"Linux in respect of such a study" Training notes _ch12_ use Samba or NFS file sharing
Finally, the article notes will post photos on the books.
The main contents of the article :
SAMBA file-sharing services
The nature of the FTP protocol is to transfer files, but not share files.
Samba is an open source file-sharing software, can be configured through simple file sharing among Windows systems and Linux systems work.
Install Samba service program: yum install -y samba.
Samba services main configuration file: /etc/samba/smb.conf.
Example 1: Before configuring Samba service, first delete the Samba service master configuration file comments and blank lines.
Grep command by adding the -v parameter (reverse selection) were all removed to the pound sign (#) and the semicolon (;) at the beginning of the line annotation information , for the remaining blank lines may be used ^ $ parameter to indicate and unselected filtered, and finally the information available parameters filtered through a redirection symbol overwritten to the original file name.
cd / etc / samba CAT smb.conf # filter before the comment line and blank lines, see the main samba configuration file, there are more than 300 rows mv smb.conf # smb.conf_bak the main configuration file smb.conf samba rename smb.conf_bak grep -v " # " smb.conf_bak | grep -v " ; " | grep -v " ^ $ " > smb.conf # filter out smb.conf_bak file comment lines and blank lines, then the remaining messages are redirected to smb.conf CAT smb.conf # view filter smb.conf file comment lines and blank lines, only 20 lines.
Samba service program parameters and effect:
| [global] | # Global parameters. | |
| workgroup = MyGroup | # Workgroup name | |
| server string = Samba Server Version %v | # Server provides information,% v parameter to display the version number of SMB | |
| log file = /var/log/samba/log.%m | # Define storage location and name of the log file parameter% m for visiting hostname | |
| max log size = 50 | # Define the maximum capacity of the log file is 50KB | |
| security = user | # Secure authentication mode, a total of four kinds | |
| #share: visiting the host without authentication password; more convenient, but poor security | ||
| #user: visitors need to verify the password provided by the host before they can access; improved security | ||
| #server: use a separate remote host authentication password provided by visiting the host (centralized management accounts) | ||
| #domain: using a domain controller for authentication | ||
| passdb backend = tdbsam | # Define user types the background, there are three kinds | |
| #smbpasswd: set a password using the smbpasswd command Samba service program for users of the system | ||
| #tdbsam: Create a database file and build Samba daemon uses user command pdbedit | ||
| #ldapsam: perform account verification service based on LDAP | ||
| load printers = yes | # Set whether to share the printer device in the Samba service starts | |
| cups options = raw | # Printer Options | |
| [homes] | # Shared parameters | |
| comment = Home Directories | #Description | |
| browseable = no | # Specify the shared information is visible in the "Network Neighborhood" | |
| writable = yes | # Define whether the write operation can be performed, and "read only" contrary | |
| [printers] | # Printer sharing parameters | |
| comment = All Printers | ||
| path = /var/spool/samba | Actual path (important) # shared files. | |
| browseable = no | ||
| guest ok = no | # Whether visible to everyone, it is equivalent to the "public" parameter. | |
| writable = no | ||
| printable = yes | ||
Configure shared resources
Samba service program's main configuration file includes global and regional configuration parameters configuration parameters. Global configuration parameter sets the overall resource sharing environment, is valid for each individual shared resource inside. Area configuration parameter is used to set individual shared resource, and is only valid for the resources.
Used to set parameters and the role of Samba service program
| parameter | effect |
| [share_dir] | Shared folder name. share_dir |
| comment = heheda | Note the contents of the shared folder. heheda |
| path = /home/niubi | Shared folder in Linux actual directory. / Home / niubi |
| public = no | Close "visible to everyone" |
| writable = yes | Allowing a write operation |
In RHEL 7 system, Samba service program is used by default user password authentication mode (user). This authentication model can ensure that only allows users to have passwords and trusted access to shared resources, and the verification process is very simple.
Will cause the file to be used when a user password authentication mode, you must create an account information database, and these accounts must already exist in the current system, but the password does not have to correspond to the same account password (can be empty) with the system, or in the future to create a file property rights confusion, which caused the error.
pdbedit command: SMB service program for managing account information database format: pdbedit [Options] account. Need to use once the account information is written to the database in the first -a parameter, change your password after performing, you no longer need this parameter when deleting accounts and other operations.
pdbedit command parameters used and the role:
| parameter | effect |
| -a username | Establish Samba user |
| -x username | Delete Samba users |
| -L | Lists the user list |
| -Lv | List lists user details |
Example 2: 1 basis instance, configure samba service shared folder.
