多用户挂载的验证策略 (条件:多个用户对当前文件系统有不同的权限并且客户端要求只能通过某一个挂载点目录访问文件系统)
再服务器上通过SMB共享目录/devops,并满足以下要求
1、共享名为devops
2、共享目录devops只能被192.168.100.0/24网段中的客户端使用
3、共享目录devops必须可以被浏览 browseable =Yes
4、用户xixi必须能以读的方式访问此共享,访问密码是redhat
5、用户heihei必须能以读写的方式访问此共享,访问密码是redhat
此共享永久挂载在192.168.171.144上的/devops/目录,并使用用户xixi作为认证(任何用户)可以通过用户heihei来临时获取写的权限
服务端
[root@localhost ~]# yum install samba-client -y
[root@localhost ~]# yum install samba -y
[root@localhost ~]# vim /etc/samba/smb.conf
[devops]
comment=zsc
path= /devops
hosts allow=192.168.153.
browseable=Yes
read only=Yes
write list= heihei
[root@localhost ~]# mkdir /devops
[root@localhost ~]# touch /devops/{1…5}
[root@localhost ~]# ll /devops
total 0
-rw-r–r--. 1 root root 0 Jul 17 15:12 1
-rw-r–r--. 1 root root 0 Jul 17 15:12 2
-rw-r–r--. 1 root root 0 Jul 17 15:12 3
-rw-r–r--. 1 root root 0 Jul 17 15:12 4
-rw-r–r--. 1 root root 0 Jul 17 15:12 5
添加用户
[root@localhost ~]# useradd heihei
[root@localhost ~]# useradd xixi
[root@localhost ~]# smbpasswd -a heihei
New SMB password:
Retype new SMB password:
Added user heihei.
[root@localhost ~]# smbpasswd -a xixi
New SMB password:
Retype new SMB password:
Added user xixi.
[root@localhost ~]# chmod o+w /devops
[root@localhost ~]# setfacl -m u:heihei:rxw /devops
[root@localhost ~]# systemctl restart smb nmb
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
客户端
[root@localhost ~]# yum install cifs-utils.x86_64 -y
[root@localhost ~]# vim /etc/fstabc
[root@localhost ~]# mkdir /devops
[root@localhost ~]# mount -a
//192.168.153.132/devops /devops cifs defaults,multiuser,username=xixi,password=redhat,sec=ntlmssp 0 0
[root@localhost ~]# useradd heihei(与服务端id保持一致)
[root@localhost ~]# useradd xixi(与服务端id保持一致)
测试
[root@localhost ~]# su heihei
[heihei@localhost root]$ cifscreds add 192.168.153.132
Password:
[heihei@localhost root]$ cd /devops
[heihei@localhost devops]$ ll
total 0
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 1
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 2
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 3
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 4
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 5
[heihei@localhost devops]$ touch hei1
[heihei@localhost devops]$ ll
total 0
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 1
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 2
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 3
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 4
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:12 5
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:53 hei1
[heihei@localhost devops]$ su xixi
[xixi@localhost root]$ cd /devops
[xixi@localhost devops]$ ll
total 0
-rwxr-xr-x. 1 xixi xixi 0 Jul 17 15:12 1
-rwxr-xr-x. 1 xixi xixi 0 Jul 17 15:12 2
-rwxr-xr-x. 1 xixi xixi 0 Jul 17 15:12 3
-rwxr-xr-x. 1 xixi xixi 0 Jul 17 15:12 4
-rwxr-xr-x. 1 xixi xixi 0 Jul 17 15:12 5
-rwxr-xr-x. 1 heihei heihei 0 Jul 17 15:53 hei1
DHCP
[root@localhost ~]# yum install dhcp-server.x86_64 -y
[root@localhost ~]# vim /etc/dhcp/dhcpd.conf
subnet 192.168.153.0 netmask 255.255.255.0 {
range 192.168.153.200 192.168.153.250;
option domain-name-servers 114.114.114.144;
option domain-name “internal.example.org”;
option routers 192.168.153.1;
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;
}
host A{
hardware ethernet 00:0c:29:10:08:a8;
fixed-address 192.168.153.249;
}
331
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
