SMB文件共享及应用

Samba是Linux和UNIX系统上实现SMB协议的一个免费软件，由服务器及客户端程序构成。SMB（Server Messages Block,信息服务块）是一种在局域网上共享文件和打印机的一种通信协议，它为局域网的不同计算机之间提供文件及打印机等资源的共享服务。

实验环境：
服务端（desktop）:172.25.254.168 配置好yum元，改变名称为shareserver.westos.com

[root@station ~]# hostnamectl set-hostname shareserver.westos.com

客户端（server）：172.25.254.88 配置好yum元，改变名称为client.westos.com

一、共享家目录
（1）服务端设置
1》服务端下载SMB服务

注意下载完后一定要开启SMB服务

[root@shareserver ~]# systemctl start smb #开启SMB服务 注意
[root@shareserver ~]#

2》防火墙设置

3>设置senlinux

[root@share-server ~]# getenforce
Enforcing
[root@share-server ~]# setenforce 0
[root@share-server ~]# getenforce
Permissive
[root@share-server ~]#

4》建立本地用户并允许用户访问SMB服务

(2)客户端设置
1》下载SMB

2》上传文件
查看共享

[root@client ~]# touch file{1…5}

3》挂载方式上传文件

进入挂载目录建立文件

smb登陆查看建立文件

（3）修改sub访问域名
查看共享信息(smb访问域名为MYGROUP）

现在将访问域名改为student(服务端)
Samba的主配置文件叫smb.cnf,默认在/etc/samba/下

[root@shareserver ~]# vim /etc/samba/smb.conf

在客户端查看

（4）解决当selinux为Enforcing无法登陆问题

[root@shareserver ~]# setenforce 1
[root@shareserver ~]# getenforce
Enforcing
[root@shareserver ~]#

1》客户端登陆登陆失败

2》服务段登陆失败

3》允许登陆配置

[root@shareserver ~]# setsebool samba_enable_home_dirs on ##允许登陆
[root@shareserver ~]#

[root@shareserver ~]# smbclient //172.25.254.168/student -U student ##服务端测试
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Sat Nov 24 23:20:10 2018
… D 0 Sat Nov 24 22:53:50 2018
.mozilla DH 0 Sun Nov 18 20:56:15 2018
.bash_logout H 18 Wed Jul 8 19:11:02 2015
.bash_profile H 193 Wed Jul 8 19:11:02 2015
.bashrc H 231 Wed Jul 8 19:11:02 2015
.cache DH 0 Sun Nov 18 23:40:36 2018
.config DH 0 Sun Nov 18 23:38:46 2018
Desktop D 0 Sun Nov 18 23:37:44 2018
Downloads D 0 Sun Nov 18 23:37:44 2018
Templates D 0 Sun Nov 18 23:37:44 2018
Public D 0 Sun Nov 18 23:37:44 2018
Documents D 0 Sun Nov 18 23:37:44 2018
Music D 0 Sun Nov 18 23:37:44 2018
Pictures D 0 Sun Nov 18 23:37:44 2018
Videos D 0 Sun Nov 18 23:37:44 2018
.ICEauthority H 310 Sun Nov 18 23:37:45 2018
.local DH 0 Sun Nov 18 23:37:45 2018
.esd_auth H 16 Sun Nov 18 23:37:48 2018
8706048 blocks of size 1024. 5664260 blocks available
smb: > exit
[root@shareserver ~]#

[root@client ~]# smbclient //172.25.254.168/student -U student ##客户端测试
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Sat Nov 24 23:20:10 2018
… D 0 Sat Nov 24 22:53:50 2018
.mozilla DH 0 Sun Nov 18 20:56:15 2018
.bash_logout H 18 Wed Jul 8 19:11:02 2015
.bash_profile H 193 Wed Jul 8 19:11:02 2015
.bashrc H 231 Wed Jul 8 19:11:02 2015
.cache DH 0 Sun Nov 18 23:40:36 2018
.config DH 0 Sun Nov 18 23:38:46 2018
Desktop D 0 Sun Nov 18 23:37:44 2018
Downloads D 0 Sun Nov 18 23:37:44 2018
Templates D 0 Sun Nov 18 23:37:44 2018
Public D 0 Sun Nov 18 23:37:44 2018
Documents D 0 Sun Nov 18 23:37:44 2018
Music D 0 Sun Nov 18 23:37:44 2018
Pictures D 0 Sun Nov 18 23:37:44 2018
Videos D 0 Sun Nov 18 23:37:44 2018
.ICEauthority H 310 Sun Nov 18 23:37:45 2018
.local DH 0 Sun Nov 18 23:37:45 2018
.esd_auth H 16 Sun Nov 18 23:37:48 2018
8706048 blocks of size 1024. 5664172 blocks available
smb: > exit
[root@client ~]#

