cifs协议,用samba实现将linux文件作为cifs|smb网络文件共享进行共享,并将linux打印机作为cifs|smb打印机共享进行共享
共享家目录
客户端:
systemctl stop iptables
systemctl stop firewalld
yum search samba
yum install samba-client.x86_64 samba-common.x86_64 samba.x86_64 -y
systemctl start smb
smbclient -L //172.25.254.213 ##列出目录
smbpasswd -a student ##添加一个已存在的用户为smbpasswd用户
smbclient -L //172.25.254.213 -U student
smbclient //172.25.254.213/student -U student ##用student用户身份登陆此服务
getsebool -a | grep samba
setsebool -P samba_enable_home_dirs on ##开启samba_enable_home_dirs 开关,selinux中的内容
smbclient //172.25.254.213/student -U student
服务端:
yun install samba-client
mount -o username=student,password=123 //172.25.254.213/student /mnt/
df
smbclient //172.25.254.213/student -U student
本地用户登陆
服务端:
mkdir /westos/
setenforce 1
semanage fcontext -a -t samba_share_t '/westos(/.*)?'
ls -Zd /westos/
restorecon -FvvR /westos/
touch /westos/file{1..3}
vim /etc/samba/smb.conf
89 workgroup = westos
322 [DATA]
323 comment = qq data
324 path = /westos
systemctl restart smb.service
smbclient -L //172.25.254.213
smbclient //172.25.254.213/DATA -U student
客户端:
mount //172.25.254.213/DATA -o username=student,password=123 /mnt/
smbclient //172.25.254.213/DATA -U student
匿名用户登陆
服务端:
vim /etc/samba/smb.conf
126 map to guest = bad user
324 guest ok = yes
systemctl restart smb.service
客户端:
umount /mnt
mount //172.25.254.213/DATA -o username=guest,password="" /mnt/
服务端:
setfacl -m u:student:rwx /westos/ ##给student用户下的westos文件rwx权限
useradd westos
smbpasswd -a westos ##建立westos用户为ampasswd用户,注意用smb时,必须用smbpasswd用户
setfacl -m g:student:rwx /westos/ ##给组权限
usermod -G student westos ##westos设置为student的组
useradd admin
smbpasswd -a admin ##建立smbpasswd的admin用户
pdbedit -L ##查看smb下有哪些用户
vim /etc/samba/smb.conf
writable = yes ##所有用户皆可写
write list = student |@student ##只有student用户可写 | 只有student的组可以写
writable = yes
admin users = admin ##给admin用户root用户的身份
browseable = no ##隐藏目录DATA
valid users = +student ##带+表示只有student的目录可以登陆smb服务
systemctl restart smb.service
服务端:
只有student用户可写时
mount //172.25.254.213/DATA -o username=student,password=123 /mnt/
[root@foundation13 mnt]# touch file1 ##可写
mount //172.25.254.213/DATA -o username=westos,password=lee /mnt/
[root@foundation13 mnt]# touch file5
touch: cannot touch ‘file5’: Permission denied ##不可写
给admin用户root用户的身份
mount //172.25.254.213/DATA -o username=admin,password=123 /mnt/
[root@foundation13 mnt]# touch file5 ##可写
隐藏data后:
[root@foundation13 ~]# smbclient -L //172.25.254.213
只有student可登陆smb服务后:
mount //172.25.254.213/DATA -o username=admin,password=123 /mnt/
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
[root@foundation13 ~]# mount //172.25.254.213/DATA -o username=student,password=123 /mnt/
只有student用户可写时
只有student用户的组可写时
给admin用户root用户的身份
隐藏data后,只有student可登陆smb服务后:
多用户挂载(客户端),多个用户可以对smb进行操作,同时客户端没有通过认证的用户无法看到挂载内容
; valid users = +student ##先清除只有student可以登陆smb服务
yum install -y cifs-utils
vim /root/smbfile
username=student
password=123
chmod 600 /root/smbfile
mount -o credentials=/root/smbfile,multiuser,sec=ntlmssp //172.25.254.213/DATA /mnt/ ##给root用户认证为student,因为student时smb用户,并挂载
[root@foundation13 mnt]# ls
file1 file2 file3 file4 file5
[kiosk@foundation13 ~]$ cifscreds add -u admin 172.25.254.213 ##给kisok用户认证为admin,可以查看挂载的内容
Password:
[kiosk@foundation13 mnt]$ ls
file1 file2 file3 file4 file5
Samba 企业应用案例需求:
1. 所有员工都能够在公司内流动办公,但不管在哪电脑上工作,都要把自己文件存在 Samba 文件服器上.
2. 各部门办公人员拥有各自的主目录,用于存放私有文档(工作相关),其他人禁止访问.
