SMB服务搭建
常用配置
- 安装samba
#Ubuntu
sudo apt-get install -y samba cifs-utils
#CentOS
yum install -y samba-client samba-common cifs-utils
- 创建目录
mkdir -p /opt/share
确认用户/opt/share共享根路径至少有x权限
sudo chmod a+x /opt/share
确保用户对路径有读写权限
#设置文件acl权限,这个权限有别于共享权限,是文件、目录本身的权限
sudo setfacl m:username:rwx /opt/share/somedir
#查看acl权限
sudo getfacl /opt/share/somedir
#示例输出:
---------------------------------------------------------------------------------------------
getfacl: Removing leading '/' from absolute path names
# file: opt/share/ftp
# owner: nobody
# group: nogroup
user::rwx
user:username:rwx
group::r-x
mask::rwx
other::r-x
---------------------------------------------------------------------------------------------
- 编辑配置文件
cat>/etc/samba/smb.conf<<"EOF"
[share]
comment = share
path = /opt/share
browsable = yes
writable = yes
#guest ok = yes
read only = no
create mode = 0750
directory mode = 0750
inherit permissions = yes
valid users = username,@sambashare
EOF
- 重启samba
sudo systemctl restart smbd
sudo systemctl restart nmbd
- 添加用户
smbpasswd -a username #并设置密码
usermod -aG sambashare username
额外配置
- 设置允许访问共享的网段
##vi /etc/samba/smb.conf在[share]区块添加以下
#允许网段10.0.0.0/24访问共享
allow hosts = 10.0.0.0/255.255.255.0
#允许网段10.0.0.0/8,但是排除10.0.0.12这个ip
hosts allow = 10. except 10.0.0.12
#拒绝访问的网络
hosts deny = 192.168.1.50, 192.168.1.51
- 隐藏用户不可访问的文件
##这个配置,在有些地方也称为“基于访问的共享枚举”
##vi /etc/samba/smb.conf在[share]区块添加以下
hide unreadable = yes
查看smb共享状态
- smbstatus命令
#查看被使用的共享
sudo smbstatus -S
#示例输出:
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
share 648527 10.0.0.6 三 2月 8 08时05分42秒 2023 CST - -
share 648527 10.0.0.6 日 2月 12 15时57分44秒 2023 CST - -
---------------------------------------------------------------------------------------------
#查看完整的信息
sudo smbstatus
smbclient命令
#查看远程服务器共享目录
smbclient -L //192.168.60.2 -U username
#登录共享文件目录,文件目录不区分大小写,需要再次输出密码进入smb:\>
smbclient //192.168.60.2/share -U username
#示例交互输出:
---------------------------------------------------------------------------------------------
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\username's password:
Try "help" to get a list of possible commands.
smb: \>
---------------------------------------------------------------------------------------------
#无需交互直接输入密码
smbclient //192.168.60.2/share -U username%password
#示例输出:
---------------------------------------------------------------------------------------------
WARNING: The "syslog" option is deprecated
Try "help" to get a list of possible commands.
smb: \>
---------------------------------------------------------------------------------------------
##上传、下载、查看、切换路径等等
#常用的ls或者dir,cd,pwd和linux命令一致,查看当前目录下的文件,切换目录和查看当前路径
#下载文件,get filename
#上传文件,put filename
#上传多个文件,mput file1 file2
#下载多个文件,mget file1 file2
#新建文件夹,mkdir dir1
#删除文件夹,rmdir dir1
#删除文件, rm file2
#退出smb会话,exit或者quit