（5）SMB黑白名单设置

白名单

[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

1》168测试

2》88测试失败

3》将133 233都设置成白名单

[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

测试：

黑名单

[root@shareserver ~]# vim /etc/samba/smb.conf

测试

---

二、共享其他目录（系统目录，自己建立的目录）
1、共享自己新建的目录
(1)自己新建目录

[root@shareserver ~]# mkdir /student
[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

[student]
comment = student dir share
path=/student

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]#

(2)修改安全上下文

(3)实验测试
查看共享目录

在服务端给共享目录下添加文件以共实验

[root@shareserver ~]# touch /student/file{1…5}
[root@shareserver ~]# smbclient //172.25.254.168/student -U student
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:11:33 2018
… DR 0 Mon Nov 26 21:03:02 2018
file1 N 0 Mon Nov 26 21:11:33 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662868 blocks available
smb: >

2、共享系统原有目录
将系统目录写入配置文件

[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

[root@shareserver ~]# systemctl restart smb.service ##开启服务
[root@shareserver ~]# ls -Zd /mnt/
drwxr-xr-x. root root system_u:object_r:mnt_t:s0 /mnt/
[root@shareserver ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off

[root@shareserver ~]# setsebool -P samba_export_all_ro on ##打开只读共享
[root@shareserver ~]# touch /mnt/file{1…5}
[root@shareserver ~]# smbclient -L //172.25.254.168 -U student ##查看共享
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
student Disk student dir shar
mnt Disk mnt dir share ##共享系统目录
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@shareserver ~]# smbclient //172.25.254.168/mnt -U student ##登陆
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:16:45 2018
… DR 0 Mon Nov 26 21:03:02 2018
Kwestos.key.+157+53347.key N 54 Wed Nov 21 20:00:45 2018
Kwestos.key.+157+53347.private N 165 Wed Nov 21 20:00:45 2018
westos.com.zone N 384 Wed Nov 21 19:37:50 2018
database D 0 Fri Nov 23 19:04:08 2018
file1 N 0 Mon Nov 26 21:16:45 2018
file2 N 0 Mon Nov 26 21:16:45 2018
file3 N 0 Mon Nov 26 21:16:45 2018
file4 N 0 Mon Nov 26 21:16:45 2018
file5 N 0 Mon Nov 26 21:16:45 2018
8706048 blocks of size 1024. 5662312 blocks available
smb: > exit
[root@shareserver ~]#

---

设置SMB用户权限
（1）所有用户对共享目录可写
1》所有用户对目录可写

[root@shareserver ~]# chmod 777 /student/
[root@shareserver ~]# vim /etc/samba/smb.conf 

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]#

2》测试，student用户可上传可删除

[root@shareserver ~]# smbclient //172.25.254.168/student -U student ##student登陆
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:11:33 2018
… DR 0 Mon Nov 26 21:03:02 2018
file1 N 0 Mon Nov 26 21:11:33 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662340 blocks available
smb: > rm file1 ##删除
smb: > ls
. D 0 Mon Nov 26 21:21:39 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662808 blocks available
smb: > !ls
anaconda-ks.cfg Documents findresults lines Pictures Templates yum.repo
Desktop Downloads initial-setup-ks.cfg Music Public Videos
smb: > put anaconda-ks.cfg ##上传成功
putting file anaconda-ks.cfg as \anaconda-ks.cfg (12.6 kb/s) (average 12.6 kb/s)
smb: > ls
. D 0 Mon Nov 26 21:22:16 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
anaconda-ks.cfg A 1748 Mon Nov 26 21:22:16 2018
8706048 blocks of size 1024. 5662824 blocks available
smb: >

3》测试westos用户

[root@shareserver ~]# smbclient //172.25.254.168/student -U westos ##westos登陆
Enter westos’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:23:40 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
anaconda-ks.cfg A 1748 Mon Nov 26 21:23:40 2018
8706048 blocks of size 1024. 5662804 blocks available
smb: > rm anaconda-ks.cfg ##删除成功
smb: > ls
. D 0 Mon Nov 26 21:24:18 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662808 blocks available
smb: > !ls
anaconda-ks.cfg Documents findresults lines Pictures Templates yum.repo
Desktop Downloads initial-setup-ks.cfg Music Public Videos
smb: > put anaconda-ks.cfg ##上传成功
putting file anaconda-ks.cfg as \anaconda-ks.cfg (569.0 kb/s) (average 569.0 kb/s)
smb: > ls
. D 0 Mon Nov 26 21:24:27 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
anaconda-ks.cfg A 1748 Mon Nov 26 21:24:27 2018
8706048 blocks of size 1024. 5662784 blocks available
smb: > exit
[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

