samba
1.samba服务简介
smb = Server Message Block
cifs = Common Internet File System
windows系统共享文件时用到的协议smb
2.samba基本信息
服务启动脚本:smb.service
主配置目录:/etc/samba
主配置文件:/etc/samba.conf
安全上下文:samba_share_t
端口:139 445
安装包:samba samba-common
3.samba安装及启用
selinux开启
dnf install samba samba-client samba-common -y
服务启动:
systemctl enable --now smb.service
添加火墙:
systemctl start firewalld.service
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
4.用户建立和访问
cd /etc/samba
ls
cp smb.conf.example smb.conf
mkdir /kkk
semanage fcontext -a -t samba_share_t '/kkk(/.*)?'
restorecon -RvvF /kkk/
vim /etc/samba/smb.conf
[LEE]
comment = kkk dir
path = /kkk
systemctl restart smb.service
smbclient -L //192.168.0.103
useradd -s /sbin/nologin -M admin
smbpasswd -a admin #添加用户,必须是本地存在的
pdbedit -L #查看用户列表
pdbedit -x admin #删除用户
smbclient //192.168.0.103/LEE
smbclient //192.168.0.103/LEE -U admin
mount -o username=admin,password=westos //192.168.0.103/LEE /mnt/
5.自动挂载
dnf install autofs -y
vim /etc/auto.master
/mnt /etc/auto.samba
#自动挂载点的上层目录 自动子策略文件
vim /etc/auto.samba
samba -fstype=cifs,username=admin,password=westos ://192.168.0.103/LEE
#最终挂载点 挂载参数 挂载资源
vim /etc/autofs.conf
timeout = 3 #退出三秒后自动卸掉
systemctl restart autofs.service
测试:
cd /mnt/samba #进入挂载点自动挂载
df
cd #退出挂载点等待三秒后自动卸掉
6.共享系统目录
vim /etc/samba/smb.conf
[LEE]
comment = kkk dir
path = /mnt
getsebool -a | grep samba
setsebool -P samba_export_all_ro on
systemctl restart smb.service
测试:
smbclient -L //192.168.0.103/LEE -U admin
7.基本配置
chmod 777 /kkk
vim /etc/samba/smb.conf #主配置文件修改以下参数
path = /kkk
挂载目录可建立文件
writable = yes
测试:
mount -o username=admin,password=westos //192.168.0.103/LEE /mnt/
cd /mnt
touch file1
只允许admin用户建立文件
write list = admin
测试:
cd /mnt
touch file2
cd
umount /mnt
mount -o username=linux,password=westos //192.168.0.103/LEE /mnt/
cd /mnt
touch file3
允许admin用户和拥有admin组的用户建立文件
write list = @admin
测试:
umount /mnt
mount -o username=lee,password=westos //192.168.0.103/LEE /mnt/
usermod -G admin lee
id lee
cd /mnt
touch file3
ls
cd
umount /mnt
mount -o username=admin,password=westos //192.168.0.103/LEE /mnt/
cd /mnt
touch file4
ls
允许admin用户和拥有admin用户组的用户登陆
valid users = +admin
测试:
smbclient //192.168.0.103/LEE -U admin
smbclient //192.168.0.103/LEE -U lee
usermod -G '' lee
id lee
smbclient //192.168.0.103/LEE -U lee
隐藏共享文件但是可以使用
browseable = no
测试:
smbclient -L //192.168.0.103
允许匿名用户挂载
map to guest = bad user #118行
guest ok =yes
测试:
mount //172.25.254.217/LEE /mnt/ -o username=guest
白名单
hosts allow = 192.168.0.103
测试:
mount -o username=admin,password=westos //192.168.0.103/LEE /mnt/
黑名单
hosts deny = 192.168.0.103
测试:
mount -o username=admin,password=westos //192.168.0.103/LEE /mnt/
每次修改完参数需要重启服务
systemctl restart smb.service
8.多用户挂载
dnf install cifs-utils -y
vim /root/smbauth
username=admin
password=westos
chmod 600 /root/smbauth
vim /etc/auto.master
/- /etc/auto.cifs
vim /etc/auto.cifs
/samba -fstype=cifs,credentials=/root/smbauth,sec=ntlmssp,multiuser ://192.168.0.103/LEE
systemctl restart autofs.service
测试:
su - bu
cd /samba
cifscreds add -u admin 192.168.0.103 #普通用户可以通过认证访问共享目录