SAMBA file sharing service
The Samba service program has now become the choice for sharing files between Linux systems and Windows systems
1. Install ansible
[root@myserver ~]# yum install -y samba
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 2:01:32 ago on Sun 31 Jan 2021 11:01:23 PM CST.
Dependencies resolved.
=================================================================================================
Package Arch Version Repository Size
=================================================================================================
Installing:
samba x86_64 4.9.1-8.el8 BaseOS 708 k
Installing dependencies:
samba-common-tools x86_64 4.9.1-8.el8 BaseOS 461 k
samba-libs x86_64 4.9.1-8.el8 BaseOS 177 k
Transaction Summary
=================================================================================================
Install 3 Packages
Total size: 1.3 M
Installed size: 3.5 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : samba-libs-4.9.1-8.el8.x86_64 1/3
Running scriptlet: samba-libs-4.9.1-8.el8.x86_64 1/3
Installing : samba-common-tools-4.9.1-8.el8.x86_64 2/3
Installing : samba-4.9.1-8.el8.x86_64 3/3
Running scriptlet: samba-4.9.1-8.el8.x86_64 3/3
Verifying : samba-4.9.1-8.el8.x86_64 1/3
Verifying : samba-common-tools-4.9.1-8.el8.x86_64 2/3
Verifying : samba-libs-4.9.1-8.el8.x86_64 3/3
Installed products updated.
Installed:
samba-4.9.1-8.el8.x86_64 samba-common-tools-4.9.1-8.el8.x86_64 samba-libs-4.9.1-8.el8.x86_64
Complete!
[root@myserver ~]#
2. After the installation is complete, open the main configuration file of the Samba service program
[root@myserver ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
The configuration parameters are as follows:
[global] | #Global parameters. | |
workgroup = MYGROUP | #Workgroup name | |
server string = Samba Server Version %v | #Server introduction information, the parameter %v shows the SMB version number | |
log file = /var/log/samba/log.%m | #Define the storage location and name of the log file, the parameter %m is the name of the visiting host | |
max log size = 50 | #Define the maximum capacity of the log file as 50KB | |
security = user | #Safety verification method, there are 4 kinds in total | |
#share: There is no need to verify the password for visiting the host; it is more convenient, but the security is very poor | ||
#user: You can access only after verifying the password provided by the visiting host; security is improved | ||
#server: Use an independent remote host to verify the password provided by the visiting host (centralized management account) | ||
#domain: Use a domain controller for authentication | ||
passdb backend = tdbsam | #Define the type of user backend, there are 3 types | |
#smbpasswd: Use the smbpasswd command to set the password of the Samba service program for system users | ||
#tdbsam: Create a database file and use the pdbedit command to establish a user for the Samba service program | ||
#ldapsam: Account verification based on LDAP service | ||
load printers = yes | #Set whether to share the printer device when the Samba service starts | |
cups options = raw | #Printer options | |
[homes] | #Shared parameters | |
comment = Home Directories | #Description | |
browseable = no | #Specify whether the shared information is visible in "Network Neighborhood" | |
writable = yes | #Define whether the write operation can be performed, as opposed to "read only" | |
[printers] | #Printer sharing parameters | |
comment = All Printers | ||
path = / var / spool / samba | #The actual path of the shared file (important). | |
browseable = no | ||
guest ok = no | #Whether everyone is visible is equivalent to the "public" parameter. | |
writable = no | ||
printable = yes |
Configure shared resources
The main configuration file of the Samba service program is very similar to the Apache service learned earlier, including global configuration parameters and regional configuration parameters. Global configuration parameters are used to set the overall resource sharing environment and are effective for each independent shared resource in it. Regional configuration parameters are used to set individual shared resources, and are only valid for that resource
[root@myserver ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@myserver ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@myserver ~]# cat /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
1. After editing the configuration file, create user account information
Parameters and functions used in the pdbedit command
-a username | Create a Samba user |
-x username | Delete Samba user |
-L | List users |
-Lv | List the user details |
2. Create a file directory for sharing resources
3. Set up SELinux services and policies to allow access to the home directories of ordinary users through the Samba service program. Execute the getsebool command to filter out all SELinux domain policies related to the Samba service program, and select the correct policy entry according to the name (and experience) of the policy to open it.
4. In the main configuration file of the Samba service program, add the shared directory file information to the original configuration file
[root@myserver ~]# vim /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[database]
comment = Do not arbitrarily modify the database file #警告用户不要随意修改数据库
path = /home/database #共享目录为/home/database
public = no #关闭所有人可见
writable = yes #允许写入操作
5. The configuration of the Samba service program is basically completed. Next restart the smb service
6. Windows client access
Remember to add firewall policy when windows access error report cannot find shared files
The file written in windows, the same effect seen in Linux is as follows
Linux mount sharing
1. Install cifs-utils on the Linux client
[root@slave1 ~]# yum install cifs-utils
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:00:15 ago on Sun 31 Jan 2021 09:45:40 PM CST.
