近来在调试centos7下samba,遇到了很多坑,这里简单说下centos7下 samba的配置
环境准备:
安装samba
[root@docker2 /]# yum -y install samba samba-client
设置或者关闭centos7防火墙,由于我自己安装了iptables,默认centos7只有firewalld这个fang防火墙
[root@docker2 /]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)
6月 29 16:41:45 docker2 systemd[1]: Cannot add dependency job for unit firewalld.service...ed.
Hint: Some lines were ellipsized, use -l to show in full.
可以看到firewalld已经关闭,如果查看状态是开启的,请自行添加规则或者干脆把防火墙关了
命令
[root@docker2 /]# systemctl disable firewalld.service
或者
[root@docker2 /]# service firewalld stop
至于systemctl和service有什么区别,大家可以参考我的一篇名为“关于Centos7 一些用法和区别”
上面说到了我的centos7安装了iptables,所以这里我把iptables也关闭了
[root@docker2 /]# service iptables stop
进入samba配置
这里我想设置samba为共享模式(在centos6叫做share,但是centos7版本的samba4已经没有了share,改成了map to guest
[root@docker2 /]# more /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
map to guest = bad user
passdb backend = tdbsam
hosts allow = 192.168.10.43
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[datashare]
comment = docker data share
public = yes
path = /data
browseable = yes
writable = yes
guest ok = yes
可以看到我在[global]里面添加了map to guest,这个相当于以前samba版本的share模式,然后我限制了只有我本人192.168.10.43这个IP才能访问,注意hosts allow这个限制访问是在global模块配置才能生效的!
然后我在下面添加了自定义的datashare模块,想把这个模块的/data目录共享给自己访问,并且设置可以写模式。然后保存配置
service smb start启动samba服务,然后在windows服务器上面用 \\IP 试着访问目录,你会发觉目录是可以访问的,但是当我们想通过上传文件测试writable的功能时,发现报错“你需要权限操作”,为什么呢
因为仅仅在samba里面定义目录可写是不够的,linux默认会对目录文件进行用户和权限方面的限制,默认只有root用户可以进行写操作,所以这里需要对共享的/data目录的权限进行修改,并且把目录的归属改成匿名nobody
[root@docker2 /]# chmod -R 0777 data/
[root@docker2 /]# chown -R nobody:nobody data/
再试试,发现目录就可以写了