概述
SMB 文件共享
用 Internet 文件系统 (CIFS) 是适用于MicrosoftWindows 服务器和客户端的标准文件和打印机共享系统息块(SMB)
Samba 服务可用于将 Linux 文件系统作为 CIFS/SMB 网络文件共享进行共享 , 并将 Linux 打印机作为 CIFS/SMB 打印机进行共享
Samba 服务的组成部分
软件包 :
Samba-common – Samba 的支持文件
Samba-client – 客户端应用程序
Samba – 服务器应用程序
服务名称 :smb nmb
服务端口 : 通常使用 TCP/445 进行所有连接。还使用UDP137 、 UDP138 和 TCP/139 进行向后兼容
主配置文件 :/etc/samba/smb.conf
一,配置Samba
服务端
[root@server ~]# yum install samba samba-client samba-common -y >>>>安装Samba的支持文件,服务端应用程序,客户端应用程序 [root@server ~]# systemctl start smb [root@server ~]# systemctl enable smb.service >>>>开启服务 ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service' [root@server ~]# systemctl stop firewalld.service [root@server ~]# systemctl disable firewalld.service >>>>关闭防火墙 rm '/etc/systemd/system/basic.target.wants/firewalld.service' rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service' [root@server ~]# netstat -antlupe | grep smb >>>>查看smb的端口 tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 55428 3220/smbd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 55429 3220/smbd tcp6 0 0 :::445 :::* LISTEN 0 55426 3220/smbd tcp6 0 0 :::139 :::* LISTEN 0 55427 3220/smbd
客户端
[root@client ~]# yum install samba-client.x86_64 -y >>>>安装客户端软件
二,samba基础操作
1,查看共享文件 -L, --list=HOST Get a list of shares available on a host
[root@client ~]# smbclient -L //172.25.254.200 Enter root's password: >>>>>>这个密码不是root的登陆密码,初始没有,直接enter Anonymous login successful Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) Anonymous login successful Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- -------
2,建立samba用户
服务端
[root@server ~]# id student uid=1000(student) gid=1000(student) groups=1000(student),10(wheel) [root@server ~]# id westos id: westos: no such user [root@server ~]# useradd westos [root@server ~]# passwd westos <<<<<如果用户不存在,就添加不了samba用户 Changing password for user westos. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@server ~]# smbpasswd -a student <<<<添加 New SMB password: Retype new SMB password: Added user student. [root@server ~]# smbpasswd -a westos New SMB password: Retype new SMB password: Added user westos. [root@server ~]# pdbedit -L <<<<列出smaba用户 student:1000:Student User westos:1001: [root@server ~]# pdbedit -x student <<<<删除smaba用户 [root@server ~]# pdbedit -L westos:1001: [root@server ~]# smbpasswd -a student New SMB password: Retype new SMB password: Added user student.
3,查看文件
客户端
student用户查看共享文件
[root@client ~]# smbclient -L //172.25.254.200/ -U student <<<<<-L是列出共享文件 Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) student Disk Home Directories Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- -------
student用户尝试登陆(这个用户是服务端的,客户端有没有没有关系)
[root@client ~]# smbclient //172.25.254.200/student -U student <<<<student用户登陆进入家目录 Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] smb: \> ls NT_STATUS_ACCESS_DENIED listing \* <<<<虽然登陆成功,但是查看不到 smb: \> quit
服务端
[root@server ~]# getenforce <<<<SELINUX开启!!! Enforcing [root@server ~]# getsebool -a | grep samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_sandbox_use_samba --> off virt_use_samba --> off [root@server ~]# setsebool -P samba_enable_home_dirs on <<<<<<设置bool
