfs-secure-server nfs-server [root@instructor ~]# systemctl enable nfs-secure-server nfs-server
- nfs client 설정을 진행 합니다.
- nfs-secure 사용을 위하여 패키지를 설치 합니다.
[root@system1 ~]# yum install -y nfs-utils
- krb5.conf / krb5.keytab 파일 복사
- nfs-secure 데몬 실행
[root@system1 ~]# scp root@instructor.example.com:/etc/krb5.conf /etc/krb5.conf [root@system1 ~]# scp root@instructor.example.com:/root/system1.keytab /etc/krb5.keytab [root@system1 ~]# systemctl enable nfs-secure [root@system1 ~]# systemctl start nfs-secure
- mount test 를 진행 합니다.
[root@system1 ~]# mount -t nfs -o sec=krb5p instructor.example.com:/protected /mnt [root@system1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 9.8G 818M 9.0G 9% / devtmpfs 989M 0 989M 0% /dev tmpfs 994M 0 994M 0% /dev/shm tmpfs 994M 8.5M 986M 1% /run tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda1 997M 97M 901M 10% /boot instructor.example.com:/protected 8.1G 3.3G 4.8G 41% /mnt [root@system1 ~]#
- dns 역방향 설정후 nfs wildcard 테스트
- No such file or directory 오류메시지의 경우 역방향 설치전 임시 마운트 테스트 부분 입니다.
[root@system1 ~]# mount -t nfs -o sec=krb5p,vers=4.2 instructor.example.com:/protected /mnt mount.nfs: mounting instructor.example.com:/protected failed, reason given by server: No such file or directory [root@system1 ~]# mount -t nfs -o sec=krb5p,vers=4.2 instructor.example.com:/protected /mnt [root@system1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 9.0G 821M 8.2G 9% / devtmpfs 989M 0 989M 0% /dev tmpfs 994M 0 994M 0% /dev/shm tmpfs 994M 8.5M 986M 1% /run tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda1 509M 90M 419M 18% /boot instructor.example.com:/protected 9.0G 4.5G 4.6G 50% /mnt [root@system1 ~]#
- 만약 mount 가 되지 않을 경우 ketab 을 등록 합니다.
- krb5-workstation / pam_krb5 를 설치 합니다.
[root@system1 ~]# yum install -y krb5-workstation pam_krb5 [root@system1 ~]# kinit -k -t /etc/krb5.keytab nfs/system1.example.com [root@system1 ~]# klist Ticket cache: KEYRING:persistent:0:0 Default principal: nfs/system1.example.com@EXAMPLE.COM Valid starting Expires Service principal 02/16/2019 14:10:25 02/17/2019 14:10:25 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 02/16/2019 14:10:25 [root@system1 ~]#
- mount 테스트
[root@system1 ~]# mount -t nfs -o sec=krb5p instructor.example.com:/protected /mnt [root@system1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 9.8G 841M 9.0G 9% / devtmpfs 989M 0 989M 0% /dev tmpfs 994M 0 994M 0% /dev/shm tmpfs 994M 8.5M 986M 1% /run tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda1 997M 97M 901M 10% /boot instructor.example.com:/protected 8.1G 3.3G 4.8G 41% /mnt [root@system1 ~]#
- /etc/fstab 을 수정 합니다.
- 일반 디렉토리와 kerberos 인증 디렉토리 마운트 를 합니다.
[root@system1 ~]# mkdir /mnt/{public,protected} [root@system1 ~]# vi /etc/fstab instructor.example.com:/protected /mnt/protected nfs defaults,sec=krb5p,v4.2 0 0 instructor.example.com:/public /mnt/public nfs defaults 0 0
- 마운트 및 마운트 확인
[root@system1 ~]# mount -a [root@system1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 9.0G 821M 8.2G 9% / devtmpfs 989M 0 989M 0% /dev tmpfs 994M 0 994M 0% /dev/shm tmpfs 994M 8.5M 986M 1% /run tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda1 509M 90M 419M 18% /boot instructor.example.com:/protected 9.0G 4.5G 4.6G 50% /mnt/protected instructor.example.com:/public 9.0G 4.5G 4.6G 50% /mnt/public [root@system1 ~]#
- system rebooting 및 확인
[root@system1 ~]# init 6 # 시스템 리부팅후 확인 login as: root root@192.168.0.20's password: Last login: Wed Feb 27 00:21:13 2019 from 192.168.0.1 [root@system1 ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda3 9.0G 820M 8.2G 9% / devtmpfs 989M 0 989M 0% /dev tmpfs 994M 0 994M 0% /dev/shm tmpfs 994M 8.6M 986M 1% /run tmpfs 994M 0 994M 0% /sys/fs/cgroup /dev/sda1 509M 90M 419M 18% /boot instructor.example.com:/protected 9.0G 4.5G 4.6G 50% /mnt/protected instructor.example.com:/public 9.0G 4.5G 4.6G 50% /mnt/public [root@system1 ~]#