#1.创建用于访问共享资源的账户信息。账户必须在当前系统已经存在 id linuxprobe #确认用户linuxprobe是否存在 pdbedit -a -u linuxprobe #生成账户信息数据库,添加一名用户,以供samba共享文件夹的登录验证 new password:此处输入该账户在Samba服务数据库中的密码 retype new password:再次输入密码进行确认 #2.创建用于共享资源的文件目录。在创建时,不仅要考虑到文件读写权限的问题,还需要考虑应用于该目录的SELinux安全上下文所带来的限制。 mkdir /home/niubi chown -Rf linuxprobe:linuxprobe /home/niubi semanage fcontext -a -t samba_share_t /home/niubi restorecon -Rv /home/niubi #3。设置SELinux服务与策略,使其允许通过Samba服务程序访问普通用户家目录。 getsebool -a | grep samba setsebool -P samba_enable_home_dirs on #4.在Samba服务程序的主配置文件中,追加共享文件夹配置参数信息。 vim /etc/samba/smb.conf ... [share_dir] comment = heheda path = /home/niubi public = no writable = yes #5.重启Samba服务并加入开机启动项。为避免防火墙妨碍,清空iptables防火墙。 systemctl restart smb systemctl enable smb iptables -F service iptables save
Windows挂载共享
要在Windows系统中访问共享资源,只需在Windows的“运行”命令框中输入两个反斜杠,然后再加服务器的IP地址即可。输入上面实例用于samba验证的帐号密码,登录进去后的共享文件夹的效果:
在RHEL 7系统中,Samba服务程序使用的是独立的账户信息数据库。所以,即便Samba服务程序使用的账户名字必须是Linux系统中已存在的用户,但两者的帐号密码是独立的,要分清楚各自所对应的密码。
Linux挂载共享
Samba服务程序还可以实现Linux系统之间的文件共享。
Linux客户端需要安装支持文件共享服务的软件包:yum install -y cifs-utils
实例3:在实例2基础上,实现Linux客户端挂载Samba服务的共享文件夹。
#1.按照Samba服务的用户名、密码、共享域的顺序将相关信息写入到一个认证文件中,降低文件权限提高安全性。 vim /root/auth.smb username=linuxprobe #samba账户 password=redhat #samba账户密码 domain=MYGROUP #与samba主配置文件中的对应参数要一致 chmod -Rf 600 auth.smb #2.创建一个用于挂载Samba服务共享资源的目录,并把挂载信息写入到/etc/fstab文件中以永久挂载。 mkdir /liwh vim /etc/fstab ... //192.168.10.10/share_dir /liwh cifs credentials=/root/auth.smb 0 0 #把服务端的共享文件夹挂载到客户端的/liwh目录里,共享文件夹格式为cifs,权限设置为以认证文件进行验证 mount -a
客户端进入到挂载目录/liwh后就可以对目录里的文件进行增删改操作了。
NFS网络文件系统
凡是Linux之间的文件共享都涉及到挂载步骤。
NFS(网络文件系统)服务专用于Linux系统主机之间的文件共享,它可以将远程Linux系统上的文件共享资源挂载到本地主机的目录上,从而使得本地主机(Linux客户端)基于TCP/IP协议,像使用本地主机上的资源那样读写远程Linux系统上的共享文件。
RHEL 7系统中默认已经安装了NFS服务,安装nfs:yum install -y nfs-utils。
NFS服务程序的配置文件为/etc/exports,默认情况下里面没有任何内容。可以按照“共享目录的路径 允许访问的NFS客户端(共享权限参数)”的格式,定义要共享的目录与相应的权限。
用于配置NFS服务程序配置文件的参数:
| 参数 | 作用 |
| ro | 只读 |
| rw | 读写 |
| root_squash | 当NFS客户端以root管理员访问时,映射为NFS服务器的匿名用户 |
| no_root_squash | 当NFS客户端以root管理员访问时,映射为NFS服务器的root管理员 |
| all_squash | 无论NFS客户端使用什么账户访问,均映射为NFS服务器的匿名用户 |
| sync | 同时将数据写入到内存与硬盘中,保证不丢失数据 |
| async | 优先将数据保存到内存,然后再写入硬盘;这样效率更高,但可能会丢失数据 |
