*samba 服务器的安装及调试
[root@samba Desktop]# yum install samba-client.x86_64 samba-common.x86_64 samba.x86_64 -y #安装软件
[root@samba Desktop]# systemctl start smb #开启服务
[root@samba Desktop]# systemctl stop firewalld.service #关闭火墙
[root@samba Desktop]# getsebool -a | grep samba #查看samba服务状态
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off #只读
samba_export_all_rw --> off #可读可写
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@samba Desktop]# setsebool -P samba_enable_home_dirs on
#允许进入家目录
[root@samba Desktop]# pdbedit -L #列出 samba 用户
[root@samba Desktop]# smbpasswd -a student
#添加samba用户(此用户必须是存在的)
New SMB password:
Retype new SMB password:
Added user student.
[root@samba Desktop]# pdbedit -L
student:1000:Student User
[root@samba Desktop]# pdbedit -x student #删除 samba 用户
测试:
[root@samba Desktop]# smbclient -L //172.25.254.130 -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
student Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@samba Desktop]# cd /home/student/
[root@samba student]# touch file{1..5}
[root@samba student]# smbclient //172.25.254.130/student -U student #登陆到student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Fri Mar 17 21:40:03 2017
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
file1 N 0 Fri Mar 17 21:40:03 2017
file2 N 0 Fri Mar 17 21:40:03 2017
file3 N 0 Fri Mar 17 21:40:03 2017
file4 N 0 Fri Mar 17 21:40:03 2017
file5 N 0 Fri Mar 17 21:40:03 2017
40913 blocks of size 262144. 28520 blocks available
smb: \> exit
[root@samba student]# logout
[root@samba ~]# cd /home/student/
[root@samba student]# ls -a
. .bash_logout .bashrc file1 file3 file5
.. .bash_profile .config file2 file4 .ssh
[root@samba student]#
*samba 共享目录
[root@samba student]# mkdir /linux
[root@samba student]# touch /linux/file{1..5}
[root@samba student]# ls /linux
file1 file2 file3 file4 file5
[root@samba student]# vim /etc/samba/smb.conf #配置文件
…..
workgroup = linux #修改工作组(MYGROUP——>linux)
…..
[linux]
common = local directory linux #共享说明
path = /linux #共享文件路径
…..
[root@samba student]# systemctl restart smb.service
1.共享自建目录
需要修改 selinux 熟悉哦属性,只针对单一的目录
[root@samba student]# ls -Z /linux/
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 file1
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 file2
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 file3
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 file4
-rw-r--r--. root root unconfined_u:object_r:default_t:s0 file5
[root@samba student]# semanage fcontext -a -t samba_share_t ‘/linux(/.*)?’ #修改安全上下文
[root@samba student]# restorecon -FvvR /linux/
#刷新安全上下文
测试:
[root@samba student]# smbclient //172.25.254.130/linux -U student
Enter student's password:
Domain=[LINUX] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Fri Mar 17 22:14:30 2017
.. D 0 Fri Mar 17 22:14:15 2017
file1 N 0 Fri Mar 17 22:14:30 2017
file2 N 0 Fri Mar 17 22:14:30 2017
file3 N 0 Fri Mar 17 22:14:30 2017
file4 N 0 Fri Mar 17 22:14:30 2017
file5 N 0 Fri Mar 17 22:14:30 2017
40913 blocks of size 262144. 28519 blocks available
smb: \> quit
[root@samba student]#
2.共享系统自建目录时
此方式修改针对所有的目录,一但开放,selinux 不保护目录
[root@samba student]# getsebool -a | grep samba
samba_create_home_dirs –> off
samba_domain_controller –> off
