samba史上最全实例！

实验环境：安装smb的虚拟机，windows 10环境。

实验：创建baisuzhen,xuxian,fahai,xiaoqing,xushilin,guanyin 六个用户
1.要求以上六个用户都可以浏览并访问目标主机的共享目录leifengta，匿名用户可访问但不可浏览。大小2GB。未来可自动扩展

2.baisuzhen，xuxian，xushilin 可以在该共享目录下创建及删除文件，且彼此之间创建的文件，可以相互修改，其他用户不可创建文件。

3.xuxian，xushilin最多能各自创建200M的数据，且不能删除其他人创建的文件，baisuzhen不受限制.

4.六个用户各自都 有一个以自己名字为名的共享目录，仅自己可见可访问可创建，他人不可见，guanyin对所有目录均有完整权限

第一步、创建用户

[root@localhost ~]# for username in baisuzhen xuxian fahai xiaoqing xushilin guanyin ;do useradd -s /sbin/nologin $username ; (echo redhat;echo redhat) |smbpasswd -a $username ;done
New SMB password:
Retype new SMB password:
Added user baisuzhen.
New SMB password:
Retype new SMB password:
Added user xuxian.
New SMB password:
Retype new SMB password:
Added user fahai.
New SMB password:
Retype new SMB password:
Added user xiaoqing.
New SMB password:
Retype new SMB password:
Added user xushilin.
New SMB password:
Retype new SMB password:
Added user guanyin.

我们可以用如下命令查看已存在的samba用户列表

[root@localhost ~]# pdbedit -L
baisuzhen:1001:
fahai:1003:
xushilin:1005:
xuxian:1002:
xiaoqing:1004:
guanyin:1006:

这六个用户的密码都是redhat

第二步、

添加一块硬盘，创建逻辑卷

[root@localhost ~]# echo "- - -" > /sys/class/scsi_host/host0/scan
[root@localhost ~]# fdisk /dev/sdb
Command (m for help): n
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-41943039, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +2G

#修改分区类型为8e

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e

创建逻辑卷
[root@localhost ~]# pvcreate /dev/sdb1
  Physical volume "/dev/sdb1" successfully created.
[root@localhost ~]# vgcreate vgbaishezhuan /dev/sdb1
  Volume group "vgbaishezhuan" successfully created
[root@localhost ~]# lvcreate -l +100%FREE -n lvbaishezhuan vgbaishezhuan
  Logical volume "lvbaishezhuan" created.
[root@localhost ~]# mkfs.ext4 /dev/vgbaishezhuan/lvbaishezhuan

将逻辑卷挂载到/app/baishezhuan目录下
[root@localhost ~]# vim /etc/fstab
/dev/vgbaishezhuan/lvbaishezhuan /app/baishezhuan      ext4    defaults,usrquota  0 0
[root@localhost ~]# mount -a

设置特殊权限，使白素贞、许仙、许士林可以对该文件baishezhuan有特殊权限。
[root@localhost ~]#  setfacl -m u:baisuzhen:rwx /app/baishezhuan/
[root@localhost ~]#  setfacl -m u:xuxian:rwx /app/baishezhuan/
[root@localhost ~]#  setfacl -m u:xushilin:rwx /app/baishezhuan/

mount -a 重读一下/etc/fstab文件，已经挂载的不再进行挂载，也不会更新挂载选项。

第三步、添加设置特殊权限

[root@localhost ~]# groupadd baishezhuan
[root@localhost ~]# usermod -aG baishezhuan baisuzhen
[root@localhost ~]# usermod -aG baishezhuan xuxian
[root@localhost ~]# usermod -aG baishezhuan xushilin
[root@localhost ~]# chgrp baishezhuan /app/baishezhuan
[root@localhost ~]# chmod g+s /app/baishezhuan
[root@localhost ~]# chown baisuzhen /app/baishezhuan
[root@localhost ~]# chmod o+t /app/baishezhuan

第四步、

[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# mkdir conf.d
[root@localhost samba]# cd conf.d/
[root@localhost conf.d]# vim baisuzhen.conf
[leifengta]
                comment = xi hu leifengta
                path = /app/baishezhuan
                browseable = yes
                        writeable = yes
                        force create mode = 0664


        [baisuzhen]
                comment = baisuzhen
                path = /app/common/baisuzhen
                browseable = yes
                writeable = yes

[root@localhost conf.d]# vim xiaoqing.conf
[leifengta]
                comment = xi hu leifengta
                path = /app/baishezhuan
                browseable = yes
                        writeable = No
                        force create mode = 0664


