[Linux study notes 24-1] network file system samba sharing settings + automatic mount and uninstall autofs

0-1 Experimental environment

• Server side: node1===>192.168.43.101
• Client: node2===>192.168.43.111

0-2 Windows and Linux share files

• Windows host IP: 192.168.43.1

1. New folder westos
2. Open file properties===>Sharing===>Advanced sharing===>Shared folder===>Set share name
3. File attributes ===>Share===>Arrow===>Select Everyone===>Add===>Share===>Finish

• Linux client: node2 host

smbclient -L //192.168.43.1/共享名称 -U administrator

1. Introduction to samba service

Samba is an implementation method of SMB, which is mainly used to implement file and print services of the Linux system. Linux users can share resources with Windows users by configuring and using the Samba server.

Samba is an open source software based on the SMB protocol (ServerMessage Block), and samba can also be a trademark of the SMB protocol. SMB is a protocol that can be used to share resources such as files and printers on Linux and UNIX systems. This protocol is based on a Client\Server protocol. The client can access shared resources on the Server through SMB. When Windows is the Client and CentOS is the server, Samba can be used to access Linux resources through Samba and realize data interaction between the two systems.

Samba is software that runs on unix/linux. It is divided into server-side and client-side, and realizes the functions described by the cifs protocol. For windows and unix/linux see file sharing

cifs: File sharing protocol on Windows, its predecessor is SMB protocol

2. Samba basic information

1. Service startup script
   smb.service

2. Main configuration directory
   / etc / samba

3. Main configuration file
   /etc/samba/smb.conf

4. Security context
   samba_share_t

5. port 139、445

6. Installation package
   samba：
   samba-common:Toolkit
   samba-client: Client

3. Installation and activation of samba

1. dnf search samba: Find
2. dnf install samba -y: Server-side installation
   dnf install samba-common -y: Both server and client must be installed
   dnf install samba-client -y: Client-side installation
3. systemctl enable --now smb.service: Start the samba service
4. Enable samba when the firewall is open::
   firewall-cmd --permanent --add-service=sambaPermanently open samba in the firewall
   firewall-cmd --reload: refresh the firewall to make the settings take effect

• test:

smbclient -L //192.168.43.101: List the shared files provided by the specified IP

(Please press Enter directly when you need to enter the root password)

4. Establishment of samba user

The samba user must be a local user

1. smbpasswd -a 用户名: Add samba user
2. pdbedit -L: View the list of samba users
3. pdbedit -x 用户名: Delete samba user

5. samba user access home directory

1. setsebool -P samba_enable_home_dirs on

• Access under Windows

Windows + R ===> Enter \\192.168.43.101run

• Access under Linux

smbclient -L //IP/共享名称 -U 用户名: List the shared files provided by the specified IP

6. samba service shared directory

6.1 Sharing self-built directories

1. mkdir /westosdir: Create a shared directory
2. touch /westosdir/file1: Create file
3. semanage fcontext -a -t samba_share_t ‘/westosdir(/.*)?’: Modify the Selinux security context of the shared directory
4. restorecon -RvvF /westosdir: Refresh
5. cp /etc/samba/smb.conf.example /etc/samba/smb.conf: Copy template file
6. vim /etc/samba/smb.conf: Add a shared directory

	[LEE]	#共享名称
	comment = westos dir	#共享说明
	path = /westosdir	#共享路径

7. systemctl restart smb.service: Restart service

• Access shared files on the client:

1. smbclient //共享文件主机IP/共享名 -U samba用户名: List the shared files provided by the specified IP
2. mount -o username=samba用户名,password=密码 //共享文件主机IP/共享名 挂载目录: Mount the file system

6.2 Shared system directory (you cannot directly modify the security context)

1. vim /etc/samba/smb.conf: Modify the shared directory to the system directory

	[LEE]	#共享名称
	comment = westos dir	#共享说明
	path = /mnt	#共享路径

2. setsebool -P samba_export_all_ro on: Modify the bool value (allow read sharing)
3. getsebool -a | grep samba: Query the bool value of Samba
4. systemctl restart smb.service: Restart service

• Access shared files on the client:

smbclient //共享文件主机IP/共享名 -U samba用户名: List the shared files provided by the specified IP

• Restore server-side settings

7. samba common configuration parameters

1. Service-Terminal:
   • chmod 777 共享目录: Modify shared directory permissions
   • vim /etc/samba/smb.conf: Add or modify parameters
   • systemctl restart smb.service: Restart service
2. Client test:
   • mount -o username=sdsnzy1,password=sdsnzy1 //192.168.43.101/LEE /mnt/

7.1 All users can write

writable = yes

• Failed to create a file after the client is mounted!

• Modify permissions and configuration files on the server side, restart the service

• Client test: remount and write!

7.2 Writable by designated users

write list = users

• Modify the configuration file on the server side and restart the service!

