一.Smb共享
A.服务端部署;
1.安装samba ,samba-common(samba共享),samba-clients (samba测试)
yum install samba samba-common samba-clients -y
2.开启samba服务
systemctl start smb
3.关闭火墙
systemctl stop firewalld
4.SELINUX设定:setenforce 0
5.添加用户:useradd westos
sampasswd -a westos
6.查看用户:pdbedit -L
7.新建存在于/home/westos/
ls -ld /home/westos/
B.客户端:
1.yum insatll samba-clients -y
2. 匿名用户查看;smbclient -L //172.25.254.120(空格)
3.本地用户查看:smbclient -L //172.25.254.120/westos -U westos
4.匿名用户登陆;smbclient //172.25.254.120(空格)
5.本地用户登陆:smbclient //172.25.254.120/westos -U westos
5.挂载方式操控:mount -o userame=wesrtos,password=westos //172.25.254.120/westos /mnt/
测试:
客户端:
cd /mnt/
touch file{1..5}
服务端: ls -l /home/westos/
二.samba -----selinux====Enforcing如何处置
setsebool -P samba_enable_home_dirs on
三,改smb所属域名
配置文件: /etc/samba/smb.conf
89) workgroup=WESTOS
查看:smbclient -L //172.25.254.120/westos
四.smd访问控制
配置文件: /etc/samba/smb.conf
96) 白名单:hosts allow=172.25.254.120 172.25.254.220
此为主机172.25.254.220
此为主机172.25.254.120
97) 黑名单 hosts deny = 172.25.254.120
五.私人文件共享
编辑配置文件:1.vim /etc/samba/smb.conf
322) [linux]名称
comment = westos dir share 说明
path = /westos 路径
2.重启smb服务:systemctl restart smb.service
3.smbclient -L //172.25.254.120 -U westos
4.semange fcontext -a -t samba_share_t '/westos(/.*)?'
5.restorecon -RvvF /westos/
6.smbclient //172.25.254.120/linux -U westos
六.系统共享
1.编辑配置文件:vim /etc/samba/smb.conf
326) [linux]
comment = opt directory
path = /mnt 路径
2.重启服务:systemctl restart smb.service
3. touch /mnt/hello
4.setforce 0
smbclient //172.25.254.120/opt -U westos
链接登陆可看,
但为了安全期间进行如下操作
5.setforce 1
6.setsebool -P samba_export_all_ro on
7.smbclient //172.25.254.120/opt -U westos
七.对smb 配置文件的修改控制
实验准备:
mkdir /westos
cd /westos
touch file{1..10}
chmod 777 /westos/
添加student 用户:
smbpasswd -a student
查看:pdbedit -L
1.控制所有用户可写:
vim /etc/samba/smb.conf
325)writable=yes 可写
测试:
smbclient //172.25.254.120/linux -U westos
!ls查看本地文件(只可下载本地文件)
下载:put anaconda-ks.cfg
2.指定用户可写
vim /etc/samba/smb.conf
write list = westos
测试:
smbclient //172.25.254.120/linux -U westos
ls
rm file9
smbclient //172.25.254.120/linux -U student
ls
rm file8 不被允许
3.对组生效
+/@westos 表示对westos的组可写
注释掉writable=yes
useradd -G westos student 将westos加到student组
测试:
smbclient //172.25.254.120/linux -U student ......student用户登陆
rm file8
实验完成
4.指定用户可访问/登陆
valid user = student
测试:
smbclient //172.25.254.120/linux -U westos
拒绝
smbclient //172.25.254.120/linux -U student
5.对组生效
valid user = +student
usermod -G student westos
smbclient //172.25.254.120/linux -U westos
注释
6.指定是否可发现共享
browseable = yes
smbclient //172.25.254.120/linux -U westos
7.指定超级用户
admin users = student student 为超级用户
smbclient //172.25.254.120/linux -U student
put anaconda-ks.cfg 下载
退出,可见超级用户是studet
8.匿名用户登陆:
guest ok=yes
126) map to guest = bab user
测试:
smbclient //172.25.254.120/linux
rm anaconda-ks.cfg
put anaconda-ks.cfg
quit
ls -l /westos/
八,smb安全锁
客户端:
本次认证的用户以及密码 认证方式 多用户挂载
1.将//172.25.254.120/linux /mnt/ -o username=westos,passwd=westos
要实现永久挂载:
编写文件:vim /etc/fstab
//172.25.254.120/linux /mnt cifs defaults,credentials,sec,multiuser 0 0
多用户管理的安全认证:
客户端;
1.yum install nfs-utils
2.vim /root/smbpass
其中添加用户信息
3.修改权限
4挂载
5.root下建立文件
6.student用户不可见
7.给student 添加smb认证过的用户
8.添加之后,student 可见root下建立的文件
.