        [xiaoqing]
                comment = xiaoqing
                path = /app/common/xiaoqing
                browseable = yes
                writeable = yes
[root@localhost conf.d]# vim xuxian.conf
[leifengta]
                comment = xi hu leifengta
                path = /app/baishezhuan
                browseable = yes
                        writeable = yes
                        force create mode = 0664


        [xuxian]
                comment = xuxian
                path = /app/common/xuxian
                browseable = yes
                writeable = yes

[root@localhost conf.d]# vim xushilin.conf
[leifengta]
                comment = xi hu leifengta
                path = /app/baishezhuan
                browseable = yes
                        writeable = yes
                        force create mode = 0664


        [xushilin]
                comment = xushilin
                path = /app/common/xushilin
                browseable = yes
                writeable = yes

[root@localhost conf.d]# vim fahai.conf
[leifengta]
                comment = xi hu leifengta
                path = /app/baishezhuan
                browseable = yes
                        writeable = no
                        force create mode = 0664


        [fahai]
                comment = fahai
                path = /app/common/fahai
                browseable = yes
                writeable = yes
[root@localhost conf.d]# vim guanyin.conf
[leifengta]
        comment = xi hu leifengta
        path = /app/baishezhuan
        browseable = yes
	writeable = no
[baisuzhen]
	comment = baisuzhen
	path = /app/common/baisuzhen
	browseable = yes
	writeable = yes
[fahai]
        comment = fahai
        path = /app/common/fahai
        browseable = yes
        writeable = yes
[xiaoqing]
        comment = xiaoqing
        path = /app/common/xiaoqing
        browseable = yes
        writeable = yes
[xushilin]
        path = /app/common/xushilin
        browseable = yes
        writeable = yes
[xuxian]
        comment = xuxian
        path = /app/common/xuxian
        browseable = yes
        writeable = yes
[guanyin]
        comment = guanyin
        path = /app/common/guanyin
        browseable = yes
        writeable = yes

第五步、设施quota权限

[root@localhost conf.d]# quotacheck -cum /app/baishezhuan/
[root@localhost conf.d]# quotaon /app/baishezhuan/
[root@localhost conf.d]# setquota -u xuxian 0 200M 0 0 /app/baishezhuan/
[root@localhost conf.d]# setquota -u xushilin 0 200M 0 0 /app/baishezhuan/
[root@localhost conf.d]# repquota -v /app/baishezhuan/
*** Report for user quotas on device /dev/mapper/vgbaishezhuan-lvbaishezhuan
Block grace time: 7days; Inode grace time: 7days
                        Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
root      --      16       0       0              1     0     0       
baisuzhen --       4       0       0              1     0     0       
xuxian    --       0       0  204800              0     0     0       
xushilin  --       0       0  204800              0     0     0  

第五步、给xiaoqing xuxian xushilin fahai guanyin baisuzhen创建各自指定的要访问的目录

扫描二维码关注公众号，回复： 3709360 查看本文章

[root@localhost conf.d]# cd /app/
[root@localhost app]# mkdir common
[root@localhost app]# cd common/
[root@localhost common]# mkdir baisuzhen xuxian xushilin fahai xiaoqing guanyin
[root@localhost common]# ls
baisuzhen  fahai  guanyin  xiaoqing  xushilin  xuxian
[root@localhost common]# chown fahai fahai/
[root@localhost common]# chown guanyin guanyin/
[root@localhost common]# chown xiaoqing xiaoqing/
[root@localhost common]# chown xuxian
[root@localhost common]# chown xuxian xuxian/
[root@localhost common]# chown xushilin xushilin/
[root@localhost common]# chown baisuzhen baisuzhen/
[root@localhost common]# chmod 700 *
[root@localhost common]# setfacl -m u:guanyin:rwx *

更改各目录为指定的所属人，并给guanyin设置所有目录的acl权限。

第六步，测试

在windows端，按ctrl+r，输入我们实验机器的IP地址

点击确定！输入账号密码

我们不可以在雷峰塔里面创建任何文件，但是可以在其他目录里创建、删除、修改。

再换一个用户试试？那我们必须先清理一下缓存，才能切换用户！

在windows下，按ctrl+r，输入cmd，

点击确定！再输入： net use * /del

回车！Y

windows清理缓存有时候无法实时同步，需要我们多运行几次 net use * /del命令（我有一次清理了好几分钟也不行）。

再重复第六步开始的操作

xuxian可以在leifengta创建文件。你也可以尝试着登录其他用户，来修改xuxian创建的文件，赶快自己试试吧！

如有疑问，请联系本人微信：13015588715.十分乐意给您解答！