openEuler 搭建samba
samba文件共享服务套件 至少三个套件 包括samba,samba-common 和samba-client
• samba:这个套件主要包含了 SAMBA 的主要 daemon配置 ( smbd 及 nmbd )、 SAMBA 的文 件档 ( document )、以及其它与 SAMBA 相关的logrotate 设定文件及开机预设选项配置等;
• samba-common:这个套件则主要提供了 SAMBA 的主要配置(smb.conf) 、 smb.conf 语法检 验的测试程序 ( testparm )等;
• samba-client:这个套件则提供了当 Linux 做为SAMBA Client 端时,所需要的工具指令,例如 挂载 SAMBA 配置格式的执行档 smbmount等
samba配置文件
• Samba配置文件目录存放于/etc/samba,几个主要的配置文件有smb.conf、Imhost和smbpasswd • smb.conf:这个是SAMBA 最主要的配置文件。在较为简单的设定当中,这也是唯一的一个配置文件。该配置 文件主要的设定分为两部份,分别为:
• [global] 这个设定主机功能的项目
• [sharedir] 每个分享出去的目录的属性设定
安装samba
dnf install samba samba-client
管理Samba服务 端口 开机启动项
设置Samba为开机启动:
systemctl enable smb
启动Samba服务:
systemctl start smb
查看Samba服务运行状态:
systemctl status smb
查看端口监听状态:
netstat -lantp |grep 139
netstat –lantp |grep 445
如果没有端口号,查看防火墙的状态
systemctl stop firewalld
添加用户
[root@ljy var]# id smb
用户id=2002(smb) 组id=2002(smb) 组=2002(smb)
添加至 samba服务的账号
[root@ljy var]# smbpasswd -a samba
创建共享目录share和smb
[root@ljy ~]# mkdir /var/share /var/smb
更改共享目录的smb的属于为smb
[root@ljy ~]# chmod 777 /var/share /var/smb
[root@ljy ~]# chown smb:smb /var/smb
配置samba 配置共享
编辑Samba配置文件smb.conf,客户端可用通过匿名访问share目录,访问smb目录需要通过用户认证 才能访问,两个文件都用读写权限。
• 编辑[global]配置使用户可以通过匿名访问,添加字段:
map to guest = Bad User
• 新建[share]访问目录,设置其权限:
• 新建[smb]访问目录,并设置其权限:
[global]
workgroup = SAMBA
security = user
map to guest = Bad User
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[share]
comment = share
path = /var/share
public = yes
browseable = yes
writeable = yes
[smb]
comment = smb
path = /var/smb
write list = smb
browseable = yes
writable = yes
read list = smb
valid users = smb
create mask = 0777
directory mask = 0777
[share_files]
comment = share_files
path = /home/share_files
writable = yes
browseable= yes
需要考虑应用于该目录的SElinux安全上下文所带来的限制.在Samba的,正确文件上下值应该是samba_share_t.所以只需要修改完毕后执行restorecon命令,就能让应用用于目录的新SElinux 安全上下文立即生效
首先安装 semanage 命令
[root@ljy var]# yum provides /usr/sbin/semanage
Last metadata expiration check: 1:12:50 ago on 2023年11月22日 星期三 05时06分01秒.
policycoreutils-python-utils-2.8-14.eulerosv2r9.noarch : Policy core python utilities for selinux
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-utils-2.8-14.h1.eulerosv2r9.noarch : Policy core python utilities for selinux
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch : Policy core python utilities for selinux
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-utils-2.8-14.h8.eulerosv2r9.noarch : Policy core python utilities for selinux
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-utils-2.8-14.h9.eulerosv2r9.noarch : Policy core python utilities for selinux
Repo : base
Matched from:
Filename : /usr/sbin/semanage
[root@ljy var]# yum install policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch
Last metadata expiration check: 1:13:39 ago on 2023年11月22日 星期三 05时06分01秒.
Dependencies resolved.
