Samba类unix和windows之间的共享,可实现linux+linux和linux和windows之间共享
安装配置yum源参考(https://blog.51cto.com/14015577/2414577)
[root@130 ~]# yum install samba -y
samba涉及的两个服务
smb tcp 139 445 现在的windows操作系统
nmb udp 137 138 兼容古老的操作系统,例如95、98 已淘汰
启动并设置开机自启
[root@130 ~]# systemctl start smb
[root@130 ~]# systemctl enable smb.
设置防火墙
[root@130 ~]# firewall-cmd --add-service=samba
success
重启之后生效
[root@130 ~]# firewall-cmd --add-service=samba --permanent
success
配置文件
[root@130 ~]# cd /etc/samba/
[root@130 samba]# ls
lmhosts smb.conf
配置文件结构
[root@130 samba]# egrep -v '(#|;|^$)' /etc/samba/smb.conf
workgroup = MYGROUP # 想让Windows和Linux共享必须组名相同
server string = Samba Server Version %v #Samba版本
log file = /var/log/samba/log.%m #日志文件
max log size = 50 #超过最大,日志会回滚
security = user #Samba的用户必须是系统中已经存在的用户,密码可以和系统用户不同
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
查看samba是否存在用户和密码
[root@130 ~]# pdbedit -L
[root@130 ~]#
创建samba用户
samba用户必须是系统中已经存在的用户,但密码可以和系统密码不一样
[root@130 ~]# useradd tom
[root@130 ~]# echo 123456 | passwd --stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
[root@130 ~]# id tom
uid=1000(tom) gid=1000(tom) groups=1000(tom)
[root@130 ~]# useradd jack
[root@130 ~]# echo 123456 | passwd --stdin jack
Changing password for user jack.
passwd: all authentication tokens updated successfully.
[root@130 ~]# id jack
uid=1001(jack) gid=1001(jack) groups=1001(jack)
给samba用户设置密码
查看需要的命令
[root@130 ~]# yum whatprovides */smbpasswd
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
myrepo/filelists_db | 3.0 MB 00:00
freeradius-3.0.1-6.el7.x86_64 : High-performance and highly
: configurable free RADIUS server
Repo : myrepo
Matched from:
Filename : /etc/raddb/mods-available/smbpasswd
samba-client-4.1.1-31.el7.x86_64 : Samba client programs
Repo : myrepo
Matched from:
Filename : /usr/bin/smbpasswd
[root@130 ~]# yum install samba-client -y
添加tom为samba用户
[root@130 ~]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
修改密码
[root@130 ~]# smbpasswd tom
New SMB password:
禁用用户
[root@130 ~]# smbpasswd -d tom
Disabled user tom.
启用用户
[root@130 ~]# smbpasswd -e tom
Enabled user tom.
删除用户
[root@130 ~]# smbpasswd -x tom
Deleted user tom.
[root@130 ~]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
[root@130 ~]# smbpasswd -a jack
New SMB password:
Retype new SMB password:
Added user jack.
查看smaba用户
[root@130 ~]# pdbedit -L
jack:1001:
tom:1000:
window端测试
![]
此时无法访问家目录
修改selinux的上下文
[root@130 ~]# setsebool -P samba_enable_home_dirs onlinux端测试
[root@132 ~]# yum install samba-client -y
[root@132 ~]# smbclient -L //192.168.85.130 -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@132 ~]# smbclient //192.168.85.130/jack -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Mon Mar 16 05:23:23 2020
.. D 0 Mon Mar 16 05:23:23 2020
.bash_logout H 18 Wed Jan 29 20:45:18 2014
.bash_profile H 193 Wed Jan 29 20:45:18 2014
.bashrc H 231 Wed Jan 29 20:45:18 2014
35836 blocks of size 524288. 34068 blocks available
smb: \> quit
自动共享家目录的原因是因为配置文件
[homes]
comment = Home Directories
browseable = no
writable = yes
如何共享一下目录/zz /test
[root@130 ~]# mkdir /test
[root@130 ~]# mkdir /zz
[root@130 ~]# vim /etc/samba/smb.conf
[test]
comment = test
path = /test
[zz-test]
comment = zz-test
path = /zz
[root@130 ~]# systemctl restart smb
出现zz-test文件,此时发现zz-test根本访问不了,修改上下文
[root@130 ~]# chcon -R -t samba_share_t /zz
此时zz-test可以访问
linux端测试
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> quitzz-test右击新建是写不进去的
[zz-test]
comment = zz-test
path = /zz
writable = yes
[root@130 ~]# systemctl restart smb
还是写不进去
如果以后我们配置了某个服务,然后从客户端上往这个服务里写东西
但是写不进去,我们应该从以下3个方面进行检查:
1、服务器的配置是否开启了写权限
2、文件系统是否具有写权限
3、selinux(上下文|布尔值)
查看文件系统权限
[root@130 ~]# groups tom
tom : tom
[root@130 ~]# ls -ld /zz
drwxr-xr-x. 2 root root 6 Mar 15 18:30 /zz
添加写权限
[root@localhost ~]# chmod o+w /zz
[root@130 ~]# chmod o+w /zz
[root@130 ~]# ls -ld /zz
drwxr-xrwx. 2 root root 6 Mar 15 18:30 /zz此时windows端可以正常写入
linux测试也可以
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir test11
smb: \> ls
. D 0 Mon Mar 16 06:30:03 2020
.. D 0 Mon Mar 16 06:34:34 2020
新建文件夹 D 0 Mon Mar 16 06:45:15 2020
test11 D 0 Mon Mar 16 06:46:42 2020
35836 blocks of size 524288. 33925 blocks available
是否可以实现部分用户可写?
