Samba瞎折腾一下

#Samba实验内容
#权限不算太复杂，可以使用samba的权限管控，或者使用acl设置权限。复杂的就是用acl设置吧。
#系统版本：Centos 7
samba版本：4.7.1
#安装软件包：
samba-common
samba-client
samba
samba-libs

#权限分配示例图

#权限设计

[[homes]
                     all
[public]
           xzb:rwx
           other:r-x
[财务报表]
           zjb:r-x
           cwb:rwx
[工资表]
           zjb:r--
           cwb:rwx
           xzb:rwx
[设计原型]
           yf:r-x
           sj:rwx
[开发文档]
           yf:rwx
[客服文档]
           zjb:r-x
           kf:rwx
[录音]
           zjb:r-x
           kf:rwx
[市场推广]
           zjb:r-x
           scb:r-x
           sczj:rwx

#用户

总经办：zjb
财务部：cwb
行政部：xzb
设计：sj
研发：yf
运维：yw
客服：kf
市场部：scb
市场总监：sczj

#目录

财务报表：cwbb 
工资表：gzb 
设计原型：sjyx 
开发文档：kfwd 
客服文档：wd 
录音：ly 
市场推广：sctg

#创建系统用户

sudo useradd -g samba -s /sbin/nologin zjb
sudo useradd -g samba -s /sbin/nologin cwb
sudo useradd -g samba -s /sbin/nologin xzb
sudo useradd -g samba -s /sbin/nologin sj
sudo useradd -g samba -s /sbin/nologin yf
sudo useradd -g samba -s /sbin/nologin yw
sudo useradd -g samba -s /sbin/nologin kf
sudo useradd -g samba -s /sbin/nologin scb
sudo useradd -g samba -s /sbin/nologin sczj

#创建samba用户

pdbedit -a -u zjb
pdbedit -a -u cwb
pdbedit -a -u xzb
pdbedit -a -u sj
pdbedit -a -u yf
pdbedit -a -u yw
pdbedit -a -u kf
pdbedit -a -u scb
pdbedit -a -u sczj

#新建目录
mkdir -p /data/share;cd /data/share

mkdir cwbb gzb sjyx kfwd wd ly sctg

#修改权限
chown -R samba.samba cwbb gzb sjyx kfwd wd ly sctg

chmod 700 cwbb gzb sjyx kfwd wd ly sctg

chmod 750 public

#配置文档
vim /etc/samba/smb.conf

[global]
    workgroup = Samba
    server string = Samba server
    max log size = 50
    log file = /var/log/samba/log.%m
    security = user
    passdb backend = tdbsam
    username map = /etc/samba/smbusers

[homes]
    comment = Home Dirctories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes

[public]
    comment = public share
    path = /data/share/public
    guest ok = yes
    browseable = yes
    write list = xzb

[财务报表]
    comment = cwbb
    path = /data/share/cwbb
    browseable = yes
    writable = yes

[工资表]
    comment = gzb
    path = /data/share/gzb
    browseable = yes
    writable = yes

[设计原型]
    comment = sjyx
    path = /data/share/sjyx
    browseable = yes
    writable = yes

[开发文档]
    comment = kfwd
    path = /data/share/kfwd
    browseable = yes
    writable = yes

[客服文档]
    comment = wd
    path = /data/share/wd
    browseable = yes
    writable = yes

[录音]
    comment = ly
    path = /data/share/ly
    browseable = yes
    writable = yes

[市场推广]
    comment = sctg
    path = /data/share/sctg
    browseable = yes
    writable = yes

#测试配置是否有问题，通过。。ok
[root@elk-master share]# testparm

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[public]"
Processing section "[财务报表]"
Processing section "[工资表]"
Processing section "[设计原型]"
Processing section "[开发文档]"
Processing section "[客服文档]"
Processing section "[录音]"
Processing section "[市场推广]"
Loaded services file OK.
Server role: ROLE_STANDALONE
下面省略。。

#重启
systemctl restart nmb
systemctl restart smb

#使用acl设置权限

setfacl -m u:zxb:rwx /data/share/public
setfacl -m u:cwb:rws /data/share/cwbb
setfacl -m u:zjb:r-x /data/share/cwbb
setfacl -m u:zjb:r-x /data/share/gzb
setfacl -m u:cwb:r-x /data/share/gzb
setfacl -m u:zxb:rwx /data/share/gzb
setfacl -m u:yf:r-x /data/share/sjyx
setfacl -m u:sj:rwx /data/share/sjyx
setfacl -m u:yf:rwx /data/share/kfwd
setfacl -m u:kf:rwx /data/share/wd
setfacl -m u:zjb:r-x /data/share/wd
setfacl -m u:kf:rwx /data/share/ly
setfacl -m u:zjb:r-x /data/share/ly
setfacl -m u:sczj:rwx /data/share/sctg
setfacl -m u:zjb:r-x /data/share/sctg
setfacl -m u:scb:r-x /data/share/sctg

→→完成,自己折腾下自己，做个笔记，用户多就需要写脚本了。