samba
1samba作用
提供cifs协议实现共享文件
2安装
yum install samba samba-common samba-client -y
systemctl start smb nmb
systemctl enable smb nmb
3添加smb用户
首先系统中要有用户
[root@westos ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@westos ~]# smbpasswd -a student 创建smb用户
New SMB password:
Retype new SMB password:
Added user student.
[root@westos ~]# pdbedit -L 查看smb用户信息
student:1000:Student User
[root@westos ~]# pdbedit -x student 删除smb用户
[root@westos ~]# pdbedit -L
[root@westos ~]# setsebool -P samba_enable_home_dirs on 在selinux中可以访问自己的家目录
测试
[root@westos ~]# smbclient //172.25.254.114/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28544 blocks available
4共享目录
[root@westos ~]# vim /etc/samba/smb.conf
[jj] 共享名称
comment = local.public 对共享目录的描述
path = /mnt 共享目录的绝对路径
workgroup = WESTOS 共享目录的组
当共享目录为用户自建目录时
[root@westos mnt]# mkdir /smbshare
[root@westos mnt]# touch /smbshare/westosxxx
[root@westos mnt]# vim /etc/samba/smb.conf
[jj]
comment = local.public
path = /smbshare
[root@westos mnt]# setsebool -P samba_enable_home_dirs 0
[root@westos mnt]# semanage fcontext -a -t samba_share_t '/smbshare(/.*)?'
/etc/selinux/targeted/contexts/files/file_contexts.local: line 4 has invalid regex /smbshare(/.*)?: missing )
PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local
/etc/selinux/targeted/contexts/files/file_contexts.local: line 4 has invalid regex /smbshare(/.*)?: missing )
PCRE compilation failed for ^/smbshare(/.*)?$ at offset 21: missing )
libsemanage.sefcontext_compile: sefcontext_compile returned error code 255. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local
ValueError: Could not commit semanage transaction
[root@westos mnt]# restorecon -RvvF /smbshare
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:36:48 2017
.. D 0 Sat Jun 3 02:36:38 2017
westosxxx N 0 Sat Jun 3 02:36:48 2017
40913 blocks of size 262144. 28544 blocks available
smb: \>
semanage fcontext -a -t samba_share_t '目录名称(/.*)?‘ 配置安全上下文
restorecon -RvvF 目录名称
当共享目录为系统目录时
[root@westos ~]# touch /mnt/file{1..10}
[root@westos ~]# cd /mnt
[root@westos mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28545 blocks available
smb: \>
[root@westos mnt]# setsebool -P samba_export_all_ro on 只读共享
[root@westos mnt]# setsebool -P samba_export_all_rw on 读写共享
[root@westos ~]# setsebool -P samba_enable_home_dirs on
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:28:28 2017
.. D 0 Sat Jun 3 01:30:28 2017
file1 N 0 Sat Jun 3 02:28:28 2017
file2 N 0 Sat Jun 3 02:28:28 2017
file3 N 0 Sat Jun 3 02:28:28 2017
file4 N 0 Sat Jun 3 02:28:28 2017
file5 N 0 Sat Jun 3 02:28:28 2017
file6 N 0 Sat Jun 3 02:28:28 2017
file7 N 0 Sat Jun 3 02:28:28 2017
file8 N 0 Sat Jun 3 02:28:28 2017
file9 N 0 Sat Jun 3 02:28:28 2017
file10 N 0 Sat Jun 3 02:28:28 2017
40913 blocks of size 262144. 28545 blocks available
smb: \>
匿名用户登陆
[root@westos mnt]# smbclient //172.25.254.114/jj
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@westos mnt]# vim /etc/samba/smb.conf
123 security = user
124 passdb backend = tdbsam
125 map to guest = bad user
321 [jj]
322 comment = local.public
323 path = /smbshare
324 guest ok = yes
[root@westos mnt]# systemctl restart smb.service
[root@westos mnt]# smbclient //172.25.254.114/jj
Enter root's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 02:36:48 2017
.. D 0 Sat Jun 3 02:36:38 2017
westosxxx N 0 Sat Jun 3 02:36:48 2017
40913 blocks of size 262144. 28545 blocks available
smb: \>
访问控制
hosts allow = 域名 仅允许
host deny = 域名 仅拒绝
[jj]
comment = local.public
path = /smbshare
valid users = westos 当前共享有效用户
valid users = +westos 当前共享有效用户组
valid users = @westos 当前共享有效用户组
[root@westos mnt]# smbclient //172.25.254.114/jj -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
所有用户均可写
服务器
[root@westos mnt]# vim /etc/samba/smb.conf
[jj]
comment = local.public
path = /mnt
writable = yes 是否可写
[root@westos mnt]# setsebool -P samba_export_all_rw on
[root@westos mnt]# chmod o+w /mnt
客机
[root@foundation14 ~]# mount -o username=student,password=westos //172.25.254.114/jj /mnt/ 【smb共享目录】 【smb用户名以及密码】
[root@foundation14 ~]# cd /mnt
[root@foundation14 mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj
[root@foundation14 mnt]# touch kill
[root@foundation14 mnt]# ls
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj kill
[root@foundation14 mnt]#
指定用户可写
write list = student 可写用户
write list = +student 可写用户组
write list = @student
admin users = westos 共享超级用户指定
smb多用户挂载
在客机上【不在服务器】
[root@foundation14 ~]# vim /root/westos
username=student
password=westos
[root@foundation14 ~]# chmod 600 /root/westos
[root@foundation14 ~]# yum install cifs-utils -y
[root@foundation14 ~]# mount -o credentials=/root/westos,multiuser,sec=ntlmssp //172.25.254.114/jj /mnt/
credentials=/root/westos 指定挂载时的认证文件
sec=ntlmssp smb认证方式
multiuser 支持多用户认证
测试
su - kiosk
ls /mnt
[kiosk@foundation14 ~]$ ls /mnt
ls: cannot access /mnt: Permission denied 没有认证无法访问
[kiosk@foundation14 ~]$ cifscreds add -u student 172.25.254.114 认证
Password:
[kiosk@foundation14 ~]$ ls /mnt
file1 file10 file2 file3 file4 file5 file6 file7 file8 file9 jj kill