samba的作用
samba是一款软件,主要提供cifs协议
samba的安装与启用
在服务端server安装
yum install samba samba-common samba-client -y
systemctl start smb
systemctl stop firewalld
samba的基本信息
ss -antlupe | grep smb 查看samba端口
主配置文件
/etc/samba/smb.conf
workgroup = HEHEHE 工作组设定
# server string = Samba Server Version %v
server string = hello 全局共享信息
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
hosts allow = 172.25.254.131 客户白名单
hosts deny = 172.25.254.231 客户黑名单
测试
在客户端desktop
yum install samba-client -y
[root@desktop ~]# smbclient -L //172.25.254.131
Enter root's password:
Anonymous login successful
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (hello)
Anonymous login successful
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@desktop ~]# smbclient -L //172.25.254.231
Enter root's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
本地用户建立及访问
在服务端server
samba用户必须是本地用户
useradd lee 创建lee用户
smbpasswd -a lee 添加lee用户为samba
pdbedit -L 列出samba用户
pdbedit -x lee 删除samba用户
setsebool -P samba_enable_home_dirs on 开启selinux的家目录
进入客户端desktop
smbclient //172.25.254.131/lee -U lee
mount //172.25.254.131/lee /mnt/ -o username=lee,password=lee
实现永久挂载
vim /etc/fstab
//172.25.254.131/lee /mnt cifs defaults,username=lee,password=lee 0 0
mount -a
[root@desktop ~]# cd /mnt
[root@desktop mnt]# touch a
[root@desktop mnt]# smbclient //172.25.254.131/lee -U lee
Enter lee's password:
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sun Feb 25 22:02:37 2018
.. D 0 Sun Feb 25 21:54:22 2018
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
a D 0 Sun Feb 25 22:05:50 2018
40913 blocks of size 262144. 28482 blocks available
smb: \> exit
自定义共享目录
在服务端server
当目录是用户建立时
mkidr /sambadir 创建目录
semanage fcontext -a -t samba_share_t '/sambadir(/.*)' 更改安全上下文
restorecon -FvvR /sambadir/
vim /etc/samba/smb.conf 更改配置文件在最后以行加入
[DATA]
comment = hello
path = /sambadir
systemctl restart smb.service 重启
setenforce 0 改变selinux为警告型
测试
在客户端desktop
smbclient -L //172.25.254.131 -U lee
smbclient //172.25.254.131/DATA -U lee
匿名用户登陆权限开放
在服务端server
vim /etc/samba/smb.conf
125行 map to guest = bad user 匿名用户可以使用guest名称挂载
326 [SYSTEMDATA]
327 comment = /mnt
328 path = /mnt
329 guest ok = yes 匿名用户可以登陆
systemctl restart smb.service
更改selinux的setsebool
setsebool -P samba_export_all_ro on 只读
touch /mnt qqq
在客户端desktop测试
umount /mnt
mount //172.25.254.131/SYSTEMDATA /mnt -o username=guest
[root@desktop ~]# smbclient //172.25.254.131/SYSTEMDATA
Enter root's password:
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
smb: \> LS
. D 0 Mon Feb 26 01:20:46 2018
.. D 0 Sun Feb 25 22:48:19 2018
qqq N 0 Mon Feb 26 01:20:46 2018
权限控制用户可写
chmod 777 /sambadir
setsebool -P samba_export_all_rw on
writable = yes | no 是否开启写权限
write list = lee 写权力对lee用户开放
write list = +lee 写权力对lee组用户开放
admin users = lee 设定lee用户为当前共享的root
valid users = lee 设定当前共享的有效用户
browseable = yes | no 当前共享是否隐藏
在服务端server中
chmod 777 /sambadir
setsebool -P samba_export_all_rw on
vim /etc/samba/smb.conf
writable = yes 开启写权限
guest ok =yes 匿名用户可以登陆
在客户端desktop测试
在服务端server
vim /etc/samba/smb.conf
write list = +lee 写权力对lee组用户开放
systemctl restart smb.service
usermod -G lee student
在客户端desktop
mount //172.25.254.131/DATA /mnt -o username=student,password=student
cd /mnt
touch k
ls -ld k
umount /mnt
mount //172.25.254.131/DATA /mnt -o username=guest
touch /mnt/ee
ls -ld ee
-rw-r--r-- 1 nobody nobody 0 Feb 26 01:56 ee
umount /mnt
mount //172.25.254.131/DATA /mnt -o username=lee,password=lee
touch /mnt/a
ls -ld a
-rw-r--r-- 1 1001 1001 0 Feb 26 01:54 a
umount /mnt
mount //172.25.254.131/DATA /mnt -o username=student,password=student
[root@desktop ~]# cd /mnt
[root@desktop mnt]# touch zz
[root@desktop mnt]# ls
a e ee q zz
[root@desktop mnt]# ls -ld zz
-rw-r--r-- 1 student student 0 Feb 26 02:09 zz
在服务端server
vim /etc/samba/smb.conf
[DATA]
comment = hello
path = /sambadir
guest ok = yes
writable = yes
write list = lee
; write list = +lee
; admin users = student
valid users = lee设定当前共享的有效用户
在客户端desktop
[root@desktop ~]# umount /mnt
[root@desktop ~]# mount //172.25.254.131/DATA /mnt -o username=student,password=student
mount: //172.25.254.131/DATA is write-protected, mounting read-only
mount: cannot mount //172.25.254.131/DATA read-only
在服务端server
[DATA]
comment = hello
path = /sambadir
guest ok = yes
writable = yes
write list = lee
; write list = +lee
; admin users = student
valid users = lee
browseable = no
在客户端desktop
[root@desktop ~]# smbclient -L //172.25.254.131/DATA
Enter root's password:
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (hello)
SYSTEMDATA Disk /mnt
Domain=[HEHEHE] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
samba的多用户挂载
在服务端server中
chmod 777 /sambadir/
在客户端desktop
yum install cifs-utils -y
vim /root/sambapasswd
username=lee
password=lee
chmod 600 /root/sambapasswd
mount -o credentials=/root/sambpassword,sec=ntlmssp,multiuser //172.25.254.131/DATA /mnt
credentials=/root/sambpassword 挂载时的用户认证
multiuser 支持其他用户认证
sec=ntlmssp 其他用户的认证方式
测试
su - student
ls /mnt
ls: reading directory .: Permission denied
exit进入root用户执行
cifscreds add -u student 172.25.254.131
在student下
su - student
ls /mnt
touch /mnt/file2
在root用户中可以看到file2