Linux 中 Samba 文件共享服务的部署
Samba 文件共享服务的部署
1.安装smb服务
[[email protected] ~]# yum install samba samba-common samba-client -y
2.打开smb,列出共享文件系统信息
[[email protected] ~]# systemctl start smb
[[email protected] ~]# smbclient -L //172.25.254.148
3.设置默认域名 [[email protected] ~]# vim /etc/samba/smb.conf
4.设置黑白名单 [[email protected] ~]# vim /etc/samba/smb.conf
(allow白名单 deny黑名单)
5.设置用户登陆 ##注意:必须是本地用户
6.使用用户登陆
[
三、Smb的Selinx保护
当Selinux=Disable时
1.进入用户家目录编辑
(?列出smb可使用的命令)
2.挂载
3.设置开机自动挂载
[[email protected] ~]# vim /etc/fstab
chmod +x /etc/fstab (给个执行权限)
1.进入用户家目录编辑
[[email protected] ~]# smbclient //172.25.254.108/tom -U tom
Enter tom's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
2.修改sebool值,进入用户家目录编辑
[[email protected] ~]# setsebool -P samba_enable_home_dirs on
[[email protected] ~]# smbclient //172.25.254.108/tom -U tom
Enter tom's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu May 3 21:49:51 2018
.. D 0 Thu May 3 21:46:34 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
60458 blocks of size 8192. 56476 blocks available
3.共享目录
用户建立目录:
修改配置文件,共享tets目录
[[email protected] ~]# mkdir /test
[[email protected] ~]# vim /etc/samba/smb.conf
重启smb,可以看到test目录共享信息
[[email protected] ~]# systemctl restart smb.service
[[email protected] ~]# smbclient -L //172.25.254.108/
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
test Disk test directory
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
但是,tom用户登陆无法编辑
[[email protected] ~]# smbclient //172.25.254.108/test -U tom
Enter tom's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
修改test目录的安全上下文,重启后再次登陆编辑
[[email protected] ~]# semanage fcontext -a -t samba_share_t '/test(/.*)?'
[[email protected] ~]# restorecon -RvvF /test/
restorecon reset /test context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[[email protected] ~]# systemctl restart smb.service
[[email protected] ~]# smbclient //172.25.254.108/test -U tom
Enter tom's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu May 3 22:48:51 2018
.. D 0 Thu May 3 22:48:51 2018
系统目录:
修改配置文件,共享mnt系统目录
[[email protected] ~]# vim /etc/samba/smb.conf
[mnt]
comment = mnt test directory
path =/mnt
重启后查看共享目录信息
[[email protected] ~]# systemctl restart smb.service
[[email protected] ~]# smbclient -L //172.25.254.108/
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
test Disk test directory
mnt Disk mnt test directory
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
设定samba的sebool值,打开所有共享目录的读写权限
[[email protected] ~]# setsebool samba_export_all_rw 1
[[email protected] ~]# smbclient //172.25.254.108/mnt -U tom
Enter tom's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu May 11 20:23:52 2017
.. D 0 Thu May 3 22:48:51 2018
四、多用户挂载
1.指定用户具备读写权限
[[email protected] ~]# vim /etc/samba/smb.conf
[test]
comment = test directory
path =/test
write list =tom ##只有tom用户具备权限
##writable = yes ##所有用户具备权限
##write list [email protected] ##只有tom组的用户具备权限
2.设定共享目录的读写权限,重启后测试
[[email protected] ~]# chmod 777 /test/
[[email protected] ~]# systemctl restart smb.service
只有tom用户具备权限
[[email protected] ~]# mount //172.25.254.108/test /mnt -o username=tom,password=123
[[email protected] ~]# touch /mnt/file1
[[email protected] ~]# rm -rf /mnt/file1
挂载jerry用户,不具备权限
[[email protected] ~]# umount /mnt
[[email protected] ~]# mount //172.25.254.108/test /mnt -o username=jerry,password=123
[[email protected] ~]# touch /mnt/file2
touch: cannot touch ‘/mnt/file2’: Permission denied
3.用户相关权限设置
security = user
passdb backend = tdbsam
map to guest = bad user ##匿名用户映射为guest
[test]
comment = test directory
path =/test
writeanle = yes
browseable = no ##不显示test共享目录
guest ok = yes ##允许匿名用户登陆
admin users =student ##studet用户编辑时以root用户身份
匿名用户登陆
[[email protected] ~]# mount //172.25.254.108/test /mnt -o username=guest
[[email protected] ~]# df
//172.25.254.108/test 10473900 3186684 7287216 31% /mnt
//172.25.254.108/test on /mnt type cifs (rw,relatime,vers=1.0,cache=strict,username=guest,domain=LOCALHOST,uid=0,noforceuid,gid=0,noforcegid,addr=172.25.254.108,unix,posixpaths,serverino,acl,rsize=1048576,wsize=65536,actimeo=1)
不显示test共享目录,但是不影响使用
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
mnt Disk mnt test directory
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
以student身份挂载,建立文件
[[email protected] ~]# mount //172.25.254.108/test /mnt -o username=student,password=123
[[email protected] ~]# touch /mnt/fire00
[[email protected] ~]# ll /mnt
total 0
-rw-r--r--. 1 root student 0 May 4 00:31 fire00
4.实现多用户挂载
安装 cifs-utils 软件
配置用户文件 vim /root/samba
查看帮助 man mount.cifs
多用户挂载 mount -o credentials=/root/samba,sec=ntlmssp,multiuer //172.25.254.108/test /mnt
此时root用户
[[email protected] ~]# cd /mnt/
[[email protected] mnt]# ls
file file123 filetest
[[email protected] mnt]# rm -fr file123
rm: cannot remove ‘file123’: Permission denied
[[email protected] mnt]# touch test
touch: cannot touch ‘test’: Permission denied
而普通用户
[[email protected] yum.repos.d]$ cd /mnt
[[email protected] mnt]$ ls
ls: reading directory .: Permission denied
普通用户认证 ##跟/test权限有关
[[email protected] mnt]$ cifscreds add -u tom 172.25.254.108
Password:
[[email protected] mnt]$ ls
file file123 filetest
[[email protected] mnt]$ rm -fr file
rm: cannot remove ‘file’: Permission denied