（2）设置只有student 用户可写

[root@shareserver ~]# vim /etc/samba/smb.conf
[root@shareserver ~]#

[root@shareserver ~]# smbclient //172.25.254.168/student -U student
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:24:27 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
anaconda-ks.cfg A 1748 Mon Nov 26 21:24:27 2018
8706048 blocks of size 1024. 5662404 blocks available
smb: > rm anaconda-ks.cfg
smb: > exit
[root@shareserver ~]# smbclient //172.25.254.168/student -U westos
Enter westos’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:33:23 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662340 blocks available
smb: > rm file2
NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file \file2
NT_STATUS_MEDIA_WRITE_PROTECTED listing \file2
smb: > exit
[root@shareserver ~]#

（3）设置只有student用户组的用户可以写

[root@shareserver ~]# vim /etc/samba/smb.conf

[root@shareserver ~]# systemctl restart smb.service

[root@shareserver ~]# smbclient //172.25.254.168/student -U student ##student用户登陆可以删除
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:33:23 2018
… DR 0 Mon Nov 26 21:03:02 2018
file2 N 0 Mon Nov 26 21:11:33 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662464 blocks available
smb: > rm file2
smb: > exit
[root@shareserver ~]# id westos ##查看westos用户信息
uid=2017(westos) gid=2017(westos) groups=2017(westos)
[root@shareserver ~]# smbclient //172.25.254.168/student -U westos ##westos登陆不可删除
Enter westos’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:35:53 2018
… DR 0 Mon Nov 26 21:03:02 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662720 blocks available
smb: > rm file3
NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file \file3
NT_STATUS_MEDIA_WRITE_PROTECTED listing \file3
smb: > exit
[root@shareserver ~]# usermod -G student westos ##改变westos用户组为student
[root@shareserver ~]# id westos
uid=2017(westos) gid=2017(westos) groups=2017(westos),1000(student)
[root@shareserver ~]# smbclient //172.25.254.168/student -U westos ##westos登陆可删除
Enter westos’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:35:53 2018
… DR 0 Mon Nov 26 21:03:02 2018
file3 N 0 Mon Nov 26 21:11:33 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
8706048 blocks of size 1024. 5662756 blocks available
smb: > rm file3
smb: > exit
[root@shareserver ~]#

(4)设置只有student可以登陆

[root@shareserver ~]# vim /etc/samba/smb.conf

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]#

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]# smbclient //172.25.254.168/student -U student
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > exit
[root@shareserver ~]# smbclient //172.25.254.168/student -U westos
Enter westos’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@shareserver ~]#

(5)设置用户不可以查看共享的文件

[root@share-server ~]# vim /etc/samba/smb.conf
[root@share-server ~]#

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]# smbclient -L //172.25.254.168 -U student ##查看不到自己共享的文件
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
mnt Disk mnt dir share
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@shareserver ~]#

（6）设置上传文件所属用户（student上传的文件用户都变成root）
未设置前查看

上传文件

[root@client ~]# smbclient //172.25.254.168/student -U student
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > !ls
anaconda-ks.cfg Downloads file3 initial-setup-ks.cfg Public
Desktop file1 file4 Music Templates
Documents file2 file5 Pictures Videos
smb: > put file1
putting file file1 as \file1 (0.0 kb/s) (average 0.0 kb/s)
smb: > exit

查看文件

[root@shareserver ~]# cd /student/
[root@shareserver student]# ls
file1 file4 file5
[root@shareserver student]# ls -l file1
-rwxr–r--. 1 student student 0 Nov 26 21:52 file1 ##文件所属用户为student
[root@shareserver student]#

设置上传文件所属用户（student上传的文件用户都变成root）为超级用户

[root@shareserver student]# vim /etc/samba/smb.conf

[root@shareserver student]# systemctl restart smb.service
[root@shareserver student]#

[root@client ~]# smbclient //172.25.254.168/student -U student
Enter student’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > !ls
anaconda-ks.cfg Downloads file3 initial-setup-ks.cfg Public
Desktop file1 file4 Music Templates
Documents file2 file5 Pictures Videos
smb: > put file2
putting file file2 as \file2 (0.0 kb/s) (average 0.0 kb/s)
smb: > exit
[root@client ~]#

[root@shareserver student]# ls
file1 file2 file4 file5
[root@shareserver student]# ls -l file2
-rwxr–r--. 1 root student 0 Nov 26 21:57 file2
[root@shareserver student]#

若去掉用户名改变上传文件查看上传文件用户人

（8）设置匿名用户可以登陆

[root@shareserver ~]# vim /etc/samba/smb.conf

[root@shareserver ~]# systemctl restart smb.service
[root@shareserver ~]# smbclient //172.25.254.168/student
Enter root’s password:
Domain=[STUDENT] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: > ls
. D 0 Mon Nov 26 21:57:14 2018
… DR 0 Mon Nov 26 21:03:02 2018
file4 N 0 Mon Nov 26 21:11:33 2018
file5 N 0 Mon Nov 26 21:11:33 2018
file1 A 0 Mon Nov 26 21:52:11 2018
file2 A 0 Mon Nov 26 21:57:14 2018
8706048 blocks of size 1024. 5662624 blocks available
smb: >