Dependencies resolved.
=================================================================================================
Package Arch Version Repository Size
=================================================================================================
Installing:
cifs-utils x86_64 6.8-2.el8 BaseOS 93 k
Transaction Summary
=================================================================================================
Install 1 Package
Total size: 93 k
Installed size: 189 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : cifs-utils-6.8-2.el8.x86_64 1/1
Running scriptlet: cifs-utils-6.8-2.el8.x86_64 1/1
Verifying : cifs-utils-6.8-2.el8.x86_64 1/1
Installed products updated.
Installed:
cifs-utils-6.8-2.el8.x86_64
Complete!
[root@slave1 ~]#
2. On the Linux client , write the relevant information into an authentication file in the order of the user name, password, and shared domain of the Samba service. In order to ensure that it is not seen by others at will, finally the permission of this authentication file is modified to only the root administrator can read and write
[root@slave1 ~]# vim auth.smb
username=yhd
password=000000
domain=SAMBA
[root@slave1 ~]# chmod -Rf 600 auth.smb
3. Create a directory on the Linux client to mount the shared resources of the Samba service, and write the mount information into the /etc/fstab file to ensure that the shared mount information is still valid after the server restarts
[root@slave1 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Nov 1 11:12:31 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk/'.
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info.
#
# After editing this file, run 'systemctl daemon-reload' to update systemd
# units generated from this file.
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=a9745542-52aa-46e9-8559-c7eadd2e4b20 /boot xfs defaults 0 0
/dev/mapper/rhel-home /home xfs defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
//192.168.1.88/database /database cifs credentials=/root/auth.smb 0 0
[root@slave1 ~]#
Linux客户端成功地挂载了Samba服务的共享资源。进入到挂载目录/database后就可以看到Windows系统访问Samba服务程序时留下来的文件了
NFS网络文件系统
在RHEL8中的NFS默认是未开启的但是已经安装
1. 为了检验NFS服务配置的效果,我们需要使用两台Linux主机(一台充当NFS服务器,一台充当NFS客户端)
2. 在NFS服务器上建立用于NFS文件共享的目录,并设置足够的权限确保其他人也有写入权限。
[root@myserver ~]# mkdir /nfsfile
[root@myserver ~]# chmod -Rf 777 /nfsfile
[root@myserver ~]# echo "this is a test" > /nfsfile/readme
[root@myserver ~]#
3. NFS服务程序的配置文件为/etc/exports,默认情况下里面没有任何内容。我们可以按照“共享目录的路径 允许访问的NFS客户端(共享权限参数)”的格式,定义要共享的目录与相应的权限。
用于配置NFS服务程序配置文件的参数
参数 | 作用 |
ro | 只读 |
rw | 读写 |
root_squash | 当NFS客户端以root管理员访问时,映射为NFS服务器的匿名用户 |
no_root_squash | 当NFS客户端以root管理员访问时,映射为NFS服务器的root管理员 |
all_squash | 无论NFS客户端使用什么账户访问,均映射为NFS服务器的匿名用户 |
sync | 同时将数据写入到内存与硬盘中,保证不丢失数据 |
async | 优先将数据保存到内存,然后再写入硬盘;这样效率更高,但可能会丢失数据 |
4. 编辑主配置文件 NFS客户端地址与权限之间没有空格
[root@myserver ~]# vim /etc/exports
/nfsfile 192.168.1.* (rw,sync,root_squash)
5.启动和启用NFS服务程序。由于在使用NFS服务进行文件共享之前,需要使用RPC(Remote Procedure Call,远程过程调用)服务将NFS服务器的IP地址和端口号等信息发送给客户端。因此,在启动NFS服务之前,还需要顺带重启并启用rpcbind服务程序,并将这两个服务一并加入开机启动项中
[root@myserver ~]# systemctl restart rpcbind
[root@myserver ~]# systemctl enable rpcbind
[root@myserver ~]# systemctl start nfs-server
[root@myserver ~]# systemctl enable nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
[root@myserver ~]# firewall-cmd --permanent --add-service=n
nfs nfs3 nmea-0183 nrpe ntp nut
[root@myserver ~]# firewall-cmd --permanent --add-service=nfs
success
[root@myserver ~]# firewall-cmd --permanent --add-service=rpc-bind
success
[root@myserver ~]# firewall-cmd --permanent --add-service=mountd
success
[root@myserver ~]# firewall-cmd --reload
showmount命令中可用的参数以及作用
参数 | 作用 |
-e | 显示NFS服务器的共享列表 |
-a | 显示本机挂载的文件资源的情况NFS资源的情况 |
-v | 显示版本号 |
[root@myserver ~]# showmount -e 192.168.1.88
Export list for 192.168.1.88:
/nfsfile (everyone)
然后在NFS客户端创建一个挂载目录。使用mount命令并结合-t参数,指定要挂载的文件系统的类型,并在命令后面写上服务器的IP地址、服务器上的共享目录以及要挂载到本地系统(即客户端)的目录。
[root@slave1 nfsfile]# mount -t nfs 192.168.1.88:/nfsfile /nfsfile
[root@slave1 nfsfile]# cd ..