samba_enable_home_dirs –> on
samba_export_all_ro –> off #只读
samba_export_all_rw –> off #可写可读
samba_portmapper –> off
samba_run_unconfined –> off
samba_share_fusefs –> off
samba_share_nfs –> off
sanlock_use_samba –> off
use_samba_home_dirs –> off
virt_sandbox_use_samba –> off
virt_use_samba –> off
[root@samba student]# setsebool -P samba_export_all_rw on #打开读写权限
[root@samba student]# setsebool -P samba_export_all_ro on #打开可读权限
*匿名用户访问
[root@samba student]# vim /etc/samba/smb.conf
123 security = user
124 passdb backend = tdbsam
125 map to guest = bad user #允许匿名用户访问
[linux]
common = local directory linux #共享说明
path = /linux #共享文件路径
guest ok = yes #允许匿名用户访问
[root@samba student]# systemctl restart smb.service
[root@samba student]# smbclient //172.25.254.130/linux -U student
Enter student's password:
Domain=[LINUX] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Fri Mar 17 22:14:30 2017
.. D 0 Fri Mar 17 22:14:15 2017
file1 N 0 Fri Mar 17 22:14:30 2017
file2 N 0 Fri Mar 17 22:14:30 2017
file3 N 0 Fri Mar 17 22:14:30 2017
file4 N 0 Fri Mar 17 22:14:30 2017
file5 N 0 Fri Mar 17 22:14:30 2017
40913 blocks of size 262144. 28505 blocks available
smb: \> quit
[root@samba student]#
[root@samba student]# mount //172.25.254.130/linux /mnt -o username=guest #挂载
[root@samba student]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vdb1 10473900 3176484 7297416 31% /
devtmpfs 481120 0 481120 0% /dev
tmpfs 496708 84 496624 1% /dev/shm
tmpfs 496708 13064 483644 3% /run
tmpfs 496708 0 496708 0% /sys/fs/cgroup
/dev/sr0 3947824 3947824 0 100% /run/media/root/RHEL-7.2 Server.x86_64
//172.25.254.130/linux 10473900 3176484 7297416 31% /mnt
[root@samba student]# cd /mnt/
[root@samba mnt]# ls
file1 file2 file3 file4 file5
[root@samba student]# umount /mnt/
*samba 共享目录参数管理
[root@samba mnt]# vim /etc/samba/smb.conf
.....
[linux]
common = local directory linux
path = /linux
guest ok = yes
writable = yes #所有用户可写
write list = tom | +/@tom #tom | tom组可写
valid user = tom #tom | tom组可登陆
browseable = no #是否允许浏览
admin user = lee #lee 以超级用户的身份登陆
....
[root@samba linux]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@samba linux]# id tom
uid=1001(tom) gid=1001(tom) groups=1001(tom)
[root@samba linux]# usermod -G tom student #将 student 用户放入 tom 组里
[root@samba linux]# id student
uid=1000(student) gid=1000(student) groups=1000(student),1001(tom)
测试:
错误1:NT_STATUS_NO_SUCH_FILE listing \-fr #系统没有开放权限
错误2:rm: cannot remove ‘file1’: Permission denied #文件权限不够
*samba 多用户挂载
1.保护服务器信息
[root@foundation30 ~]# yum install cifs-utils -y
[root@foundation30 ~]# vim /root/smbpassfile
[root@foundation30 ~]# cat /root/smbpassfile
username=kiosk
password=redhat
[root@foundation30 ~]# mount //172.25.254.130/linux /mnt -o credentialss=/root/smbpassfile,multiuser,sec=ntlmssp
#这样挂载之后,访问的用户需要通过认证
[root@foundation30 ~]# smbpasswd -a kiosk
#将 kiosk 加入到samba 用户里面
New SMB password:
Retype new SMB password:
Added user kiosk.
[root@foundation30 ~]# su - kiosk
Last login: Sat Mar 18 08:22:58 CST 2017 on :0
[kiosk@foundation30 ~]
cd/mnt[kiosk@foundation30mnt]
ls
ls: reading directory .: Permission denied
[kiosk@foundation30 mnt]$ cifscreds add 172.25.254.130
#认证用户
Password:
[kiosk@foundation30 mnt]$ ls
file2 file3 file4 file5