客户端可以查看
[root@client ~]# smbclient //172.25.254.200/student -U student Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] smb: \> ls <<<<<<ls是查看student用户在服务端家目录的内容 . D 0 Thu Jul 10 19:06:52 2014 .. D 0 Sat Jun 2 10:03:16 2018 .bash_logout H 18 Wed Jan 29 07:45:18 2014 .bash_profile H 193 Wed Jan 29 07:45:18 2014 .bashrc H 231 Wed Jan 29 07:45:18 2014 .ssh DH 0 Thu Jul 10 18:19:10 2014 .config DH 0 Thu Jul 10 19:06:53 2014 40913 blocks of size 262144. 28582 blocks available smb: \> quit
4,上传文件
[root@client ~]# cd /etc/ [root@client etc]# smbclient //172.25.254.200/student -U student Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] <<<<!ls是查看student用户登陆之前所在目录下的内容 smb: \> !ls ghostscript pam.d UPower gnome-settings-daemon passwd usb_modeswitch.conf host.conf profile.d smb: \> put passwd <<<<只能上传!ls内看到的文件 putting file passwd as \passwd (1957.8 kb/s) (average 1958.0 kb/s) smb: \> put /bin/ls NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/bin/ls smb: \> quit [root@client etc]# cd /bin/ [root@client bin]# smbclient //172.25.254.200/student -U student Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] smb: \> put ls <<<<<这些上传的文件可以在服务端student用户家目录查看到 putting file ls as \ls (114848.2 kb/s) (average 114859.4 kb/s) smb: \> touch file <<<<<但是无法创建文件 touch: command not found smb: \> quit
5,创建文件
[root@client ~]# smbclient -L //172.25.254.200/ -U student Enter student's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) student Disk Home Directories <<<<<samba是一个disk类型,可以挂载 Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- -------
服务端直接挂载
[root@client ~]# mount //172.25.254.200/student /mnt/ -o username=student,password=redhat <<<<< 把服务端student用户家目录挂载在客户端/mnt下面 [root@client ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3151184 7322716 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 140 942520 1% /dev/shm tmpfs 942660 17060 925600 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup /dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64 //172.25.254.200/student 10473900 3157216 7316684 31% /mnt [root@client ~]# cd /mnt/ <<<<<此时进入/mnt就相当于进入了服务端的student用户的家目录 [root@client mnt]# ls ls passwd [root@client mnt]# touch file{1..5} <<<<创建,删除文件在服务端都有效果 [root@client mnt]# ls file1 file2 file3 file4 file5 ls passwd [root@client mnt]# rm -rf * <<<< [root@client mnt]# ls [root@client mnt]#
三,开机自动挂载
客户端
[root@client mnt]# vim /etc/fstab <<<<<<开机自动挂载文件,不建议写在这里面,如果写坏了,系统可能无法启动 //172.25.254.200/student /mnt cifs defaults,username=student,password=redhat 0 0 [root@client mnt]# cd [root@client ~]# umount /mnt/ [root@client ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3151468 7322432 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 140 942520 1% /dev/shm tmpfs 942660 17032 925628 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup /dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64 [root@client ~]# mount -a <<<<<<重新读取自动挂载文件 [root@client ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3151468 7322432 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 140 942520 1% /dev/shm tmpfs 942660 17032 925628 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup /dev/sr0 3654720 3654720 0 100% /run/media/root/RHEL-7.0 Server.x86_64 //172.25.254.200/student 10473900 3157376 7316524 31% /mnt