[root@slave1 /]# cd nfsfile/
[root@slave1 nfsfile]# ls
readme
[root@slave1 nfsfile]# cat readme
this is a test
AutoFs自动挂载服务
autofs自动挂载服务可以帮我们解决这一问题。与mount命令不同,autofs服务程序是一种Linux系统守护进程,当检测到用户试图访问一个尚未挂载的文件系统时,将自动挂载该文件系统。换句话说,我们将挂载信息填入/etc/fstab文件后,系统在每次开机时都自动将其挂载,而autofs服务程序则是在用户需要使用该文件系统时才去动态挂载,从而节约了网络资源和服务器的硬件资源。
1.安装autofs
[root@myserver ~]# yum install -y autofs
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 0:46:11 ago on Mon 01 Feb 2021 02:03:28 AM CST.
Dependencies resolved.
=================================================================================================
Package Arch Version Repository Size
=================================================================================================
Installing:
autofs x86_64 1:5.1.4-29.el8 BaseOS 755 k
Transaction Summary
=================================================================================================
Install 1 Package
Total size: 755 k
Installed size: 3.5 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : autofs-1:5.1.4-29.el8.x86_64 1/1
Running scriptlet: autofs-1:5.1.4-29.el8.x86_64 1/1
Verifying : autofs-1:5.1.4-29.el8.x86_64 1/1
Installed products updated.
Installed:
autofs-1:5.1.4-29.el8.x86_64
Complete!
[root@myserver ~]#
2.查看编辑主配置文件
3.编辑在子配置文件中,应按照“挂载目录 挂载文件类型及权限 :设备名称”的格式进行填写。例如,要把光盘设备挂载到/media/iso目录中,可将挂载目录写为iso,而-fstype为文件系统格式参数,iso9660为光盘设备格式,ro、nosuid及nodev为光盘设备具体的权限参数,/dev/cdrom则是定义要挂载的设备名称。配置完成后再顺手将autofs服务程序启动并加入到系统启动项中:
[root@myserver ~]# vim /etc/iso.misc
iso -fstype=iso9660,ro :/dev/cdrom
[root@myserver ~]# systemctl start autofs
[root@myserver ~]# systemctl enable autofs
Created symlink /etc/systemd/system/multi-user.target.wants/autofs.service → /usr/lib/systemd/system/autofs.service.
4进入media目录查看即可
[root@myserver misc]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 969M 0 969M 0% /dev
tmpfs 984M 0 984M 0% /dev/shm
tmpfs 984M 9.6M 974M 1% /run
tmpfs 984M 0 984M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 39G 4.8G 34G 13% /
/dev/mapper/rhel-home 19G 260M 19G 2% /home
/dev/sda1 1014M 153M 862M 15% /boot
tmpfs 197M 16K 197M 1% /run/user/42
tmpfs 197M 4.6M 193M 3% /run/user/0
[root@myserver misc]# cd /media/
[root@myserver /]# cd /media
[root@myserver media]# ls
[root@myserver media]# ll
total 0
[root@myserver media]# cd iso
[root@myserver iso]# ls
AppStream EFI extra_files.json images media.repo RPM-GPG-KEY-redhat-release
BaseOS EULA GPL isolinux RPM-GPG-KEY-redhat-beta TRANS.TBL
[root@myserver iso]# pwd
/media/iso
[root@myserver iso]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 969M 0 969M 0% /dev
tmpfs 984M 0 984M 0% /dev/shm
tmpfs 984M 9.6M 974M 1% /run
tmpfs 984M 0 984M 0% /sys/fs/cgroup
/dev/mapper/rhel-root 39G 4.8G 34G 13% /
/dev/mapper/rhel-home 19G 260M 19G 2% /home
/dev/sda1 1014M 153M 862M 15% /boot
tmpfs 197M 16K 197M 1% /run/user/42
tmpfs 197M 4.6M 193M 3% /run/user/0
/dev/sr0 6.7G 6.7G 0 100% /media/iso