samba
1samba作用
提供cifs協議實現共享文件
2安裝
yum install samba samba-common samba-client -y
systemctl start smb nmb
systemctl enable smb nmb
3添加smb用戶
首先系統中要有用戶
[root@westos ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@westos ~]# smbpasswd -a student 創建smb用戶
New SMB password:
Retype new SMB password:
Added user student.
[root@westos ~]# pdbedit -L 查看smb用戶信息
student:1000:Student User
[root@westos ~]# pdbedit -x student 刪除smb用戶
[root@westos ~]# pdbedit -L
[root@westos ~]# setsebool -P samba_enable_home_dirs on 在selinux中可以訪問自己的家目錄
測試
[root@westos ~]# smbclient //172.25.254.114/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28544 blocks available
4共享目錄
[root@westos ~]# vim /etc/samba/smb.conf
[jj] 共享名稱
comment = local.public 對共享目錄的描述
path = /mnt 共享目錄的絕對路徑
workgroup = WESTOS 共享目錄的組
當共享目錄爲用戶自建目錄時
[root@westos mnt]# mkdir /smbshare
[root@westos mnt]# touch /smbshare/westosxxx
[root@westos mnt]# vim /etc/samba/smb.conf
[jj]
comment = local.public
path = /smbshare
[root@westos mnt]# setsebool -P samba_enable_home_dirs 0
[root@westos mnt]# semanage fcontext -a -t samba_share_t '/smbshare(/.*)?'
/etc/selinux/targeted/contexts/files/file_contexts.local: line 4 has invalid regex /smbshare(/.*)?: missing )
PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local
/etc/selinux/targeted/contexts/files/file_contexts.local: line 4 has invalid regex /smbshare(/.*)?: missing )
PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local
ValueError: Could not commit semanage transaction
[root@westos mnt]# restorecon -RvvF /smbshare
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:36:48 2017
.. D 0 Sat Jun 3 02:36:38 2017
westosxxx N 0 Sat Jun 3 02:36:48 2017
40913 blocks of size 262144. 28544 blocks available
smb: \>
semanage fcontext -a -t samba_share_t '目錄名稱(/.*)?‘ 配置安全上下文
restorecon -RvvF 目錄名稱
當共享目錄爲系統目錄時
[root@westos ~]# touch /mnt/file{1..10}
[root@westos ~]# cd /mnt
[root@westos mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28545 blocks available
smb: \>
[root@westos mnt]# setsebool -P samba_export_all_ro on 只讀共享
[root@westos mnt]# setsebool -P samba_export_all_rw on 讀寫共享
[root@westos ~]# setsebool -P samba_enable_home_dirs on
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:28:28 2017
.. D 0 Sat Jun 3 01:30:28 2017
file1 N 0 Sat Jun 3 02:28:28 2017
file2 N 0 Sat Jun 3 02:28:28 2017
file3 N 0 Sat Jun 3 02:28:28 2017
file4 N 0 Sat Jun 3 02:28:28 2017
file5 N 0 Sat Jun 3 02:28:28 2017
file6 N 0 Sat Jun 3 02:28:28 2017
file7 N 0 Sat Jun 3 02:28:28 2017
file8 N 0 Sat Jun 3 02:28:28 2017
file9 N 0 Sat Jun 3 02:28:28 2017
file10 N 0 Sat Jun 3 02:28:28 2017
40913 blocks of size 262144. 28545 blocks available
smb: \>
匿名用戶登陸
[root@westos mnt]# smbclient //172.25.254.114/jj
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@westos mnt]# vim /etc/samba/smb.conf
123 security = user
124 passdb backend = tdbsam
125 map to guest = bad user
321 [jj]
322 comment = local.public
323 path = /smbshare
324 guest ok = yes
[root@westos mnt]# systemctl restart smb.service
[root@westos mnt]# smbclient //172.25.254.114/jj
Enter root's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:36:48 2017
.. D 0 Sat Jun 3 02:36:38 2017
westosxxx N 0 Sat Jun 3 02:36:48 2017
40913 blocks of size 262144. 28545 blocks available
smb: \>
訪問控制
hosts allow = 域名 僅允許
host deny = 域名 僅拒絕
[jj]
comment = local.public
path = /smbshare
valid users = westos 當前共享有效用戶
valid users = +westos 當前共享有效用戶組
valid users = @westos 當前共享有效用戶組
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
所有用戶均可寫
服務器
[root@westos mnt]# vim /etc/samba/smb.conf
[jj]
comment = local.public
path = /mnt
writable = yes 是否可寫
[root@westos mnt]# setsebool -P samba_export_all_rw on
[root@westos mnt]# chmod o+w /mnt
客機
[root@foundation14 ~]# mount -o username=student,password=westos //172.25.254.114/jj /mnt/ 【smb共享目錄】 【smb用戶名以及密碼】
[root@foundation14 ~]# cd /mnt
[root@foundation14 mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj
[root@foundation14 mnt]# touch kill
[root@foundation14 mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj kill
[root@foundation14 mnt]#
指定用戶可寫
write list = student 可寫用戶
write list = +student 可寫用戶組
write list = @student
admin users = westos 共享超級用戶指定
smb多用戶掛載
在客機上【不在服務器】
[root@foundation14 ~]# vim /root/westos
username=student
password=westos
[root@foundation14 ~]# chmod 600 /root/westos
[root@foundation14 ~]# yum install cifs-utils -y
[root@foundation14 ~]# mount -o credentials=/root/westos,multiuser,sec=ntlmssp //172.25.254.114/jj /mnt/
credentials=/root/westos 指定掛載時的認證文件
sec=ntlmssp smb認證方式
multiuser 支持多用戶認證
測試
su - kiosk
ls /mnt
[kiosk@foundation14 ~]$ ls /mnt
ls: cannot access /mnt: Permission denied 沒有認證無法訪問
[kiosk@foundation14 ~]$ cifscreds add -u student 172.25.254.114 認證
Password:
[kiosk@foundation14 ~]$ ls /mnt
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj kill