概述
SMB 文件共享
用 Internet 文件系统 (CIFS) 是适用于MicrosoftWindows 服务器和客户端的标准文件和打印机共享系统息块(SMB)
Samba 服务可用于将 Linux 文件系统作为 CIFS/SMB 网络文件共享进行共享 , 并将 Linux 打印机作为 CIFS/SMB 打印机进行共享
Samba 服务的组成部分
软件包 :
Samba-common – Samba 的支持文件
Samba-client – 客户端应用程序
Samba – 服务器应用程序
服务名称 :smb nmb
服务端口 : 通常使用 TCP/445 进行所有连接。还使用UDP137 、 UDP138 和 TCP/139 进行向后兼容
主配置文件 :/etc/samba/smb.conf
一,配置Samba
服务端
[root@server ~]# yum install samba samba-client samba-common -y >>>>安装Samba的支持文件,服务端应用程序,客户端应用程序
[root@server ~]# systemctl start smb
[root@server ~]# systemctl enable smb.service >>>>开启服务
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl stop firewalld.service
[root@server ~]# systemctl disable firewalld.service >>>>关闭防火墙
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@server ~]# netstat -antlupe | grep smb >>>>查看smb的端口
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 55428 3220/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 55429 3220/smbd
tcp6 0 0 :::445 :::* LISTEN 0 55426 3220/smbd
tcp6 0 0 :::139 :::* LISTEN 0 55427 3220/smbd
客户端
[root@client ~]# yum install samba-client.x86_64 -y >>>>安装客户端软件
二,samba基础操作
1,查看共享文件 -L, --list=HOST Get a list of shares available on a host
[root@client ~]# smbclient -L //172.25.254.200
Enter root's password: >>>>>>这个密码不是root的登陆密码,初始没有,直接enter
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
2,建立samba用户
服务端
[root@server ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@server ~]# id westos
id: westos: no such user
[root@server ~]# useradd westos
[root@server ~]# passwd westos <<<<<如果用户不存在,就添加不了samba用户
Changing password for user westos.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@server ~]# smbpasswd -a student <<<<添加
New SMB password:
Retype new SMB password:
Added user student.
[root@server ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Added user westos.
[root@server ~]# pdbedit -L <<<<列出smaba用户
student:1000:Student User
westos:1001:
[root@server ~]# pdbedit -x student <<<<删除smaba用户
[root@server ~]# pdbedit -L
westos:1001:
[root@server ~]# smbpasswd -a student
New SMB password:
Retype new SMB password:
Added user student.
3,查看文件
客户端
student用户查看共享文件
[root@client ~]# smbclient -L //172.25.254.200/ -U student <<<<<-L是列出共享文件
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
student Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
student用户尝试登陆(这个用户是服务端的,客户端有没有没有关系)
[root@client ~]# smbclient //172.25.254.200/student -U student <<<<student用户登陆进入家目录
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \* <<<<虽然登陆成功,但是查看不到
smb: \> quit
服务端
[root@server ~]# getenforce <<<<SELINUX开启!!!