============================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================
Installing:
policycoreutils-python-utils noarch 2.8-14.h6.eulerosv2r9 base 24 k
Installing dependencies:
checkpolicy x86_64 2.8-6.h2.eulerosv2r9 base 277 k
python3-IPy noarch 1.00-1.eulerosv2r9 base 35 k
python3-audit x86_64 3.0-5.h7.eulerosv2r9 base 71 k
python3-libsemanage x86_64 2.9-2.h6.eulerosv2r9 base 72 k
python3-policycoreutils noarch 2.8-14.h6.eulerosv2r9 base 1.7 M
python3-setools x86_64 4.1.1-17.h4.eulerosv2r9 base 447 k
Downgrading:
audit x86_64 3.0-5.h7.eulerosv2r9 base 173 k
audit-libs x86_64 3.0-5.h7.eulerosv2r9 base 94 k
libsemanage x86_64 2.9-2.h6.eulerosv2r9 base 100 k
policycoreutils x86_64 2.8-14.h6.eulerosv2r9 base 532 k
Transaction Summary
============================================================================================================================
Install 7 Packages
Downgrade 4 Packages
Total download size: 3.5 M
Is this ok [y/N]: y
Downloading Packages:
(1/11): audit-3.0-5.h7.eulerosv2r9.x86_64.rpm 1.4 MB/s | 173 kB 00:00
(2/11): libsemanage-2.9-2.h6.eulerosv2r9.x86_64.rpm 783 kB/s | 100 kB 00:00
(3/11): audit-libs-3.0-5.h7.eulerosv2r9.x86_64.rpm 660 kB/s | 94 kB 00:00
(4/11): policycoreutils-2.8-14.h6.eulerosv2r9.x86_64.rpm 3.9 MB/s | 532 kB 00:00
(5/11): python3-IPy-1.00-1.eulerosv2r9.noarch.rpm 950 kB/s | 35 kB 00:00
(6/11): python3-audit-3.0-5.h7.eulerosv2r9.x86_64.rpm 1.2 MB/s | 71 kB 00:00
(7/11): python3-libsemanage-2.9-2.h6.eulerosv2r9.x86_64.rpm 138 kB/s | 72 kB 00:00
(8/11): python3-policycoreutils-2.8-14.h6.eulerosv2r9.noarch.rpm 3.7 MB/s | 1.7 MB 00:00
(9/11): python3-setools-4.1.1-17.h4.eulerosv2r9.x86_64.rpm 3.3 MB/s | 447 kB 00:00
(10/11): checkpolicy-2.8-6.h2.eulerosv2r9.x86_64.rpm 139 kB/s | 277 kB 00:01
(11/11): policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch.rpm 8.6 kB/s | 24 kB 00:02
----------------------------------------------------------------------------------------------------------------------------
Total 1.2 MB/s | 3.5 MB 00:02
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: audit-libs-3.0-5.h7.eulerosv2r9.x86_64 1/1
Downgrading : audit-libs-3.0-5.h7.eulerosv2r9.x86_64 1/15
Downgrading : libsemanage-2.9-2.h6.eulerosv2r9.x86_64 2/15
Running scriptlet: policycoreutils-2.8-14.h6.eulerosv2r9.x86_64 3/15
Downgrading : policycoreutils-2.8-14.h6.eulerosv2r9.x86_64 3/15
Running scriptlet: policycoreutils-2.8-14.h6.eulerosv2r9.x86_64 3/15
Installing : python3-libsemanage-2.9-2.h6.eulerosv2r9.x86_64 4/15
Downgrading : audit-3.0-5.h7.eulerosv2r9.x86_64 5/15
Running scriptlet: audit-3.0-5.h7.eulerosv2r9.x86_64 5/15
Installing : python3-audit-3.0-5.h7.eulerosv2r9.x86_64 6/15
Installing : python3-setools-4.1.1-17.h4.eulerosv2r9.x86_64 7/15
Installing : python3-IPy-1.00-1.eulerosv2r9.noarch 8/15
Running scriptlet: checkpolicy-2.8-6.h2.eulerosv2r9.x86_64 9/15
Installing : checkpolicy-2.8-6.h2.eulerosv2r9.x86_64 9/15
Running scriptlet: checkpolicy-2.8-6.h2.eulerosv2r9.x86_64 9/15
Installing : python3-policycoreutils-2.8-14.h6.eulerosv2r9.noarch 10/15
Installing : policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch 11/15
Running scriptlet: policycoreutils-2.8-14.oe1.x86_64 12/15
Cleanup : policycoreutils-2.8-14.oe1.x86_64 12/15
Running scriptlet: policycoreutils-2.8-14.oe1.x86_64 12/15
Warning: The unit file, source configuration file or drop-ins of restorecond.service changed on disk. Run 'systemctl daemon-eload' to reload units.