1、writable = yes
文件系统都允许写,通过配置文件来限制
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
[root@130 ~]# systemctl restart smb
此时windows上用tom用户测试可以写linux端用jack用户测试是写不进去的,因为配置文件不允许jack写
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir t
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \t
运行多个用户用","隔开
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom,jack
[root@130 ~]# systemctl restart smb
此时jack用户可以写了
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir jacktest
# write list = @tom,@jack 允许tom组和jack组写
2、允许所有的客户端都是可写的,从文件系统更改
[zz-test]
comment = zz-test
path = /zz
writable = yes
write list = tom
[root@130 ~]# systemctl restart smb
[root@130 ~]# chmod o-w /zz
[root@130 ~]# systemctl restart smb
现在允许jack可写
[root@130 ~]# setfacl -m u:jack:rwx /zz
此时linux端jack用户可以写
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir jack1
此时windows端tom用户无权限还原
[root@130 ~]# setfacl -x u:jack /zz
[root@130 ~]# chmod o+w /zz/
凡是出现在hosts allow的都是允许的,没有出现在hosts allow的都是拒绝的
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
hosts allow = 192.168.85.132 只允许访问的地址
[root@130 ~]# systemctl restart smb
此时windows 访问不成功,linux可以访问[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
凡是出现在deny的都是拒绝的,没有出现在deny的都是允许的
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
hosts deny = 192.168.85.132
[root@130 ~]# systemctl restart smb
此时windows可以访问,linux被拒绝[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
隐藏共享browseable
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
browseable = no
[root@130 ~]# systemctl restart smb
重启后看不到隐藏文件[root@132 ~]# smbclient -L //192.168.85.130/ -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
test Disk test
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
想实现指定某用户看到隐藏文件,给特定的用户设置配置文件
config file =/etc/samba/smb.conf.%U
[root@130 ~]# cd /etc/samba/
[root@130 samba]# cp smb.conf smb.conf.tom
[root@130 samba]# vim smb.conf.tom
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
browseable = yes
[root@130 ~]# systemctl restart smb
此时使用tom用户可以看到隐藏文件,jack看不到隐藏文件[root@132 ~]# smbclient -L //192.168.85.130/ -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
test Disk test
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
samba+changepassword+crontab项目
查看系统版本
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.7.1908 (Core)
修改用户名
[root@localhost ~]# vim /etc/hostname
关闭防火墙
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
关闭selinux
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
init 6
安装samba
[root@zbj ~]# yum install samba -y
[root@zbj ~]# vim /etc/samba/smb.conf
#[homes]
# comment = Home Directories
# browseable = no
# writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
启动
[root@zbj ~]# systemctl start smb
[root@zbj ~]# systemctl enable smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
查看samba用户
[root@zbj ~]# pdbedit -L
新建用户
[root@zbj ~]# useradd -s /sbin/nologin beijing
[root@zbj ~]# useradd -s /sbin/nologin chengdu
[root@zbj ~]# useradd -s /sbin/nologin hefei
[root@zbj ~]# useradd -s /sbin/nologin jinan
[root@zbj ~]# useradd -s /sbin/nologin shijiazhuang
[root@zbj ~]# useradd -s /sbin/nologin xian
[root@zbj ~]# useradd -s /sbin/nologin zhengzhou
[root@zbj ~]# useradd -s /sbin/nologin nanjing
[root@zbj ~]# useradd -s /sbin/nologin zbj
设置密码
[root@zbj ~]# passwd beijing
[root@zbj ~]# passwd chengdu
[root@zbj ~]# passwd hefei
[root@zbj ~]# passwd jinan
[root@zbj ~]# passwd shijiazhuang
[root@zbj ~]# passwd xian
[root@zbj ~]# passwd zhengzhou
[root@zbj ~]# passwd nanjing
[root@zbj ~]# passwd zbj
添加samba用户
[root@zbj ~]# smbpasswd -a beijing
[root@zbj ~]# smbpasswd -a chengdu
[root@zbj ~]# smbpasswd -a hefei
[root@zbj ~]# smbpasswd -a jinan
[root@zbj ~]# smbpasswd -a shijiazhuang