• Client remount test:

7.3 Specified group can be written

write list = @User or +User

• Modify the configuration file on the server side and restart the service! (Add sdsnzy1 as an additional group of sdsnzy2, restore after the experiment is completed)

• Client remount test:

7.4 Designated access user

valid users = users

• Modify the configuration file on the server side and restart the service!

• Client remount test:

7.5 Specify Access Group

valid users = @User or +User

• Modify the configuration file on the server side and restart the service! (Add sdsnzy1 as an additional group of sdsnzy2, restore after the experiment is completed)

• Client remount test:

7.6 Whether to hide sharing

browseable = no: Do not show sharing

browseable = yes: Show sharing (default)

• When server-side settings do not show sharing, restart the service and client-side test:

• When the server-side setting shows the sharing, restart the service, and the client-side test:

7.7 Allow anonymous users to access

map to guest = bad user : Global settings (add in [gloabl])
guest ok = yes: Set in the share name

• Modify the configuration file on the server side and restart the service!

• Client anonymous mount test:

mount -o username=guest //192.168.43.101/LEE /mnt: Anonymous mount

7.8 Designated host access (whitelist)

hosts allow = 192.168.43.111: Only the host can access (multiple host IPs are separated by spaces)

hosts allow = 192.168.43.: Only the hosts under this network segment can access (for example, 192.168.43.38;192.168.43.183...etc.)

7.9 Designated host access (blacklist)

hosts deny = 192.168.43.111: Only the host is forbidden to access (multiple host IPs are separated by spaces)
hosts allow = 192.168.43.: Prohibit access to hosts under this network segment

8. Samba+autofs auto mount and unmount

autofs: software that realizes automatic mounting and unloading on the client;

Mount is used to mount the file system. It can be mounted when the system is started or after the system is started. For local fixed devices, such as hard disks, you can use mount to mount; while file systems such as CDs, floppy disks, NFS, and SMB are dynamic, that is, they are only necessary to mount when needed. Optical drives and floppy disks are generally known when they need to be mounted, but NFS and SMB shares are not necessarily known, that is, we generally cannot know in time when NFS shares and SMB can be mounted. The autofs service provides this function, like the automatic opening function of the optical drive in windows, which can mount a dynamically loaded file system in time. Eliminate the trouble of manual mounting. To realize dynamic automatic mounting of CD-ROM, floppy disk, etc., relevant configuration is required.

8.1 Autofs client installation

dnf install autofs -y

8.2 Client configuration

1. vim /etc/auto.master: Edit the configuration file

/mnt    	/etc/auto.samba
最终挂载点的上层目录	自动定义子策略文件

2. vim /etc/auto.samba: Edit the automatically defined sub-policy file

samba   -fstype=cifs,username=用户,password=密码      ://服务器端主机IP/共享目录
最终挂载点	挂载参数			挂载资源

3. vim /etc/autofs.conf: Modify the default uninstall time

timeout = 3	#自动卸载时间默认为300秒

4. systemctl restart autofs.service: Restart service

8.3 Client test

1. cd /mnt/samba: Enter the mount point directory
2. df: Found that it has been automatically mounted
3. cd: Exit the mount point directory, after 3s (waiting for the resource to be idle for timeout, the mounted resource is automatically unmounted)
4. df: After 3s, it is found that the mounting has been automatically cancelled

9. Samba multi-user mount (cifs)

If you use the normal mounting method on the client, people who have not used user authentication can also access the samba service, which is not safe

Only authenticated users can mount

9.1 Install samba authentication tool on client

dnf search cifs:Inquire

dnf install cifs-utils.x86_64 -y:installation

9.2 Client configuration

1. vim /root/smbauth: Create and edit the password file of the mount user

username=sdsnzy1
password=sdsnzy1

2. vim /etc/auto.master: Edit the configuration file

/-      /etc/auto.cifs
最终挂载点的上层目录	自动定义子策略文件

3. vim /etc/auto.cifs: Edit the automatically defined sub-policy file

/samba	-fstype=cifs,credentials=/root/smbauth,sec=ntlmssp,multiuser	://192.168.43.101/LEE

credentials=/root/smbauth	#指定认证文件（第一步编辑好的密码文件）
sec=ntlmssp	#指定认证类型
multiuser	#支持多用户

4. systemctl restart autofs.service: Restart service

9.3 Client authentication

• cifscreds add -u Samba用户 服务器端主机IP: Add certification
• cifscreds clearall: Clear all authenticated users
• cifscreds clear -u Samba用户: Clear the specified authenticated user
• cifscreds update -u Samba用户: Update certification

experiment:

1. su - kiosk: Switch to normal user
2. ls -l /mnt: Unable to view
3. cifscreds add -u sdsnzy1 192.168.43.101: Add certification
4. Can view and create files
5. Switch to other ordinary users, no authentication can not be viewed, very safe! ! !