使用Samba实现Linux与Windows文件共享实践
前言
一直以来都以为FTP和NFS是局域网文件共享的常用方式,但是在最近接触Samba之后,了解到一些用户需要简化访问学习成本,满足基础的权限控制管理,并支持实时编辑和保存文件,我才明白这些需求使用之前的方法都是很难满足的,而Samba却可以完美的支持上述需求,虽然在开始接触时花了一些时间学习,但把配置和语法梳理清楚之后就很简单了。
Unix与Windows文件共享的最佳方式之一
更新历史
2017年05月16日 - 完善内容
2015年07月28日 - 增加Samba日志审计部分
2015年07月11日 - 初稿
阅读原文 - https://wsgzao.github.io/post/samba/
扩展阅读
Samba - https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
使用Samba或NFS实现文件共享 - http://www.linuxprobe.com/chapter-12.html
SAMBA服务器 - http://vbird.dic.ksu.edu.tw/linux_server/0370samba.php
RHEL6.5下部署samba企业级文件服务器实战 - http://yuan2.blog.51cto.com/446689/1588085
Samba日志分析 - http://chenguang.blog.51cto.com/350944/1606746
安装samba
各个平台的安装都蛮简单的,略过
配置samba
建议合理规划目录和用户权限,可以利用用户组来简化授权管理,参见扩展阅读
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
#创建目录(举例) mkdir -p /data2/sm chmod -R 777 /data2/sm #添加用户(举例) groupadd dengling useradd -g dengling -s /sbin/nologin dengling #推荐使用pdbedit smbpasswd -a dengling #备份smb配置文件并编辑 cd /etc/samba cp smb.conf smb.conf.bak vi smb.conf #全局参数 [global] security = share log file = /var/log/samba/log.%m idmap config * : backend = tdb guest ok = Yes lanman auth = Yes client lanman auth = yes client plaintext auth = yes hosts allow = 127., 172., 192.168.1., 192.168.3. cups options = raw vfs objects = full_audit full_audit:failure = none full_audit:success = rename unlink rmdir open opendir pwrite write full_audit:prefix = %u|%I|%m|% admin log = yes log level = 2 syslog = 2 #共享参数 [homes] comment = Home Directories read only = No browseable = No [sheji] comment = sheji path = /data2/sm/sheji valid users = share, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi read only = No create mask = 0775 directory mask = 0775 [test] comment = sheji path = /data2/sm/test valid users = test, test2, shenwei read only = No create mask = 0775 directory mask = 0775 [q2] comment = sheji path = /data2/sm/q2 valid users = xuejia, sungaoshuai, lujingjing, huangsonghe, yefei, lvwenhan, fangyuan, zhanghuichen, liuguofa, xupeiyu, yangpengfei, lisuitao, sunzhen, shenwei, xuwei, shenjiamei, humengchu, rensiqiang, yeting, tongying, jinbo, zengfanan, fengpeisi, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, zhoujian, fenglu, linlijun, chenshuxian, linzhimin, yanyoushan, xiaguoying, zhanghuanrong, mayushu, xuyangjing, guogaoyan, huangyouyang, jinzhibin, huyuqing, shenxuemei, liukui read only = No create mask = 0775 directory mask = 0775 [market] comment = sheji path = /data2/sm/market valid users = zhanghuichen, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xuyangjing, chenshuxian, linzhimin, caoling, guogaoyan, xiehaibo, huangyouyang, jinzhibin, huyuqing read only = No create mask = 0777 directory mask = 0775 [market_finance] comment = sheji path = /data2/sm/market_finance valid users = yangqiong, shenwei, chenye, wuailing, pengnan, liangzhixue, chenhong, daimengyou, wangxiaoshuo, xiehaibo, gaofangjie, xuyangjing, chenshuxian, linzhimin, huangyouyang, jinzhibin, huyuqing read only = No create mask = 0777 directory mask = 0775 [shenwei] comment = sheji path = /data2/sm/develop/shenwei valid users = shenwei read only = No create mask = 0777 directory mask = 0775 [qijun] comment = qj path = /data2/sm/homedir/qijun valid users = qijun read only = No create mask = 0777 directory mask = 0775 guest ok = No [wenyong] comment = sheji path = /data2/sm/develop/wenyong valid users = wenyong read only = No create mask = 0777 directory mask = 0775 [wudi] comment = sheji path = /data2/sm/develop/wudi valid users = wudi read only = No create mask = 0777 directory mask = 0775 [caijiannan] comment = sheji path = /data2/sm/develop/caijiannan valid users = caijiannan read only = No create mask = 0777 directory mask = 0775 [weiduani2] comment = weiduan path = /data2/sm/develop/raochao/微端 valid users = wangfeng read only = No create mask = 0777 directory mask = 0775 [raochao] comment = raochao path = /data2/sm/develop/raochao read list = wangfeng, xuwei, shenjiamei, chenxianzhe, chenye, wuailing, liuyuting, dainan write list = raochao [product] comment = product path = /data2/sm/product read only = No create mask = 0777 directory mask = 0777 [jinbo] comment = JinBo path = /data2/sm/homedir/jinbo valid users = jinbo read only = No guest ok = No [xiaoqiang] comment = xiaoqiang path = /data2/sm/homedir/xiaoqiang valid users = xiaoqiang read only = No guest ok = No [share] comment = share path = /data2/sm/homedir/share valid users = share, market, wal, qijun, zhanghua read only = No |
启动samba
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
#常用选项 [shared_name] path = # 文件系统路径 browseable = {yes|no} # 是否可以被查看到 public = {yes|no} # 是否可被所有人读 guest ok = {yes|no} # 与 public 相同 read only = yes # 是否只读 writeable = yes # 是否可写 write list = user1, user2 # 可写用户列表 @group, +group # 可写组列表 valid users = # 白名单 invalid users = # 黑名单 #检查语法 testparm #重启smb服务查看状态 service smb restart smbstatus |
Windows客户端访问
1.Windows*问samba
在“计算机”中输入:\\xxx.xxx.xxx.xxx\
2.Windows断开samba共享连接,实在不行可以选择注销或者重启
在【开始】→【运行】→【CMD】回车中输入:net use * /del /y
3.将samba共享的Linux目录映射成Windows的一个驱动器盘符
在【右键计算机】→【映射网络驱动器】→【文件夹\XX.XX.XX.XX\】