Good memory is not as bad as bad writing
1. Why install Samba service?
After installing the virtual machine, I found that it is not very convenient for CentOS 7 to share files with the host, so I directly installed and configured Samba to realize file sharing between win7 and CentOS 7. Samba is a very common choice: Linux runs the Samba service, and Windows accesses files shared on Linux. In scenarios where user access control is not required, the security level of the Samba service can be set to share. My requirement is to authenticate the visitor of the Samba service, so select the user security level (user). The user level requires users to provide user names and passwords when accessing samba services, and authentication is handled by the samba server. The following is done in the smbpasswd method. Because my needs are very simple, the configuration file of Samba is also very simple. Make a note here for memorization.
2. Install Samba using yum -y install samba samba-client samba-common
3. View Samba version information rpm -qi samba
[root@localhost samba]# rpm -qi samba
Name : samba
Epoch : 0
Version : 4.4.4
Release : 14.el7_3
Architecture: x86_64
Install Date: Sun Jul 23, 2017 11:24:02
Group : System Environment /Daemons
Size : 1869228
License : GPLv3+ and LGPLv3+
Signature : RSA/SHA256, Thu May 25, 2017 21:16:22, Key ID 24c6a8a7f4a80eb5
Source RPM : samba-4.4.4-14.el7_3.src.rpm
Build Date : Thu, May 25, 2017
19:35:40 Build Host : c1bm.rdu2.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
Name : samba
Epoch : 0
Version : 4.4.4
Release : 14.el7_3
Architecture: x86_64
Install Date: Sun Jul 23, 2017 11:24:02
Group : System Environment /Daemons
Size : 1869228
License : GPLv3+ and LGPLv3+
Signature : RSA/SHA256, Thu May 25, 2017 21:16:22, Key ID 24c6a8a7f4a80eb5
Source RPM : samba-4.4.4-14.el7_3.src.rpm
Build Date : Thu, May 25, 2017
19:35:40 Build Host : c1bm.rdu2.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://www.samba.org/
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
Using testparm to test, the following information appears normal
[root@localhost samba]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[SHAREDOCS]"
Processing section "[RDDOCS]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[SHAREDOCS]"
Processing section "[RDDOCS]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
4. Samba configuration
Back up the configuration file first:
cp /etc/samba/smb.conf /home/bmk/smb.conf.bak
Original content of smb.conf
1 # See smb.conf.example for a more detailed config file or
2 # read the smb.conf manpage.
3 # Run 'testparm' to verify the config is correct after
4 # you modified it.
5
6 [global]
7 workgroup = WORKGROUP
8 security = user
9
10 passdb backend = tdbsam
11
12 printing = cups
13 printcap name = cups
14 load printers = yes
15 cups options = raw
16
17 [homes]
18 comment = Home Directories
19 valid users = %S, %D%w%S
20 browseable = No
21 read only = No
22 inherit acls = Yes
23
24 [printers]
25 comment = All Printers
26 path = /var/tmp
27 printable = Yes
28 create mask = 0600
29 browseable = No
30
31 [print$]
32 comment = Printer Drivers
33 path = /var/lib/samba/drivers
34 write list = root
35 create mask = 0664
36 directory mask = 0775
Add the following at the end of the configuration file
2 # read the smb.conf manpage.
3 # Run 'testparm' to verify the config is correct after
4 # you modified it.
