实验环境:安装smb的虚拟机,windows 10环境。
实验:创建baisuzhen,xuxian,fahai,xiaoqing,xushilin,guanyin 六个用户
1.要求以上六个用户都可以浏览并访问目标主机的共享目录leifengta,匿名用户可访问但不可浏览。大小2GB。未来可自动扩展
2.baisuzhen,xuxian,xushilin 可以在该共享目录下创建及删除文件,且彼此之间创建的文件,可以相互修改,其他用户不可创建文件。
3.xuxian,xushilin最多能各自创建200M的数据,且不能删除其他人创建的文件,baisuzhen不受限制.
4.六个用户各自都 有一个以自己名字为名的共享目录,仅自己可见可访问可创建,他人不可见,guanyin对所有目录均有完整权限
第一步、创建用户
[root@localhost ~]# for username in baisuzhen xuxian fahai xiaoqing xushilin guanyin ;do useradd -s /sbin/nologin $username ; (echo redhat;echo redhat) |smbpasswd -a $username ;done
New SMB password:
Retype new SMB password:
Added user baisuzhen.
New SMB password:
Retype new SMB password:
Added user xuxian.
New SMB password:
Retype new SMB password:
Added user fahai.
New SMB password:
Retype new SMB password:
Added user xiaoqing.
New SMB password:
Retype new SMB password:
Added user xushilin.
New SMB password:
Retype new SMB password:
Added user guanyin.
我们可以用如下命令查看已存在的samba用户列表
[root@localhost ~]# pdbedit -L
baisuzhen:1001:
fahai:1003:
xushilin:1005:
xuxian:1002:
xiaoqing:1004:
guanyin:1006:
这六个用户的密码都是redhat
第二步、
添加一块硬盘,创建逻辑卷
[root@localhost ~]# echo "- - -" > /sys/class/scsi_host/host0/scan
[root@localhost ~]# fdisk /dev/sdb
Command (m for help): n
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-41943039, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +2G
#修改分区类型为8e
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
创建逻辑卷
[root@localhost ~]# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
[root@localhost ~]# vgcreate vgbaishezhuan /dev/sdb1
Volume group "vgbaishezhuan" successfully created
[root@localhost ~]# lvcreate -l +100%FREE -n lvbaishezhuan vgbaishezhuan
Logical volume "lvbaishezhuan" created.
[root@localhost ~]# mkfs.ext4 /dev/vgbaishezhuan/lvbaishezhuan
将逻辑卷挂载到/app/baishezhuan目录下
[root@localhost ~]# vim /etc/fstab
/dev/vgbaishezhuan/lvbaishezhuan /app/baishezhuan ext4 defaults,usrquota 0 0
[root@localhost ~]# mount -a
设置特殊权限,使白素贞、许仙、许士林可以对该文件baishezhuan有特殊权限。
[root@localhost ~]# setfacl -m u:baisuzhen:rwx /app/baishezhuan/
[root@localhost ~]# setfacl -m u:xuxian:rwx /app/baishezhuan/
[root@localhost ~]# setfacl -m u:xushilin:rwx /app/baishezhuan/
mount -a 重读一下/etc/fstab文件,已经挂载的不再进行挂载,也不会更新挂载选项。
第三步、添加设置特殊权限
[root@localhost ~]# groupadd baishezhuan
[root@localhost ~]# usermod -aG baishezhuan baisuzhen
[root@localhost ~]# usermod -aG baishezhuan xuxian
[root@localhost ~]# usermod -aG baishezhuan xushilin
[root@localhost ~]# chgrp baishezhuan /app/baishezhuan
[root@localhost ~]# chmod g+s /app/baishezhuan
[root@localhost ~]# chown baisuzhen /app/baishezhuan
[root@localhost ~]# chmod o+t /app/baishezhuan
第四步、
[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# mkdir conf.d
[root@localhost samba]# cd conf.d/
[root@localhost conf.d]# vim baisuzhen.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = yes
force create mode = 0664
[baisuzhen]
comment = baisuzhen
path = /app/common/baisuzhen
browseable = yes
writeable = yes
[root@localhost conf.d]# vim xiaoqing.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = No
force create mode = 0664