Running scriptlet: audit-3.0-5.oe1.x86_64 13/15
Cleanup : audit-3.0-5.oe1.x86_64 13/15
Running scriptlet: audit-3.0-5.oe1.x86_64 13/15
Cleanup : libsemanage-2.9-2.oe1.x86_64 14/15
Cleanup : audit-libs-3.0-5.oe1.x86_64 15/15
Running scriptlet: policycoreutils-2.8-14.h6.eulerosv2r9.x86_64 15/15
Running scriptlet: audit-libs-3.0-5.oe1.x86_64 15/15
Verifying : audit-3.0-5.h7.eulerosv2r9.x86_64 1/15
Verifying : audit-3.0-5.oe1.x86_64 2/15
Verifying : audit-libs-3.0-5.h7.eulerosv2r9.x86_64 3/15
Verifying : audit-libs-3.0-5.oe1.x86_64 4/15
Verifying : libsemanage-2.9-2.h6.eulerosv2r9.x86_64 5/15
Verifying : libsemanage-2.9-2.oe1.x86_64 6/15
Verifying : policycoreutils-2.8-14.h6.eulerosv2r9.x86_64 7/15
Verifying : policycoreutils-2.8-14.oe1.x86_64 8/15
Verifying : checkpolicy-2.8-6.h2.eulerosv2r9.x86_64 9/15
Verifying : policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch 10/15
Verifying : python3-IPy-1.00-1.eulerosv2r9.noarch 11/15
Verifying : python3-audit-3.0-5.h7.eulerosv2r9.x86_64 12/15
Verifying : python3-libsemanage-2.9-2.h6.eulerosv2r9.x86_64 13/15
Verifying : python3-policycoreutils-2.8-14.h6.eulerosv2r9.noarch 14/15
Verifying : python3-setools-4.1.1-17.h4.eulerosv2r9.x86_64 15/15
Downgraded:
audit-3.0-5.h7.eulerosv2r9.x86_64 audit-libs-3.0-5.h7.eulerosv2r9.x86_64
libsemanage-2.9-2.h6.eulerosv2r9.x86_64 policycoreutils-2.8-14.h6.eulerosv2r9.x86_64
Installed:
policycoreutils-python-utils-2.8-14.h6.eulerosv2r9.noarch checkpolicy-2.8-6.h2.eulerosv2r9.x86_64
python3-IPy-1.00-1.eulerosv2r9.noarch python3-audit-3.0-5.h7.eulerosv2r9.x86_64
python3-libsemanage-2.9-2.h6.eulerosv2r9.x86_64 python3-policycoreutils-2.8-14.h6.eulerosv2r9.noarch
python3-setools-4.1.1-17.h4.eulerosv2r9.x86_64
Complete!
设置SElinux服务与策略,使用允许通过Samba服务程序访问普通用户家目录.执行getsebool命令,筛选所有与Samba服务的程序的相关的SElinux域策略,根据策略的名称
[root@linuxprobe ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@linuxprobe ~]# setsebool -P samba_enable_home_dirs on
[root@ljy var]# semanage fcontext -a -t samba_share_t /var/share
^[[A[root@ljy var]# semanage fcontext -a -t samba_share_t /var/smb
[root@ljy var]# restorecon -Rv /var/share
Relabeled /var/share from unconfined_u:object_r:var_t:s0 to unconfined_u:object_r:samba_share_t:s0
[root@ljy var]# restorecon -Rv /var/smb
Relabeled /var/smb from unconfined_u:object_r:var_t:s0 to unconfined_u:object_r:samba_share_t:s0
[root@ljy var]# systemctl restart smb
登录
smbclient -U samba -L IP ADD
通过 cmd 连接 sambaip
测试 samba 服务搭建成功
1.通过share访问目录,无需登录认证,并且可以创建和删除文
件夹或文件。
2.通过smb访问目录,需要提供smb用户认证信息后,才能打开文件,并且可以成功在目录smb中创建文件夹或文件