[root@zbj ~]# smbpasswd -a xian
[root@zbj ~]# smbpasswd -a zhengzhou
[root@zbj ~]# smbpasswd -a nanjing
[root@zbj ~]# smbpasswd -a zbj
查看samba用户
[root@zbj ~]# pdbedit -L
beijing:1000:
hefei:1002:
shijiazhuang:1004:
chengdu:1001:
jinan:1003:
xian:1005:
zhengzhou:1006:
nanjing:1007:
zbj:1008:
新建共享文件夹
[root@zbj ~]# mkdir /合肥
[root@zbj ~]# mkdir /石家庄
[root@zbj ~]# mkdir /郑州
[root@zbj ~]# mkdir /南京
[root@zbj ~]# mkdir /北京
[root@zbj ~]# mkdir /西安
[root@zbj ~]# mkdir /济南
[root@zbj ~]# mkdir /成都
[root@zbj ~]# mkdir /公共资料
给文件夹权限
[root@zbj ~]# chmod o+w /北京
[root@zbj ~]# chmod o+w /成都
[root@zbj ~]# chmod o+w /公共资料
[root@zbj ~]# chmod o+w /合肥
[root@zbj ~]# chmod o+w /济南
[root@zbj ~]# chmod o+w /南京
[root@zbj ~]# chmod o+w /石家庄
[root@zbj ~]# chmod o+w /西安
[root@zbj ~]# chmod o+w /郑州
更改samba配置文件
[root@zbj ~]# vim /etc/samba/smb.conf
security = user
pam password change = no
passwd chat = **NEW*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *successfully*
passwd program = LANG=en_US /usr/bin/passwd %u
unix password sync = yes
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
[公共资料]
comment = 公共资料
path = /公共资料
writeable = no
write list = hefei,shijiazhuang,zhengzhou,nanjing,beijing,xian,jinan,chengdu,zbj
[合肥]
comment = 合肥
path = /合肥
writeable = no
write list = hefei,zbj
[石家庄]
comment = 石家庄
path = /石家庄
writeable = no
write list = shijiazhuang,zbj
[郑州]
comment = 郑州
path = /郑州
writeable = no
write list = zhengzhou,zbj
[南京]
comment = 南京
path = /南京
writeable = no
write list = nanjing,zbj
[北京]
comment = 北京
path = /北京
writeable = no
write list = beijing,zbj
[西安]
comment = 西安
path = /西安
writeable = no
write list = xian,zbj
[济南]
comment = 济南
path = /济南
writeable = no
write list = jinan,zbj
[成都]
comment = 成都
path = /成都
writeable = no
write list = chengdu,zbj
安装httpd
[root@zbj ~]# yum install httpd -y
[root@zbj ~]# systemctl start httpd
[root@zbj ~]# systemctl enabld httpd
设置apache支持cgi模块
[root@zbj ~]# vim /etc/httpd/conf/httpd.conf
去掉注释
AddHandler cgi-script .cgi
AddDefaultCharset UTF-8 改成 AddDefaultCharset GB2312
[root@zbj ~]# systemctl restart httpd
安装配置changepassword
[root@zbj ~]# wget http://prdownloads.sourceforge.net/changepassword/changepassword-0.9.tar.gz
[root@zbj ~]# yum install tar -y
[root@zbj ~]# tar -zxvf changepassword-0.9.tar.gz
[root@zbj ~]# vim changepassword-0.9/conf.h
char TMPFILE[]="/changepw/changepassword-shadow-XXXXXX";
char TMPSMBFILE[]="/changepw/changepassword-smb-XXXXXX";
char TMPSQUIDFILE[]="/changepw/changepassword-squid-XXXXXX";
[root@zbj ~]# mkdir /changepw
[root@zbj ~]# cd changepassword-0.9
[root@zbj changepassword-0.9]# cd smbencrypt/
[root@zbj smbencrypt]# tar -xzvf libdes-4.04b.tar.gz
[root@zbj smbencrypt]# cd des/
[root@zbj des]# yum install gcc -y
[root@zbj des]# make
[root@zbj des]# cp libdes.a ../
cp: overwrite ‘../libdes.a’? y
[root@zbj des]# cd ../..
[root@zbj changepassword-0.9]#
编译安装
[root@zbj changepassword-0.9]# ./configure -enable-cgidir=/var/www/cgi-bin -enable-language=Chinese -enable-smbpasswd=/etc/samba/smbpasswd -disable-squidpasswd
[root@zbj changepassword-0.9]# make && make install
更改密码
http://172.16.133.16/cgi-bin/changepassword.cgi/
windows下清空samba的记录需要在dos(win+r cmd)下运行
net use * /del 运行成功后重启电脑即可。
mac登录 command+k
MAC系统下,在实用程序里面有个钥匙串访问程序 打开后,选择你忘记的那项密码 然后勾选显示密码 填写主密码后就可以显示你设置的密码内容。
定时备份
[root@zbj ~]# cat /home/backup.sh
#!/bin/bash
mkdir /home/backup
cp -r /北京/ /home/backup
cp -r /南京/ /home/backup
cp -r /合肥/ /home/backup
cp -r /成都/ /home/backup
cp -r /济南/ /home/backup
cp -r /石家庄/ /home/backup
cp -r /西安/ /home/backup
cp -r /郑州/ /home/backup
zip -r /home/backup$(date +%Y%m%d).tar.gz /home/backup
rm -rf /home/backup/
[root@zbj ~]# crontab -l
0 2 * * * /usr/bin/bash /home/backup.sh