5
6 [global]
7 workgroup = WORKGROUP
8 security = user
9
10 passdb backend = tdbsam
11
12 printing = cups
13 printcap name = cups
14 load printers = yes
15 cups options = raw
16
17 [homes]
18 comment = Home Directories
19 valid users = %S, %D%w%S
20 browseable = No
21 read only = No
22 inherit acls = Yes
23
24 [printers]
25 comment = All Printers
26 path = /var/tmp
27 printable = Yes
28 create mask = 0600
29 browseable = No
30
31 [print$]
32 comment = Printer Drivers
33 path = /var/lib/samba/drivers
34 write list = root
35 create mask = 0664
36 directory mask = 0775
[SHAREDOCS]
path = /home/imix/share
readonly = yes
browseable = yes
guest ok = yes
[RDDOCS]
path = /home/www/default
public = no
writable = yes
write list = @www
validusers = @www
path = /home/imix/share
readonly = yes
browseable = yes
guest ok = yes
[RDDOCS]
path = /home/www/default
public = no
writable = yes
write list = @www
validusers = @www
5. Add the samba user (here I directly use a non-root user imix of the operating system)
[root@localhost samba]# smbpasswd -a imix
New SMB password:
Retype new SMB password:
Added user imix.
[root@localhost samba]# smbpasswd -e imix
Enabled user imix.
6. Restart the samba service
New SMB password:
Retype new SMB password:
Added user imix.
[root@localhost samba]# smbpasswd -e imix
Enabled user imix.
[root@localhost samba]# systemctl restart smb (service smb restart)
[root@localhost samba]#systemctl enable smb (service smb enable)
[root@localhost samba]#systemctl status smb (service smb status)
7. Access the samba service on the local system
[root@localhost samba]#systemctl enable smb (service smb enable)
[root@localhost samba]#systemctl status smb (service smb status)
Enter the IP address in the start menu, then press Enter, the local system and the virtual machine system can share files
Note: Sometimes the connection failure may be caused by the firewall
[root@base samba]# firewall-cmd --permanent --add-port=139/tcp
success
[root@base samba]# firewall-cmd --permanent --add-port=445/tcp
success
[root@base samba]# systemctl restart firewalld
success
[root@base samba]# firewall-cmd --permanent --add-port=445/tcp
success
[root@base samba]# systemctl restart firewalld
7.1
7.2
7.2
7.3
7.4. Question, there are three directories, imix and sharedocs are accessed normally, and access to rddocs requires a user name and password
Because when we configure the file, this directory access permission is the www group
42 [RDDOCS]
43 path = /home/www/default
44 public = no
45 writable = yes
46 write list = @www
47 validusers = @www
9. Create users and assign permissions
43 path = /home/www/default
44 public = no
45 writable = yes
46 write list = @www
47 validusers = @www
Create a user and assign permissions
1. Create an operating system user test (if the user already exists, you don't need to create it again)
Operation format: useradd username
For example : # useradd test
2. Modify the user's group (you need to add test to the www group inside)
operation format: usermod -aG group name user name
For example : # usermod -aG www test
The above means that the lxl user is added to the www group;
3. View user id information
For example # id lxl
uid=1002(test) gid=1002 (test) group=1002(test), 1001(www)
Note: the difference between adduser and useradd; when using the adduser command, it will add the user name, and create a group name with the same name as the user name, and add this user Add the name to your own group, and create a directory with the same name as the user name in the /home directory, and copy the contents of the /etc/skel directory to the /home/username/ directory, and prompt for a password, and Prompt to fill in the information related to this username. When the command useradd is used, it will add this username and create the same group name as the username, but it does not create a directory based on the username in the /home directory, nor does it prompt for a new password.
1. Create an operating system user test (if the user already exists, you don't need to create it again)
Operation format: useradd username
For example : # useradd test
2. Modify the user's group (you need to add test to the www group inside)
operation format: usermod -aG group name user name
For example : # usermod -aG www test
The above means that the lxl user is added to the www group;
3. View user id information
For example # id lxl
uid=1002(test) gid=1002 (test) group=1002(test), 1001(www)
Note: the difference between adduser and useradd; when using the adduser command, it will add the user name, and create a group name with the same name as the user name, and add this user Add the name to your own group, and create a directory with the same name as the user name in the /home directory, and copy the contents of the /etc/skel directory to the /home/username/ directory, and prompt for a password, and Prompt to fill in the information related to this username. When the command useradd is used, it will add this username and create the same group name as the username, but it does not create a directory based on the username in the /home directory, nor does it prompt for a new password.