原文:https://blog.csdn.net/jiangzhangha/article/details/85529578
查看当前系统是否已经安装samba
rpm -qa | grep 'samba'
安装samba服务,需要的相关软件包
samba-3.6.9-151.el6.x86_64
//服务器端软件,主要提供samba服务器的守护程序,共享文档,日志的轮替
samba-common-3.6.9-151.el6.x86_64
//主要提供samba服务器的设置文件与设置文件语法检验程序testparm
samba-client-3.6.9-151.el6.x86_64
//客户端软件,主要提供linux主机作为客户端时,所需要的工具指令集
使用yum进行安装
yum -y install samba samba-common samba-client
查看是否安装成功
[jamza@Jamza ~]$ rpm -qa | grep 'samba'
samba-common-tools-4.8.3-4.el7.x86_64
samba-common-4.8.3-4.el7.noarch
samba-client-libs-4.8.3-4.el7.x86_64
samba-libs-4.8.3-4.el7.x86_64
samba-4.8.3-4.el7.x86_64
samba-common-libs-4.8.3-4.el7.x86_64
samba-client-4.8.3-4.el7.x86_64
安装完成后,会生成/etc/samba/smb.conf文件,这是samba服务的主配置文件。
修改samba服务配置文件
打开samba服务配置文件 /etc/samba/smb.conf,内容如下:
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
增加模式为:
[shared_name]
path = /path/to/share_directory //共享文件的目录路径
comment = aaa //注释信息
guest ok = {yes|no} //是否允许来宾账号访问
public = {yes|no} //是否公开
writable = {yes|no} //共享权限是否可写
read only = {yes|no} //是否只读,read only = no 相当于writable= yes
browseable = {yes|no} //是否支持浏览
write list = +GROUP_name //组内的人是否可写入,没有+则是用户,
范例:
[share]
path = /home/jamza/share
comment = jamza_share
public = yes
writable = yes
browseable = yes
guest ok = yes
valid users = jamza,root
available = yes
添加共享用户
mbpasswd -a jamza //为jamza用户增加共享用户,并设定samba密码
windows端映射网络驱动器
在window端,映射网络驱动器,输入\192.168.0.130\share,然后输入账号janza与密码,即可访问。
注意share为 /etc/samba/smb.conf中的[share]。
若window端无法连接,则需关闭linux端的防火墙
对于centos 7.0,默认使用的是firewall作为防火墙。关闭firewall:
systemctl stop firewalld.service
#停止firewall
systemctl disable firewalld.service
#禁止firewall开机启动
firewall-cmd --state
#查看默认防火墙状态(关闭后显示notrunning,开启后显示running)
若在window端,出现samba文件夹拒绝访问,关闭SELinux
CentOS中的SELinux是一个很强大的强制访问控制系统,它的全称是Security Enhanced Linux,是强制访问控制系统的一个实现,其目的在于明确的指出某个进程可以访问哪些资源,这些资源包括但不限于文件或网络端口等。
所以,之前在Samba中,共享的文件已经列出,所有者无争议,且权限设置无误的情况下,却依然被拒绝访问,是由于它导致的。在服务器上,这样的安全机制是很有必要的,但是作为开发机,则有些无谓了。既然这样,我们可以通过自己的设置,来配置SELinux。
获取当前SELinux的运行状态:getenforce
返回的结果分为三种:Enforcing,Permissive和Disabled。其中,Enforcing-代表记录警告且阻止可疑行为;Permissive-代表仅记录安全警告但不阻止可疑行为;Disabled表示被禁用。
设置SELinux的运行状态:setenforce [Enforcing | Permissive | 1 | 0]
永久改变的话,就需要配置它的配置文件:vi /etc/sysconfig/selinux
设置SELINUX=xxx(xxx表示你想要的状态,enforcing,permissive或disabled)即可
2 # This file controls the state of SELinux on the system.
3 # SELINUX= can take one of these three values:
4 # enforcing - SELinux security policy is enforced.
5 # permissive - SELinux prints warnings instead of enforcing.
6 # disabled - No SELinux policy is loaded.
7 SELINUX=disabled
8 # SELINUXTYPE= can take one of three values:
9 # targeted - Targeted processes are protected,
10 # minimum - Modification of targeted policy. Only selected processes are protected.
11 # mls - Multi Level Security protection.
12 SELINUXTYPE=targeted