Enforcing
[root@server ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@server ~]# setsebool -P samba_enable_home_dirs on <<<<<<设置bool
客户端可以查看
[root@client ~]# smbclient //172.25.254.200/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls <<<<<<ls是查看student用户在服务端家目录的内容
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Sat Jun 2 10:03:16 2018
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28582 blocks available
smb: \> quit
4,上传文件
[root@client ~]# cd /etc/
[root@client etc]# smbclient //172.25.254.200/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] <<<<!ls是查看student用户登陆之前所在目录下的内容
smb: \> !ls
ghostscript pam.d UPower
gnome-settings-daemon passwd usb_modeswitch.conf
host.conf profile.d
smb: \> put passwd <<<<只能上传!ls内看到的文件
putting file passwd as \passwd (1957.8 kb/s) (average 1958.0 kb/s)
smb: \> put /bin/ls
NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/bin/ls
smb: \> quit
[root@client etc]# cd /bin/
[root@client bin]# smbclient //172.25.254.200/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> put ls <<<<<这些上传的文件可以在服务端student用户家目录查看到
putting file ls as \ls (114848.2 kb/s) (average 114859.4 kb/s)
smb: \> touch file <<<<<但是无法创建文件
touch: command not found
smb: \> quit
5,创建文件
[root@client ~]# smbclient -L //172.25.254.200/ -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
student Disk Home Directories <<<<<samba是一个disk类型,可以挂载
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
服务端直接挂载
[root@client ~]# mount //172.25.254.200/student /mnt/ -o username=student,password=redhat <<<<<
把服务端student用户家目录挂载在客户端/mnt下面
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3151184 7322716 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17060 925600 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.25.254.200/student 10473900 3157216 7316684 31% /mnt
[root@client ~]# cd /mnt/ <<<<<此时进入/mnt就相当于进入了服务端的student用户的家目录
[root@client mnt]# ls
ls passwd
[root@client mnt]# touch file{1..5} <<<<创建,删除文件在服务端都有效果
[root@client mnt]# ls
file1 file2 file3 file4 file5 ls passwd
[root@client mnt]# rm -rf * <<<<
[root@client mnt]# ls
[root@client mnt]#
三,开机自动挂载
客户端
[root@client mnt]# vim /etc/fstab <<<<<<开机自动挂载文件,不建议写在这里面,如果写坏了,系统可能无法启动
//172.25.254.200/student /mnt cifs defaults,username=student,password=redhat 0 0
[root@client mnt]# cd
[root@client ~]# umount /mnt/
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3151468 7322432 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17032 925628 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64
[root@client ~]# mount -a <<<<<<重新读取自动挂载文件
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3151468 7322432 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17032 925628 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64
//172.25.254.200/student 10473900 3157376 7316524 31% /mnt
[root@client ~]# vim /etc/rc.d/rc.local <<<<<<这个文件是开机之后才读取的,不影响系统的启动,类似脚本的写法
mount -o username=student,password=redhat //172.25.254.200/student /mnt
<<<<<<#!/bin/bash这个不能少
[root@client ~]# chmod +x /etc/rc.d/rc.local <<<<<<脚本要加上可执行权限
然后reboot
也可以
[root@client ~]# vim /bin/mount_smb <<<<<<写一个脚本
[root@client ~]# cat /bin/mount_smb
#!/bin/bash
mount //172.25.254.200/student /mnt -o username=student,password=redhat
[root@client ~]# chmod + /bin/mount_smb <<<<<<可执行权限
[root@client ~]# vim /etc/rc.d/rc.local
/bin/bash /bin/mount_smb
然后reboot
四,修改配置文件
[root@server student]# rpm -qc samba-common
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf <<<<<主配置文件
/etc/sysconfig/samba
1,修改workgroup
服务端
[root@server student]# vim /etc/samba/smb.conf
workgroup = WESTOS <<<<<<这个是在[global]全局里面修改
[root@server student]# systemctl restart smb.service
客户端
[root@client ~]# smbclient -L //172.25.254.200
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] <<<<<<<Domain已经改变
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
2,黑白名单
[root@server student]# vim /etc/samba/smb.conf
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
; max protocol = SMB2
hosts allow = 172.25.254.100 <<<<<只允许100登陆
[root@server student]# systemctl restart smb.service <<<<<
[root@server student]# cd
[root@server ~]# smbclient -L //172.25.254.200
Enter root's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE <<<<<200登陆失败
[root@client ~]# smbclient -L //172.25.254.200
Enter root's password:
Anonymous login successful <<<<100登陆成功
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- ------
如果 hosts deny = 172.25.254.100 那么就是只禁止100的登陆,其他的都可以登陆,做完实验注释掉
3,添加分享目录
服务端
[root@server ~]# mkdir /westos >>>>创建目录
[root@server ~]# vim /etc/samba/smb.conf
[root@server ~]# getenforce
Enforcing
[root@server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?' >>>>>对共享目录及其下所有添加安全上下文,在smb.conf查看
[root@server ~]# semanage fcontext -l | grep /westos >>>>>查看
/westos(/.*)? all files system_u:object_r:samba_share_t:s0
[root@server ~]# restorecon -FvvR /westos/ >>>>>>刷新
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@server ~]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR] >>>>>>这个DIR就是登陆时的路径
comment=westos dir
path = /westos >>>>>>指向/westos
[root@server ~]# systemctl restart smb.service
客户端
[root@client ~]# smbclient -L //172.25.254.200
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
DIR Disk westos dir <<<<<<匿名登陆可以查看到这个目录
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@client ~]# smbclient //172.25.254.200/DIR -U student <<<<<<<用户登陆,注意是DIR,可以查看到内容
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sun Jun 3 07:47:50 2018
.. D 0 Sun Jun 3 07:47:50 2018
40913 blocks of size 262144. 28580 blocks available
4,设定bool使客户端可以看
[root@server ~]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
[mnt] >>>>>>新建共享目录
comment = /mnt dir >>>>>>这个时共享目录的说明性文字,内容是什么没关系
path = /mnt
[root@server ~]# systemctl restart smb.service
[root@server ~]# touch /mnt/file{1..5}
[root@server ~]# cd /mnt/
[root@server mnt]# ls
file1 file2 file3 file4 file5 >>>>>>服务端可以查看到建立的文件
[root@client ~]# smbclient //172.25.254.200/mnt -U student >>>>>>客户端用户的登陆
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls >>>>>>客户端查看不到
. D 0 Thu Mar 13 07:51:26 2014
.. D 0 Sun Jun 3 07:47:50 2018
40913 blocks of size 262144. 28579 blocks available
[root@server mnt]# setenforce 0 >>>>>SELINUX设置为0,可以查看到
smb: \> ls
. D 0 Sun Jun 3 08:14:09 2018
.. D 0 Sun Jun 3 07:47:50 2018
file1 N 0 Sun Jun 3 08:14:09 2018
file2 N 0 Sun Jun 3 08:14:09 2018
file3 N 0 Sun Jun 3 08:14:09 2018
file4 N 0 Sun Jun 3 08:14:09 2018
file5 N 0 Sun Jun 3 08:14:09 2018
[root@server mnt]# setenforce 1 >>>>>>>警告模式不安全,设置为强制模式
[root@server mnt]# setsebool -P samba_export_all_ro on >>>>>>>设置布尔值,smb.conf文件里面有
smb: \> ls >>>>>>>客户端可以查看到文件
. D 0 Sun Jun 3 08:14:09 2018
.. D 0 Sun Jun 3 07:47:50 2018
file1 N 0 Sun Jun 3 08:14:09 2018
file2 N 0 Sun Jun 3 08:14:09 2018
file3 N 0 Sun Jun 3 08:14:09 2018
file4 N 0 Sun Jun 3 08:14:09 2018
file5 N 0 Sun Jun 3 08:14:09 2018
40913 blocks of size 262144. 28571 blocks available
5,隐藏共享文件
[root@server mnt]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
browseable = no <<<<<<<设置为隐藏,这个参数默认是yes,可以看见
[root@client ~]# smbclient -L //172.25.254.200
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
mnt Disk /mnt dir <<<<<<<查看不到DIR
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
6,服务端共享文件对所有人可写
[root@server mnt]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
browseable = yes
writable = yes >>>>>>>对所有人可写
[mnt]
comment = /mnt dir
path = /mnt
[root@client ~]# mount //172.25.254.200/DIR /mnt -o username=westos,password=redhat >>>>>>>挂载
>>>>这个是以服务端的westos身份挂载,与客户端有没有没有关系
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3150560 7323340 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 80 942580 1% /dev/shm
tmpfs 942660 17004 925656 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
//172.25.254.200/DIR 10473900 3159412 7314488 31% /mnt
[root@client ~]# cd /mnt/
[root@client mnt]# ls
[root@client mnt]# touch file >>>>>>>虽然有可写权限,但是还是无法写入
touch: cannot touch ‘file’: Permission denied
[root@server ~]# ls -ld /westos/
drwxr-xr-x. 2 root root 6 Jun 3 07:47 /westos/
[root@server ~]# chmod 777 /westos/ >>>>>>>给其他人权限
[root@client mnt]# touch file >>>>>>>可写
[root@client mnt]# ls
file
[root@client mnt]# rm -rf file >>>>>>>可删除
[root@client mnt]# ls
[root@client mnt]# touch file
[root@client mnt]# ll
total 0
-rw-r--r--. 1 1001 1001 0 Jun 3 09:00 file >>>>>>>这个文件的拥有着是1001
>>>>>>>这个1001是Uid,是服务端的
[root@server ~]# id 1001 >>>>>>>服务端查看是westos用户
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@client mnt]# id westos >>>>>>由于客户端没有这个用户,所以只能显示id
id: westos: no such user
!!!注意:如果客户端存在UID为1001的用户,那么文件所有者就是用户UID为1001的用户,而不管服务端是否有这个用户!!!