3. 所有的用户都不允许使用服务器的 SHELL(安全考虑).
4. 制造部、财务部、管理部,都有各自的文件目录.
5. 各部门目录下提供“对外”、“公共文档”、“受控文档”三个子目录.
对外: <1>允许公司所有工作人员访问,但不能修改文件.
<2>本部门文员负责维护数据
公共文档:<1>本部门员工可以访问,领导层可以访问,但不能修改.
<2> 本部门文员负责维护数据
受控文档:<1>本部门主管、公司领导可以访问、其他员工禁止.
<2>本部门主管负责维护数据
注:财务部受控文档只允许总经理、财务部总监、主管访问;管理部受控文档只允许总经理、主管访问
6. 公共区域:<1>所有员工均可访问
<2>网络部负责维护
7. 交换区域:<1>所有员工均可读可写,禁止删除其它员工文件.
2>网络部负责维护
过程:
1.创建各个部门的目录:
[root@foundation88 ~]# mkdir /home/samba
[root@foundation88 ~]# mkdir /home/samba/zhizao ##制造
[root@foundation88 ~]# mkdir /home/samba/caiwu ##财务
[root@foundation88 ~]# mkdir /home/samba/guanli ##管理
[root@foundation88 ~]# mkdir /home/samba/public ##公共
[root@foundation88 ~]# mkdir /home/samba/swap ##交换
2.创建各个部门的子目录:
[root@foundation88 samba]# mkdir caiwu/guest ##对外
[root@foundation88 samba]# mkdir caiwu/public ##公共
[root@foundation88 samba]# mkdir caiwu/private ##受控
[root@foundation88 samba]# mkdir guanli/guest
[root@foundation88 samba]# mkdir guanli/public
[root@foundation88 samba]# mkdir guanli/private
[root@foundation88 samba]# mkdir zhizao/guest
[root@foundation88 samba]# mkdir zhizao/public
[root@foundation88 samba]# mkdir zhizao/private
3.创建各个部门管理者用户及其组:
[root@foundation88 samba]# groupadd caiwu
[root@foundation88 samba]# groupadd zhizao
[root@foundation88 samba]# groupadd guanli
[root@foundation88 samba]# groupadd lingdao ##领导
[root@foundation88 samba]# groupadd wangluo ##网络
[root@foundation88 samba]# useradd -s /bin/false wy ##文员
[root@foundation88 samba]# useradd -s /bin/false zg ##主管
[root@foundation88 samba]# useradd -s /bin/false zjl ##总经理
[root@foundation88 samba]# useradd -s /bin/false zj ##总监
注意:由于所有人均不能使用shell ,用-s
4.按条件给用户添加附加组
[root@foundation88 samba]# usermod -G zhizao,caiwu,guanli wy ##制造,财务,管理成为文员的附加组
[root@foundation88 samba]# usermod -G caiwu zj
[root@foundation88 samba]# usermod -G lingdao zjl
[root@foundation88 samba]# usermod -G zhizao,caiwu,guanli zg
5.设置文件系统权限
[root@foundation88 samba]# chmod 1777 swap
[root@foundation88 samba]# chmod 755 zhizao caiwu guanli
[root@foundation88 samba]# chmod 775 public
[root@foundation88 samba]# chgrp wangluo public ##公共区的组为网络,由网络进行维护
6.各部门的具体权限操作
a.制造
[root@foundation88 samba]# chmod 755 zhizao/guest ##对外可阅读,不可写
[root@foundation88 samba]# chown wy.zhizao zhizao/guest ##文员可对其维护
[root@foundation88 samba]# chmod 750 zhizao/public ##公共只有目录所有人和本部门人可以访问,其他人不行
[root@foundation88 samba]# chmod 750 zhizao/private ##私有只有目录所有人和本部门人可以访问,其他人不行
[root@foundation88 samba]# chown zg.lingdao zhizao/private ##主管,领导成为私有目录的所有人和所有组,只有主管可写
[root@foundation88 samba]# setfacl -m g:lingdao:rx zhizao/public ##添加公共目录领导可以访问,不可写
b.财务
[root@foundation88 samba]# chmod 755 caiwu/guest
[root@foundation88 samba]# chown wy.caiwu caiwu/guest
[root@foundation88 samba]# chmod 750 caiwu/public
[root@foundation88 samba]# chown wy.caiwu caiwu/public
[root@foundation88 samba]# setfacl -m g:lingdao:rx caiwu/public
[root@foundation88 samba]# chmod 700 caiwu/private
[root@foundation88 samba]# chown zg caiwu/private
[root@foundation88 samba]# setfacl -m u:zj:rx caiwu/private ##私有目录中添加总监可以访问
[root@foundation88 samba]# setfacl -m u:zjl:rx caiwu/private
c.管理
[root@foundation88 samba]# chmod 755 guanli/public
[root@foundation88 samba]# chmod 750 guanli/public
[root@foundation88 samba]# chmod 755 guanli/guest
[root@foundation88 samba]# chown wy.guanli guanli/guest
[root@foundation88 samba]# chown wy.guanli guanli/public
[root@foundation88 samba]# setfacl -m g:lingdao:rx guanli/public