[root@client ~]# vim /etc/rc.d/rc.local <<<<<<这个文件是开机之后才读取的,不影响系统的启动,类似脚本的写法 mount -o username=student,password=redhat //172.25.254.200/student /mnt <<<<<<#!/bin/bash这个不能少 [root@client ~]# chmod +x /etc/rc.d/rc.local <<<<<<脚本要加上可执行权限 然后reboot
也可以
[root@client ~]# vim /bin/mount_smb <<<<<<写一个脚本 [root@client ~]# cat /bin/mount_smb #!/bin/bash mount //172.25.254.200/student /mnt -o username=student,password=redhat [root@client ~]# chmod + /bin/mount_smb <<<<<<可执行权限 [root@client ~]# vim /etc/rc.d/rc.local /bin/bash /bin/mount_smb 然后reboot
四,修改配置文件
[root@server student]# rpm -qc samba-common /etc/logrotate.d/samba /etc/samba/lmhosts /etc/samba/smb.conf <<<<<主配置文件 /etc/sysconfig/samba
1,修改workgroup
服务端
[root@server student]# vim /etc/samba/smb.conf workgroup = WESTOS <<<<<<这个是在[global]全局里面修改 [root@server student]# systemctl restart smb.service
客户端
[root@client ~]# smbclient -L //172.25.254.200 Enter root's password: Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] <<<<<<<Domain已经改变 Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- -------
2,黑白名单
[root@server student]# vim /etc/samba/smb.conf ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 ; hosts allow = 127. 192.168.12. 192.168.13. ; max protocol = SMB2 hosts allow = 172.25.254.100 <<<<<只允许100登陆 [root@server student]# systemctl restart smb.service <<<<< [root@server student]# cd [root@server ~]# smbclient -L //172.25.254.200 Enter root's password: protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE <<<<<200登陆失败 [root@client ~]# smbclient -L //172.25.254.200 Enter root's password: Anonymous login successful <<<<100登陆成功 Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- ------
如果 hosts deny = 172.25.254.100 那么就是只禁止100的登陆,其他的都可以登陆,做完实验注释掉
3,添加分享目录
服务端
[root@server ~]# mkdir /westos >>>>创建目录 [root@server ~]# vim /etc/samba/smb.conf [root@server ~]# getenforce Enforcing [root@server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?' >>>>>对共享目录及其下所有添加安全上下文,在smb.conf查看 [root@server ~]# semanage fcontext -l | grep /westos >>>>>查看 /westos(/.*)? all files system_u:object_r:samba_share_t:s0 [root@server ~]# restorecon -FvvR /westos/ >>>>>>刷新 restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0 [root@server ~]# vim /etc/samba/smb.conf
; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] >>>>>>这个DIR就是登陆时的路径 comment=westos dir path = /westos >>>>>>指向/westos [root@server ~]# systemctl restart smb.service
客户端
[root@client ~]# smbclient -L //172.25.254.200 Enter root's password: Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- DIR Disk westos dir <<<<<<匿名登陆可以查看到这个目录 IPC$ IPC IPC Service (Samba Server Version 4.1.1) Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- ------- [root@client ~]# smbclient //172.25.254.200/DIR -U student <<<<<<<用户登陆,注意是DIR,可以查看到内容 Enter student's password: Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] smb: \> ls . D 0 Sun Jun 3 07:47:50 2018 .. D 0 Sun Jun 3 07:47:50 2018 40913 blocks of size 262144. 28580 blocks available
4,设定bool使客户端可以看
