1.samba服务器的安装及访问调试
yum install samba-client samba-common samba -y
systemctl stop firewalld
getsebool -a | grep samba
setsebool -P samba_enable_home_dirs on
smbpasswd -a student ##student必须是本机用户
pdbedit -L ##查看
pdbedit -x student ##删除
useradd westos -s /sbin/nologin -M
-s /sbin/nologin ##禁止交互式登陆
-M ##不建立家目录
测试:
smbclient -L //172.25.254.132 -U student ##用student身份登陆
smbclient //172.25.254.132/student -U student ##用student身份查看自己的目录
2.samba共享目录
vim /etc/samba/smb.conf
321 [共享名称]
322 comment = 共享说明
323 path = 共享目录路径
:wq
systemctl restart smb
共享目录自建立目录时需要修改的selinux属性,此方式修改只针对修改目录
semanage fcontext -a -t samba_share_t '/redhat(/.*)?'
restorecon -FvvR /redhat/
共享目录建立目录时需要修改的selinux属性,此方式修改针对所有目录,一旦开放,selinux不保护目录访问
setsebool -P samba_export_all_rw on ##可以读写
setsebool -P samba_export_all_ro on ##只读
测试:
smbclient //172.25.254.132/redhat -U student
semanage fcontext -a -t samba_share_t '/redhat(/.*)?'
restorecon -RvvF /redhat/
smbclient //172.25.254.132/redhat -U student
smbclient //172.25.254.132/redhat -U student
setsebool -P samba_export_all_ro on
3.共享限制
vim /etc/fstab
//172.25.254.132/redhat /mnt cifs defaults,username=student,password=westos 0 0
mount //172.25.254.132/redhat -o username=student,password=westos
df
//172.25.254.132/redhat 10473900 3519004 6954896 34% /mnt
白名单
vim /etc/samba/smb.conf
322 comment = /redhat
323 path = /redhat
324 hosts allow = 172.25.254.132
systemctl restart smb.service
132主机
mount //172.25.254.132/redhat -o username=student,password=westos
df
//172.25.254.132/redhat 10473900 3519004 6954896 34% /mnt
32主机
vim /etc/fstab
//172.25.254.132/redhat /mnt cifs defaults,username=student,password=westos 0 0
mount //172.25.254.132/redhat -o username=student,password=westos
mount: //172.25.254.132/redhat is write-protected, mounting read-only
mount: cannot mount //172.25.254.132/redhat read-only
黑名单:
vim /etc/samba/smb.conf
322 comment = /redhat
323 path = /redhat
324 hosts deny = 172.25.254.132
systemctl restart smb.service
132主机
mount //172.25.254.132/redhat -o username=student,password=westos
mount: //172.25.254.132/redhat is write-protected, mounting read-only
mount: cannot mount //172.25.254.132/redhat read-only
32主机
mount //172.25.254.132/redhat -o username=student,password=westos
df
//172.25.254.132/redhat 10473900 3519968 6953932 34% /mnt
4.samba匿名访问
vim /etc/samba/sam.conf
123 security = user
124 passdb backend = tdbsam
125 map to guest = bad user
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 guest ok = yes
测试:
mount //172.25.254.132/redhat /mnt -o username=guest
df
//172.25.254.132/redhat 10473900 3540632 6933268 34% /mnt
5.samba 共享目录的管理参数
vim /etc/samba/smb.conf
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 guest ok = yes
writable = yes ##打开写权限
write list = student ##可写列表:对student可写
write list = @redhat ##redhat组可写
valid users = student ##student可以使用共享目录
valid users = +redhat ##redhat组可以使用共享目录
browseable = no ##= no隐藏共享目录 =yes 不隐藏
admin user = student ##为共享目录添加管理员
测试:
1.writable
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 writable = yes
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
touch /mnt/file
无法写入,可能是权限的问题
umount /mnt/
chmod 777 /redhat/
再次尝试
注意此时selinux布尔值:
文件的安全上下文:
如果是默认的安全上下文:
再次测试:
需要修改布尔值:
再次测试:
所建立的文件所有人和所有组都是student
2.write list
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 write list = student
使用redhat 登陆
mount //172.25.254.132/redhat /mnt -o username=redhat,password=redhat
touch /mnt/file2
使用student用户
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
touch /mnt/file1
将write list设置为组
vim /etc/samba/smb.conf
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 write list = +redhat
systemctl restart smb.service
使用redhat用户登陆
mount //172.25.254.132/redhat /mnt -o username=redhat,password=redhat
touch /mnt/file3
使用student用户
为student添加redhat组
usermod -G redhat student
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
touch /mnt/file4
3.valid users
vim /etc/samba/smb.conf
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 write list = +redhat
326 valid users = redhat
systemctl restart smb.service
使用student登陆
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
使用redhat登陆
mount //172.25.254.132/redhat /mnt -o username=redhat,password=redhat
设置为redhat组
vim /etc/samba/smb.conf
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 ; write list = +redhat
326 valid users = @redhat
systemctl restart smb.service
为student添加redhat组后再次使用student用户挂载
usermod -G redhat student
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
4.browseable
vim /etc/samba/smb.conf
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 ; write list = +redhat
326 ; valid users = @redhat
327 browseable = no
systemctl restart smb.service
smbclient -L //172.25.254.132 -U redhat ##查看共享目录
共享的redhat被隐藏
5.admin user
321 [redhat]
322 comment = /redhat
323 path = /redhat
324 ; writable = yes
325 ; write list = +redhat
326 ; valid users = @redhat
327 ; browseable = no
328 admin users = redhat
mount //172.25.254.132/redhat /mnt -o username=student,password=westos
touch /mnt/test1
mount //172.25.254.132/redhat /mnt -o username=redhat,password=redhat
touch /mnt/test2
ls /mnt
6.多用户挂载
设置多用户挂载前,root用户的挂载任意普通用户也可以查看:
客户端root用户:
yum install cifs-utils.x86_64 -y
vim /root/passfile ##写入samba服务端的用户和密码
username=student
password=westos
chmod 600 /root/passfile
mount -o credentials=/root/smbpass,multiuser,sec=ntlmssp //172.25.254.133/redhat /mnt
su - test
ls /mnt
redhat用户
cifscreds add -u student 172.25.254.133 ##与客户端超级用户挂载时的smb用户相同,挂载成功
如果使用不同的用户或者密码错误,挂载依然被拒绝
ls: cannot access /mnt: Permission denied