[root@foundation88 samba]# chmod 700 guanli/private
[root@foundation88 samba]# chown zg guanli/private
[root@foundation88 samba]# setfacl -m u:zjl:rx guanli/private
7.samba服务配置
[root@foundation88 ~]# vim /etc/samba/smb.conf
[homes]
comment = home directory
browseable = no ##不可以访问
writable = yes
[public]
path = /home/samba/public
public = yes
admin users = +wangluo ##网络部的所有组对公共区进行维护
[swap]
path = /home/samba/swap
public = yes
writable = yes
admin users = +wangluo
[zhizao]
path = /home/samba/zhizao/
writable = yes
browseable = yes
[zhizao.guest]
path = /home/samba/zhizao/guest
admin users = wy ##文员以超级用户的身份对其进行维护
browseable = no
[zhizao.public]
path = /home/samba/zhizao/public
valid users = +zhizao +lingdao ##只应许主管,领导访问
admin users = wy
browseable = no
[zhizao.private]
path = /home/samba/zhizao/private
valid users = +lingdao zg
admin users = zg
browseable = no
[caiwu]
path = /home/samba/caiwu/
writable = yes
browseable = yes
[caiwu.guest]
path = /home/samba/caiwu/guest
admin users = wy
browseable = no
[caiwu.public]
path = /home/samba/zhizao/public
valid users = +caiwu +lingdao
admin users = wy
browseable = no
[caiwu.private]
path = /home/samba/caiwu/private
valid users = zg zj zjl
admin users = zg
browseable = no
[guanli]
path = /home/samba/guanli/
writable = yes
browseable = yes
[guanli.guest]
path = /home/samba/guanli/guest
admin users = wy
browseable = no
[guanli.public]
path = /home/samba/zhizao/public
valid users = +guanli +lingdao
admin users = wy
browseable = no
[guanli.private]
path = /home/samba/guanli/private
valid users = zg zj
admin users = zg
browseable = no
[root@foundation88 ~]# systemctl restart smb
8.检验
[root@foundation88 ~]# smbclient -L //172.25.254.88
[root@samba mnt]# mkdir caiwu
[root@samba mnt]# mkdir guanli
[root@samba mnt]# mkdir zhizao
[root@samba mnt]# mkdir public
[root@samba mnt]# mkdir swap
[root@samba mnt]# ls
caiwu guanli public swap zhizao
[root@samba mnt]# mount -o username=admin,password=lee //172.25.254.88/guanli /mnt/guanli
[root@samba mnt]# mount -o username=admin,password=lee //172.25.254.88/caiwu /mnt/caiwu
[root@samba mnt]# mount -o username=admin,password=lee //172.25.254.88/zhizao /mnt/zhizao
[root@samba mnt]# mount -o username=admin,password=lee //172.25.254.88/public /mnt/public
[root@samba mnt]# mount -o username=admin,password=lee //172.25.254.88/swap /mnt/swap
[root@samba mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3185500 7288400 31% /
devtmpfs 481120 0 481120 0% /dev
tmpfs 496708 80 496628 1% /dev/shm
tmpfs 496708 13080 483628 3% /run
tmpfs 496708 0 496708 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2341 451838 1% /home
//172.25.254.88/guanli 77305980 15248176 62057804 20% /mnt/guanli
//172.25.254.88/caiwu 77305980 15248176 62057804 20% /mnt/caiwu
//172.25.254.88/zhizao 77305980 15248176 62057804 20% /mnt/zhizao
//172.25.254.88/public 77305980 15248176 62057804 20% /mnt/public
//172.25.254.88/swap 77305980 15248176 62057804 20% /mnt/swap
[root@samba ~]# cd /mnt/caiwu/private
[root@samba private]# ls
ls: reading directory .: Permission denied
[root@samba private]# cd
[root@samba ~]# cd /mnt/caiwu/guest
[root@samba guest]# ls
[root@samba ~]# cd /mnt/caiwu/public
[root@samba public]# ls
ls: reading directory .: Permission denied
其他的类似
[root@samba ~]# cd /mnt/swap
[root@samba swap]# ls
[root@samba swap]# cd
[root@samba ~]# cd /mnt/public
[root@samba public]# ls
[root@samba public]#