如考虑后期版本漏洞安全等保等问题,能改用NFS就尽量用NFS吧,samba版本漏洞,我绝望了,最新版安装方式我也搞不定了------来自2022-11-17的觉悟; 以下是历史版本的安装方式!
通过yum安装samba会得到是一个带漏洞的低版本,以下是源码编译安装新版本4.14.3(2021-4-21发行)
关闭SELINUX
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
setenforce 0
安装Python3
yum -y install openssl-devel bzip2-devel expat-devel gdbm-devel readline-devel sqlite-devel
wget https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tgz
tar -zxvf Python-3.6.5.tgz && cd Python-3.6.5 && mkdir /usr/local/python3
./configure -prefix=/usr/local/python3
make && make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
python3
安装samba依赖
yum install -y attr bind-utils docbook-style-xsl gcc gdb krb5-workstation libsemanage-python libxslt perl perl-ExtUtils-MakeMaker perl-Parse-Yapp perl-Test-Base pkgconfig policycoreutils-python python2-crypto gnutls-devel libattr-devel keyutils-libs-devel libacl-devel libaio-devel libblkid-devel libxml2-devel openldap-devel pam-devel popt-devel python-devel readline-devel zlib-devel systemd-devel lmdb-devel jansson-devel gpgme-devel pygpgme libarchive-devel
安装gnutls
因直接samba编译安装会报GnuTLS version >= 3.4.7
wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz
tar -zxf nettle-3.4.1.tar.gz && cd nettle-3.4.1
./configure --disable-openssl --prefix=/usr/
vim config.make
# 在CFLAGS一行后面加上-std=c99
make
make install
yum -y install libunistring-devel
wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.4.tar.xz
tar -xvJf gnutls-3.6.4.tar.xz && cd gnutls-3.6.4
./configure --without-p11-kit
make
make install
建立软连接
ln -sf /usr/local/lib/pkgconfig/gnutls.pc /usr/lib64/pkgconfig/gnutls.pc
ln -sf /usr/local/lib/libgnutls.so /usr/lib64/libgnutls.so
ln -sf /usr/local/lib/libgnutls.so.30 /usr/lib64/libgnutls.so.30
安装samba
wget https://download.samba.org/pub/samba/stable/samba-4.14.3.tar.gz
tar -zxvf samba-4.14.3.tar.gz && cd samba-4.14.3
./configure --disable-python --without-ad-dc --without-json --without-libarchive --without-acl-support --without-pam --with-shared-modules=\!vfs_snapper --without-ldap --without-ads
make
make install
检测版本号
/usr/local/samba/sbin/smbd -V
开启samba共享文件夹
cat > /usr/local/samba/etc/smb.conf << EOF
[global]
workgroup = WORKGROUP
security = user
map to guest = Bad User
log file = /usr/local/samba/var/log.%m
max log size = 50
unix charset = UTF-8
#display charset = UTF-8
guest account = nobody
dos charset = cp936
create mask = 777
directory mask = 777
[myshare]
comment = share for users
path = /samba/myshare
browseable = yes
writable = yes
public = no
directory mode = 0777
create mode = 0770
EOF
- 创建共享目录文件夹
mkdir -p /samba/myshare
- 先创建操作系统用户
useradd myshare -s /sbin/nologin --no-create-home
- 创建smb登录用户
/usr/local/samba/bin/smbpasswd -a myshare
- 授权共享文件目录
chown -R myshare:myshare /samba/myshare
启动
/usr/local/samba/sbin/smbd -D
netstat -tlnp|grep smbd
查看帮助
/usr/local/samba/sbin/smbd --help
关闭靠kill
可用以下脚本
vim /resamba.sh
#!/bin/sh
port=445
#根据端口号查询对应的pid
pid=$(netstat -nlp | grep :$port | awk '{print $7}' | awk -F"/" '{ print $1 }');
#杀掉对应的进程,如果pid不存在,则不执行
if [ -n "$pid" ]; then
kill -9 $pid;
fi
sleep 3s #3秒内CTRL+C 停止就是关闭
clear
echo 启动中............
/usr/local/samba/sbin/smbd -D
netstat -tlnp|grep smbd | grep 445 && echo 445-OK
- 添加环境变量
vim /etc/profile
export PATH=$PATH:/usr/local/samba/bin:/usr/local/samba/sbin
source /etc/profile
- 添加开机启动
vim /etc/rc.local
/usr/local/samba/sbin/nmbd -D #非必要
/usr/local/samba/sbin/smbd -D
与旧版4.10的区别
- 不监听UDP(137,138),默认只使用TCP-445和139(当自定义了端口,139会不监听)
参考文献
samba源码编译安装(版本4.13.0)_灵葱的博客-CSDN博客_编译安装samba
samba-4.12.3版本 smb.conf 详细的配置内容解释 - Suozhiyuan - 博客园