[root@server ~]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos [mnt] >>>>>>新建共享目录 comment = /mnt dir >>>>>>这个时共享目录的说明性文字,内容是什么没关系 path = /mnt [root@server ~]# systemctl restart smb.service [root@server ~]# touch /mnt/file{1..5} [root@server ~]# cd /mnt/ [root@server mnt]# ls file1 file2 file3 file4 file5 >>>>>>服务端可以查看到建立的文件 [root@client ~]# smbclient //172.25.254.200/mnt -U student >>>>>>客户端用户的登陆 Enter student's password: Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] smb: \> ls >>>>>>客户端查看不到 . D 0 Thu Mar 13 07:51:26 2014 .. D 0 Sun Jun 3 07:47:50 2018 40913 blocks of size 262144. 28579 blocks available [root@server mnt]# setenforce 0 >>>>>SELINUX设置为0,可以查看到 smb: \> ls . D 0 Sun Jun 3 08:14:09 2018 .. D 0 Sun Jun 3 07:47:50 2018 file1 N 0 Sun Jun 3 08:14:09 2018 file2 N 0 Sun Jun 3 08:14:09 2018 file3 N 0 Sun Jun 3 08:14:09 2018 file4 N 0 Sun Jun 3 08:14:09 2018 file5 N 0 Sun Jun 3 08:14:09 2018 [root@server mnt]# setenforce 1 >>>>>>>警告模式不安全,设置为强制模式 [root@server mnt]# setsebool -P samba_export_all_ro on >>>>>>>设置布尔值,smb.conf文件里面有 smb: \> ls >>>>>>>客户端可以查看到文件 . D 0 Sun Jun 3 08:14:09 2018 .. D 0 Sun Jun 3 07:47:50 2018 file1 N 0 Sun Jun 3 08:14:09 2018 file2 N 0 Sun Jun 3 08:14:09 2018 file3 N 0 Sun Jun 3 08:14:09 2018 file4 N 0 Sun Jun 3 08:14:09 2018 file5 N 0 Sun Jun 3 08:14:09 2018 40913 blocks of size 262144. 28571 blocks available
5,隐藏共享文件
[root@server mnt]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos browseable = no <<<<<<<设置为隐藏,这个参数默认是yes,可以看见 [root@client ~]# smbclient -L //172.25.254.200 Enter root's password: Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.1.1) mnt Disk /mnt dir <<<<<<<查看不到DIR Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] Server Comment --------- ------- Workgroup Master --------- -------
6,服务端共享文件对所有人可写
[root@server mnt]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos browseable = yes writable = yes >>>>>>>对所有人可写 [mnt] comment = /mnt dir path = /mnt [root@client ~]# mount //172.25.254.200/DIR /mnt -o username=westos,password=redhat >>>>>>>挂载 >>>>这个是以服务端的westos身份挂载,与客户端有没有没有关系 [root@client ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3150560 7323340 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 80 942580 1% /dev/shm tmpfs 942660 17004 925656 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup //172.25.254.200/DIR 10473900 3159412 7314488 31% /mnt [root@client ~]# cd /mnt/ [root@client mnt]# ls [root@client mnt]# touch file >>>>>>>虽然有可写权限,但是还是无法写入 touch: cannot touch ‘file’: Permission denied [root@server ~]# ls -ld /westos/ drwxr-xr-x. 2 root root 6 Jun 3 07:47 /westos/ [root@server ~]# chmod 777 /westos/ >>>>>>>给其他人权限 [root@client mnt]# touch file >>>>>>>可写 [root@client mnt]# ls file [root@client mnt]# rm -rf file >>>>>>>可删除 [root@client mnt]# ls [root@client mnt]# touch file [root@client mnt]# ll total 0 -rw-r--r--. 1 1001 1001 0 Jun 3 09:00 file >>>>>>>这个文件的拥有着是1001 >>>>>>>这个1001是Uid,是服务端的 [root@server ~]# id 1001 >>>>>>>服务端查看是westos用户 uid=1001(westos) gid=1001(westos) groups=1001(westos) [root@client mnt]# id westos >>>>>>由于客户端没有这个用户,所以只能显示id id: westos: no such user !!!注意:如果客户端存在UID为1001的用户,那么文件所有者就是用户UID为1001的用户,而不管服务端是否有这个用户!!!