[xiaoqing]
comment = xiaoqing
path = /app/common/xiaoqing
browseable = yes
writeable = yes
[root@localhost conf.d]# vim xuxian.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = yes
force create mode = 0664
[xuxian]
comment = xuxian
path = /app/common/xuxian
browseable = yes
writeable = yes
[root@localhost conf.d]# vim xushilin.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = yes
force create mode = 0664
[xushilin]
comment = xushilin
path = /app/common/xushilin
browseable = yes
writeable = yes
[root@localhost conf.d]# vim fahai.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = no
force create mode = 0664
[fahai]
comment = fahai
path = /app/common/fahai
browseable = yes
writeable = yes
[root@localhost conf.d]# vim guanyin.conf
[leifengta]
comment = xi hu leifengta
path = /app/baishezhuan
browseable = yes
writeable = no
[baisuzhen]
comment = baisuzhen
path = /app/common/baisuzhen
browseable = yes
writeable = yes
[fahai]
comment = fahai
path = /app/common/fahai
browseable = yes
writeable = yes
[xiaoqing]
comment = xiaoqing
path = /app/common/xiaoqing
browseable = yes
writeable = yes
[xushilin]
path = /app/common/xushilin
browseable = yes
writeable = yes
[xuxian]
comment = xuxian
path = /app/common/xuxian
browseable = yes
writeable = yes
[guanyin]
comment = guanyin
path = /app/common/guanyin
browseable = yes
writeable = yes
第五步、设施quota权限
[root@localhost conf.d]# quotacheck -cum /app/baishezhuan/
[root@localhost conf.d]# quotaon /app/baishezhuan/
[root@localhost conf.d]# setquota -u xuxian 0 200M 0 0 /app/baishezhuan/
[root@localhost conf.d]# setquota -u xushilin 0 200M 0 0 /app/baishezhuan/
[root@localhost conf.d]# repquota -v /app/baishezhuan/
*** Report for user quotas on device /dev/mapper/vgbaishezhuan-lvbaishezhuan
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 16 0 0 1 0 0
baisuzhen -- 4 0 0 1 0 0
xuxian -- 0 0 204800 0 0 0
xushilin -- 0 0 204800 0 0 0
第五步、给xiaoqing xuxian xushilin fahai guanyin baisuzhen创建各自指定的要访问的目录
扫描二维码关注公众号,回复:
3709360 查看本文章
[root@localhost conf.d]# cd /app/
[root@localhost app]# mkdir common
[root@localhost app]# cd common/
[root@localhost common]# mkdir baisuzhen xuxian xushilin fahai xiaoqing guanyin
[root@localhost common]# ls
baisuzhen fahai guanyin xiaoqing xushilin xuxian
[root@localhost common]# chown fahai fahai/
[root@localhost common]# chown guanyin guanyin/
[root@localhost common]# chown xiaoqing xiaoqing/
[root@localhost common]# chown xuxian
[root@localhost common]# chown xuxian xuxian/
[root@localhost common]# chown xushilin xushilin/
[root@localhost common]# chown baisuzhen baisuzhen/
[root@localhost common]# chmod 700 *
[root@localhost common]# setfacl -m u:guanyin:rwx *
更改各目录为指定的所属人,并给guanyin设置所有目录的acl权限。
第六步,测试
在windows端,按ctrl+r,输入我们实验机器的IP地址
点击确定!输入账号密码
我们不可以在雷峰塔里面创建任何文件,但是可以在其他目录里创建、删除、修改。
再换一个用户试试?那我们必须先清理一下缓存,才能切换用户!
在windows下,按ctrl+r,输入cmd,
点击确定!再输入: net use * /del
回车!Y
windows清理缓存有时候无法实时同步,需要我们多运行几次 net use * /del命令(我有一次清理了好几分钟也不行)。
再重复第六步开始的操作
xuxian可以在leifengta创建文件。你也可以尝试着登录其他用户,来修改xuxian创建的文件,赶快自己试试吧!
如有疑问,请联系本人微信:13015588715.十分乐意给您解答!