7,对特定用户和特定组可写
[root@server ~]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
browseable = yes
# writable = yes >>>>>注释掉对所有人可写
write list = student >>>>>只对student用户可写
[root@server ~]# systemctl restart smb.service
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat >>>>>>以westos用户重新挂载
[root@client ~]# cd /mnt/
[root@client mnt]# touch file{1..3} >>>>>>westos用户不是特定用户,所以不可写
touch: cannot touch ‘file1’: Permission denied
touch: cannot touch ‘file2’: Permission denied
touch: cannot touch ‘file3’: Permission denied
[root@client mnt]# umount /mnt/
umount: /mnt: target is busy.
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[root@client mnt]# cd
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=student,password=redhat >>>>>>以student用户重新挂载
[root@client ~]# cd /mnt/
[root@client mnt]# ls
[root@client mnt]# touch file{1..3} >>>>>>>student用户是特定用户所以可写
[root@client mnt]# ls
file1 file2 file3
[root@server westos]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
browseable = yes
# writable = yes
write list = @student >>>>>>对student这个组可写,前面要加@或+ 上面有例子
[root@server westos]# systemctl restart smb.service
[root@server westos]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server westos]# usermod -G student westos >>>>>>把westos用户加到student组
[root@server westos]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos),1000(student)
[root@client mnt]# cd
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat >>>>>客户端重新以westos用户登陆
[root@client ~]# cd /mnt/
[root@client mnt]# ls
file1 file2 file3
[root@client mnt]# touch file{5..10} >>>>>>可以创建文件
8,samba用户客户端创建文件时,文件的所有者是超级用户
[root@server ~]# vim /etc/samba/smb.conf
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[DIR]
comment = westos dir
path = /westos
browseable = yes
writable = yes
# write list = @student
admin users = westos <<<<<<<<客户端以westos用户登陆时,创建的文件所有者是超级用户
[root@server ~]# systemctl restart smb.service
[root@server ~]# ls -ld /westos/
drwxrwxrwx. 2 root root 4096 Jun 3 09:30 /westos/
[root@server ~]# chmod 755 /westos/ <<<<<<<超级用户不需要755的权限,为了说明是超户创建文件,缩小权限
[root@server ~]# ls -ld /westos/
drwxr-xr-x. 2 root root 4096 Jun 3 09:30 /westos/
[root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat
[root@client ~]# cd /mnt/
[root@client mnt]# ls
file1 file10 file2 file3 file5 file6 file7 file8 file9 hahah
[root@client mnt]# rm -rf *
[root@client mnt]# touch file <<<<<<<创建文件
[root@client mnt]# ll
total 0
-rw-r--r--. 1 root 1001 0 Jun 3 09:41 file <<<<<<只是所有者是root用户,组还是登陆的westos组
9,smb多用户挂载
[root@client mnt]# useradd test
[root@client mnt]# passwd test >>>>>>新用户建
Changing password for user test.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@client mnt]# su - test >>>>>>>切换用户
[test@client ~]$ cd /mnt/
[test@client mnt]$ ls >>>>>>新建的用户也可以看到
file >>>>>>这样不太安全
[test@client mnt]$ logout
>>>>>>添加认证的方式才能看到
[root@client ~]# yum install cifs-utils.x86_64 -y >>>>>>安装组建
[root@client ~]# man mount.cifs >>>>>>这里面写了对samba版本的要求
[root@client ~]# rpm -qa | grep samba >>>>>>查看版本
samba-client-4.1.1-31.el7.x86_64
samba-common-4.1.1-31.el7.x86_64
samba-libs-4.1.1-31.el7.x86_64
[root@client ~]# vim /root/smbpass >>>>>>为后面的挂载写配置文件
[root@client ~]# cat /root/smbpass >>>>>>root用户以服务端student用户身份
username=student
password=redhat
[root@client ~]# umount /mnt/
[root@client ~]# mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.200/DIR /mnt/
#credentials=/root/smbpasswd 指定挂载时所用到的用户文件
#multiuser 支持多用户认证