7,对特定用户和特定组可写
[root@server ~]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos browseable = yes # writable = yes >>>>>注释掉对所有人可写 write list = student >>>>>只对student用户可写 [root@server ~]# systemctl restart smb.service [root@client ~]# umount /mnt/ [root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat >>>>>>以westos用户重新挂载 [root@client ~]# cd /mnt/ [root@client mnt]# touch file{1..3} >>>>>>westos用户不是特定用户,所以不可写 touch: cannot touch ‘file1’: Permission denied touch: cannot touch ‘file2’: Permission denied touch: cannot touch ‘file3’: Permission denied [root@client mnt]# umount /mnt/ umount: /mnt: target is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) [root@client mnt]# cd [root@client ~]# umount /mnt/ [root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=student,password=redhat >>>>>>以student用户重新挂载 [root@client ~]# cd /mnt/ [root@client mnt]# ls [root@client mnt]# touch file{1..3} >>>>>>>student用户是特定用户所以可写 [root@client mnt]# ls file1 file2 file3
[root@server westos]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos browseable = yes # writable = yes write list = @student >>>>>>对student这个组可写,前面要加@或+ 上面有例子 [root@server westos]# systemctl restart smb.service [root@server westos]# id westos uid=1001(westos) gid=1001(westos) groups=1001(westos) [root@server westos]# usermod -G student westos >>>>>>把westos用户加到student组 [root@server westos]# id westos uid=1001(westos) gid=1001(westos) groups=1001(westos),1000(student) [root@client mnt]# cd [root@client ~]# umount /mnt/ [root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat >>>>>客户端重新以westos用户登陆 [root@client ~]# cd /mnt/ [root@client mnt]# ls file1 file2 file3 [root@client mnt]# touch file{5..10} >>>>>>可以创建文件
8,samba用户客户端创建文件时,文件的所有者是超级用户
[root@server ~]# vim /etc/samba/smb.conf ; [public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = +staff [DIR] comment = westos dir path = /westos browseable = yes writable = yes # write list = @student admin users = westos <<<<<<<<客户端以westos用户登陆时,创建的文件所有者是超级用户 [root@server ~]# systemctl restart smb.service [root@server ~]# ls -ld /westos/ drwxrwxrwx. 2 root root 4096 Jun 3 09:30 /westos/ [root@server ~]# chmod 755 /westos/ <<<<<<<超级用户不需要755的权限,为了说明是超户创建文件,缩小权限 [root@server ~]# ls -ld /westos/ drwxr-xr-x. 2 root root 4096 Jun 3 09:30 /westos/ [root@client ~]# mount //172.25.254.200/DIR /mnt/ -o username=westos,password=redhat [root@client ~]# cd /mnt/ [root@client mnt]# ls file1 file10 file2 file3 file5 file6 file7 file8 file9 hahah [root@client mnt]# rm -rf * [root@client mnt]# touch file <<<<<<<创建文件 [root@client mnt]# ll total 0 -rw-r--r--. 1 root 1001 0 Jun 3 09:41 file <<<<<<只是所有者是root用户,组还是登陆的westos组
9,smb多用户挂载
[root@client mnt]# useradd test [root@client mnt]# passwd test >>>>>>新用户建 Changing password for user test. New password: BAD PASSWORD: The password is shorter than 8 characters Retype new password: passwd: all authentication tokens updated successfully. [root@client mnt]# su - test >>>>>>>切换用户 [test@client ~]$ cd /mnt/ [test@client mnt]$ ls >>>>>>新建的用户也可以看到 file >>>>>>这样不太安全 [test@client mnt]$ logout >>>>>>添加认证的方式才能看到 [root@client ~]# yum install cifs-utils.x86_64 -y >>>>>>安装组建 [root@client ~]# man mount.cifs >>>>>>这里面写了对samba版本的要求 [root@client ~]# rpm -qa | grep samba >>>>>>查看版本 samba-client-4.1.1-31.el7.x86_64 samba-common-4.1.1-31.el7.x86_64 samba-libs-4.1.1-31.el7.x86_64 [root@client ~]# vim /root/smbpass >>>>>>为后面的挂载写配置文件 [root@client ~]# cat /root/smbpass >>>>>>root用户以服务端student用户身份 username=student password=redhat [root@client ~]# umount /mnt/ [root@client ~]# mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.200/DIR /mnt/ #credentials=/root/smbpasswd 指定挂载时所用到的用户文件 #multiuser 支持多用户认证 #sec=ntlmssp 认证方式为标准smb认证方式 [root@client ~]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3152836 7321064 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 80 942580 1% /dev/shm tmpfs 942660 17008 925652 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup //172.25.254.200/DIR 10473900 3159872 7314028 31% /mnt [root@client ~]# cd /mnt/ [root@client mnt]# ls >>>>>root用户以student用户查看,是有这个权限的 file [root@client mnt]# su - test >>>>>test用户在认证模式下没有做认证,所以看不了 Last login: Sun Jun 3 10:55:09 EDT 2018 on pts/0 [test@client ~]$ ls [test@client ~]$ cd /mnt [test@client mnt]$ ls ls: reading directory .: Permission denied
客户端test用户做认证
[test@client mnt]$ rpm -ql cifs-utils >>>>>查看生成的所有文件 /etc/cifs-utils/idmap-plugin /etc/request-key.d/cifs.idmap.conf /etc/request-key.d/cifs.spnego.conf /usr/bin/cifscreds /usr/bin/getcifsacl <<<<< /usr/bin/setcifsacl /usr/lib64/cifs-utils/idmapwb.so /usr/sbin/cifs.idmap /usr/sbin/cifs.upcall /usr/sbin/mount.cifs /usr/share/man/man1/cifscreds.1.gz /usr/share/man/man1/getcifsacl.1.gz /usr/share/man/man1/setcifsacl.1.gz /usr/share/man/man8/cifs.idmap.8.gz /usr/share/man/man8/cifs.upcall.8.gz /usr/share/man/man8/idmapwb.8.gz /usr/share/man/man8/mount.cifs.8.gz [test@client mnt]$ cifscreds --help cifscreds: unrecognized option '--help' Usage: cifscreds add [-u username] [-d] <host|domain> cifscreds clear [-u username] [-d] <host|domain> cifscreds clearall cifscreds update [-u username] [-d] <host|domain> [test@client mnt]$ cifscreds add -u westos 172.25.254.200 <<<<<服务端的test用户认证为客户端的westos Password: 如果输入或者添加错误,可以执行cifscreds clearall,可以删除上面做认证的信息 [DIR] comment = westos dir path = /westos browseable = yes writable = yes # write list = @student admin users = westos >>>>>>>注意这里还是admin users [test@client mnt]$ ls >>>>>>>可以查看 file [test@client mnt]$ touch filetest 客户端的test是用服务端的westos用户做认证,而服务端设定admin users = westos ,所以这里test用户创建文件时的所有者是root [test@client mnt]$ ll total 0 -rw-r--r--. 1 root test 0 Jun 3 09:41 file -rw-r--r--. 1 root test 0 Jun 3 11:18 filetest
10,匿名用户登陆
[root@client mnt]# smbclient //172.25.254.200/DIR >>>>>>>匿名用户登陆格式 Enter root's password: Anonymous login successful Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] tree connect failed: NT_STATUS_ACCESS_DENIED >>>>>>>登陆失败 [root@server ~]# vim /etc/samba/smb.conf # security = user passdb backend = tdbsam map to guest = bad user >>>>在[global]里面写上这个映射 # ----------------------- Domain Members Options --------------------- [DIR] comment = westos dir path = /westos browseable = yes writable = yes # write list = @student admin users = westos guest ok = yes >>>>>[DIR]这个共享目录匿名用户可以查看 [root@server ~]# systemctl restart smb.service [root@client mnt]# smbclient //172.25.254.200/DIR >>>>>登陆 Enter root's password: Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1] smb: \> ls >>>>>可以查看 . D 0 Sun Jun 3 11:18:03 2018 .. D 0 Sun Jun 3 07:47:50 2018 file N 0 Sun Jun 3 09:41:48 2018 filetest N 0 Sun Jun 3 11:18:02 2018 40913 blocks of size 262144. 28568 blocks available 匿名用户属于other,服务端给文件写的权限,配置文件也给权限那么就可以实现写文件的功能 也可以不登陆,挂载上,直接进入目录 [root@client mnt]# mount //172.25.254.200/DIR /mnt -o username=guest,password="" >>>>>挂载在/mnt下,注意身份是guest, 匿名用户没有密码,密码就是空 [root@client mnt]# df Filesystem 1K-blocks Used Available Use% Mounted on /dev/vda1 10473900 3152920 7320980 31% / devtmpfs 927072 0 927072 0% /dev tmpfs 942660 80 942580 1% /dev/shm tmpfs 942660 17008 925652 2% /run tmpfs 942660 0 942660 0% /sys/fs/cgroup //172.25.254.200/DIR 10473900 3160108 7313792 31% /mnt [root@client mnt]# ls >>>>>不用登陆,直接查看 file filetest