服务端192.168.10.10配置:
#1.清空iptables防火墙策略,永久保存。 iptables -F service iptables save #2.建立用于NFS文件共享的目录,并设置足够的权限确保其他人也有写入权限。 mkdir /nfsfile chmod -Rf 777 /nfsfile echo "welcome to linuxprobe.com" > /nfsfile/test.txt #3.编辑NFS服务程序的配置文件/etc/exports,把/nfsfile目录共享给192.168.10.0/24网段内的所有主机,让这些主机都拥有读写权限。 vim /etc/exports /nfsfile 192.168.10.*(rw,sync,root_squash) #NFS客户端地址与权限之间没有空格 #4.重启rpcbind和nfs服务程序,并将它们加入开机启动项。(在使用NFS服务进行文件共享之前,需要使用RPC服务将NFS服务器的IP地址和端口号等信息发送给客户端) systemctl restart rpcbind systemctl enable rpcbind systemctl start nfs-server systemctl enable nfs-server
客户端192.168.10.20配置:
showmount -e 192.168.10.10 #使用showmount命令查询NFS服务器的远程共享信息,输出结果:/nfsfile 192.168.10.*
mkdir /liwh vim /etc/fstab ... 192.168.10.10:/nfsfile /liwhnfs defaults 0 0 #留意共享文件夹目录的书写格式和Samba是不同的,目录格式也不同。
mount -a
showmount命令:用于查询NFS服务器的远程共享信息。格式:showmount [选项] [ip地址]输出格式为“共享的目录名称 允许使用客户端地址”。
showmount命令中可用的参数以及作用
| 参数 | 作用 |
| -e | 显示NFS服务器的共享列表 |
| -a | 显示本机挂载的文件资源的情况NFS资源的情况 |
| -v | 显示版本号 |
AutoFs自动挂载服务
无论是Samba服务还是NFS服务,都要把挂载信息写入到/etc/fstab中,这样远程共享资源就会自动随服务器开机而进行挂载。虽然方便,但是如果挂载的远程资源太多,则会给网络带宽和服务器的硬件资源带来很大负载。如果在资源挂载后长期不使用,也会造成服务器硬件资源的浪费。
autofs自动挂载服务与mount命令不同,autofs服务程序是一种Linux系统守护进程,当检测到用户试图访问一个尚未挂载的文件系统时,将自动挂载该文件系统。
mount命令与autofs服务的区别:
- 将挂载信息填入/etc/fstab文件后,系统在每次开机时都自动将其挂载;
- autofs服务程序在用户需要使用该文件系统时才去动态挂载,从而节约网络资源和服务器的硬件资源。
安装autofs自动挂载服务:yum install -y autofs。
autofs服务的主配置文件:/etc/auto.master。记录要自动挂载的目录和对应的子配置文件。更加详细具体的挂载目录内的挂载设备信息则记录在用户自定义的子配置文件中。子配置文件后缀必须为.misc。
autofs服务的子配置文件应按照“挂载目录 挂载文件类型及权限 主机ip地址:设备名称”的格式进行填写。
例如:iso -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
把本机光盘设备挂载到/media/iso目录中,可将挂载目录写为iso(上级目录写在主配置文件中),而-fstype为文件系统格式参数,iso9660为光盘设备格式,ro、nosuid及nodev为光盘设备具体的权限参数,/dev/cdrom则是定义要挂载的设备名称。
实例4:在实例3基础上,在客户端安装autofs服务,实现对服务端的nfs共享目录的自动挂载。
#1.编辑autofs主编辑文件,指定设备挂载位置的上一级目录和对应的子配置文件。 vim /etc/auto.master ... /nice /etc/test.misc ... #2.编辑自定义的autofs子配置文件test.misc。 vim /etc/test.misc nice -fstype=nfs,rw,nosuid,nodev 192.168.10.10:/nfsfile #3.重启autofs服务并加入开机启动项 systemctl restart autofs systemctl enable autofs
当用df -h查看设备挂载情况时,确认共享目录没有被挂载上,而且/nice目录里根本不存在test目录,但却可以使用cd命令进入test目录中,说明autofs服务配置成功。
书本笔记