#sec=ntlmssp 认证方式为标准smb认证方式
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3152836 7321064 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 80 942580 1% /dev/shm
tmpfs 942660 17008 925652 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
//172.25.254.200/DIR 10473900 3159872 7314028 31% /mnt
[root@client ~]# cd /mnt/
[root@client mnt]# ls >>>>>root用户以student用户查看,是有这个权限的
file
[root@client mnt]# su - test >>>>>test用户在认证模式下没有做认证,所以看不了
Last login: Sun Jun 3 10:55:09 EDT 2018 on pts/0
[test@client ~]$ ls
[test@client ~]$ cd /mnt
[test@client mnt]$ ls
ls: reading directory .: Permission denied
客户端test用户做认证
[test@client mnt]$ rpm -ql cifs-utils >>>>>查看生成的所有文件
/etc/cifs-utils/idmap-plugin
/etc/request-key.d/cifs.idmap.conf
/etc/request-key.d/cifs.spnego.conf
/usr/bin/cifscreds
/usr/bin/getcifsacl <<<<<
/usr/bin/setcifsacl
/usr/lib64/cifs-utils/idmapwb.so
/usr/sbin/cifs.idmap
/usr/sbin/cifs.upcall
/usr/sbin/mount.cifs
/usr/share/man/man1/cifscreds.1.gz
/usr/share/man/man1/getcifsacl.1.gz
/usr/share/man/man1/setcifsacl.1.gz
/usr/share/man/man8/cifs.idmap.8.gz
/usr/share/man/man8/cifs.upcall.8.gz
/usr/share/man/man8/idmapwb.8.gz
/usr/share/man/man8/mount.cifs.8.gz
[test@client mnt]$ cifscreds --help
cifscreds: unrecognized option '--help'
Usage:
cifscreds add [-u username] [-d] <host|domain>
cifscreds clear [-u username] [-d] <host|domain>
cifscreds clearall
cifscreds update [-u username] [-d] <host|domain>
[test@client mnt]$ cifscreds add -u westos 172.25.254.200 <<<<<服务端的test用户认证为客户端的westos
Password:
如果输入或者添加错误,可以执行cifscreds clearall,可以删除上面做认证的信息
[DIR]
comment = westos dir
path = /westos
browseable = yes
writable = yes
# write list = @student
admin users = westos >>>>>>>注意这里还是admin users
[test@client mnt]$ ls >>>>>>>可以查看
file
[test@client mnt]$ touch filetest
客户端的test是用服务端的westos用户做认证,而服务端设定admin users = westos ,所以这里test用户创建文件时的所有者是root
[test@client mnt]$ ll
total 0
-rw-r--r--. 1 root test 0 Jun 3 09:41 file
-rw-r--r--. 1 root test 0 Jun 3 11:18 filetest
10,匿名用户登陆
[root@client mnt]# smbclient //172.25.254.200/DIR >>>>>>>匿名用户登陆格式
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED >>>>>>>登陆失败
[root@server ~]# vim /etc/samba/smb.conf
#
security = user
passdb backend = tdbsam
map to guest = bad user >>>>在[global]里面写上这个映射
# ----------------------- Domain Members Options ---------------------
[DIR]
comment = westos dir
path = /westos
browseable = yes
writable = yes
# write list = @student
admin users = westos
guest ok = yes >>>>>[DIR]这个共享目录匿名用户可以查看
[root@server ~]# systemctl restart smb.service
[root@client mnt]# smbclient //172.25.254.200/DIR >>>>>登陆
Enter root's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls >>>>>可以查看
. D 0 Sun Jun 3 11:18:03 2018
.. D 0 Sun Jun 3 07:47:50 2018
file N 0 Sun Jun 3 09:41:48 2018
filetest N 0 Sun Jun 3 11:18:02 2018
40913 blocks of size 262144. 28568 blocks available
匿名用户属于other,服务端给文件写的权限,配置文件也给权限那么就可以实现写文件的功能
也可以不登陆,挂载上,直接进入目录
[root@client mnt]# mount //172.25.254.200/DIR /mnt -o username=guest,password="" >>>>>挂载在/mnt下,注意身份是guest,
匿名用户没有密码,密码就是空
[root@client mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3152920 7320980 31% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 80 942580 1% /dev/shm
tmpfs 942660 17008 925652 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
//172.25.254.200/DIR 10473900 3160108 7313792 31% /mnt
[root@client mnt]# ls >>>>>不用登陆,直接查看
file filetest