Samba 类unix和windows之间的共享,可实现linux+linux和linux和windows之间共享
安装
[root@130 ~]# yum install samba -y
samba涉及的两个服务
smb tcp 139 445 现在的windows操作系统
nmb udp 137 138 兼容古老的操作系统,例如95、98 已淘汰
启动并设置开机自启
[root@130 ~]# systemctl start smb
[root@130 ~]# systemctl enable smb.
设置防火墙
[root@130 ~]# firewall-cmd --add-service=samba
success
重启之后生效
[root@130 ~]# firewall-cmd --add-service=samba --permanent
success
配置文件
[root@130 ~]# cd /etc/samba/
[root@130 samba]# ls
lmhosts smb.conf
配置文件结构
[root@130 samba]# egrep -v '(#|;|^$)' /etc/samba/smb.conf
workgroup = MYGROUP # 想让Windows和Linux共享必须组名相同
server string = Samba Server Version %v #Samba版本
log file = /var/log/samba/log.%m #日志文件
max log size = 50 #超过最大,日志会回滚
security = user #Samba的用户必须是系统中已经存在的用户,密码可以和系统用户不同
passdb backend = tdbsam
load printers = yes
cups options = raw
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
查看samba是否存在用户和密码
[root@130 ~]# pdbedit -L
[root@130 ~]#
创建samba用户
samba用户必须是系统中已经存在的用户,但密码可以和系统密码不一样
[root@130 ~]# useradd tom
[root@130 ~]# echo 123456 | passwd --stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
[root@130 ~]# id tom
uid=1000(tom) gid=1000(tom) groups=1000(tom)
[root@130 ~]# useradd jack
[root@130 ~]# echo 123456 | passwd --stdin jack
Changing password for user jack.
passwd: all authentication tokens updated successfully.
[root@130 ~]# id jack
uid=1001(jack) gid=1001(jack) groups=1001(jack)
给samba用户设置密码
查看需要的命令
[root@130 ~]# yum whatprovides */smbpasswd
Loaded plugins: product-id, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
myrepo/filelists_db | 3.0 MB 00:00
freeradius-3.0.1-6.el7.x86_64 : High-performance and highly
: configurable free RADIUS server
Repo : myrepo
Matched from:
Filename : /etc/raddb/mods-available/smbpasswd
samba-client-4.1.1-31.el7.x86_64 : Samba client programs
Repo : myrepo
Matched from:
Filename : /usr/bin/smbpasswd
[root@130 ~]# yum install samba-client -y
添加tom为samba用户
[root@130 ~]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
修改密码
[root@130 ~]# smbpasswd tom
New SMB password:
禁用用户
[root@130 ~]# smbpasswd -d tom
Disabled user tom.
启用用户
[root@130 ~]# smbpasswd -e tom
Enabled user tom.
删除用户
[root@130 ~]# smbpasswd -x tom
Deleted user tom.
[root@130 ~]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
[root@130 ~]# smbpasswd -a jack
New SMB password:
Retype new SMB password:
Added user jack.
查看smaba用户
[root@130 ~]# pdbedit -L
jack:1001:
tom:1000:
window端测试
![]
此时无法访问家目录
修改selinux的上下文
[root@130 ~]# setsebool -P samba_enable_home_dirs on
linux端测试
[root@132 ~]# yum install samba-client -y
[root@132 ~]# smbclient -L //192.168.85.130 -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@132 ~]# smbclient //192.168.85.130/jack -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Mon Mar 16 05:23:23 2020
.. D 0 Mon Mar 16 05:23:23 2020
.bash_logout H 18 Wed Jan 29 20:45:18 2014
.bash_profile H 193 Wed Jan 29 20:45:18 2014
.bashrc H 231 Wed Jan 29 20:45:18 2014
35836 blocks of size 524288. 34068 blocks available
smb: \> quit
自动共享家目录的原因是因为配置文件
[homes]
comment = Home Directories
browseable = no
writable = yes
如何共享一下目录/zz /test
[root@130 ~]# mkdir /test
[root@130 ~]# mkdir /zz
[root@130 ~]# vim /etc/samba/smb.conf
[test]
comment = test
path = /test
[zz-test]
comment = zz-test
path = /zz
[root@130 ~]# systemctl restart smb
出现zz-test文件,此时发现zz-test根本访问不了,修改上下文
[root@130 ~]# chcon -R -t samba_share_t /zz
ZZ-試験はこの時点でアクセスすることができます
linux端测试
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> quit
zz-test右击新建是写不进去的
[zz-test]
comment = zz-test
path = /zz
writable = yes
[root@130 ~]# systemctl restart smb
または書き込み行きません
如果以后我们配置了某个服务,然后从客户端上往这个服务里写东西
但是写不进去,我们应该从以下3个方面进行检查:
1、服务器的配置是否开启了写权限
2、文件系统是否具有写权限
3、selinux(上下文|布尔值)
查看文件系统权限
[root@130 ~]# groups tom
tom : tom
[root@130 ~]# ls -ld /zz
drwxr-xr-x. 2 root root 6 Mar 15 18:30 /zz
添加写权限
[root@localhost ~]# chmod o+w /zz
[root@130 ~]# chmod o+w /zz
[root@130 ~]# ls -ld /zz
drwxr-xrwx. 2 root root 6 Mar 15 18:30 /zz
此时windows端可以正常写入
linux测试也可以
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir test11
smb: \> ls
. D 0 Mon Mar 16 06:30:03 2020
.. D 0 Mon Mar 16 06:34:34 2020
新建文件夹 D 0 Mon Mar 16 06:45:15 2020
test11 D 0 Mon Mar 16 06:46:42 2020
35836 blocks of size 524288. 33925 blocks available
是否可以实现部分用户可写?
1、writable = yes
文件系统都允许写,通过配置文件来限制
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
[root@130 ~]# systemctl restart smb
此时windows上用tom用户测试可以写
linux端用jack用户测试是写不进去的,因为配置文件不允许jack写
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir t
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \t
运行多个用户用","隔开
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom,jack
[root@130 ~]# systemctl restart smb
此时jack用户可以写了
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir jacktest
# write list = @tom,@jack 允许tom组和jack组写
2、允许所有的客户端都是可写的,从文件系统更改
[zz-test]
comment = zz-test
path = /zz
writable = yes
write list = tom
[root@130 ~]# systemctl restart smb
[root@130 ~]# chmod o-w /zz
[root@130 ~]# systemctl restart smb
现在允许jack可写
[root@130 ~]# setfacl -m u:jack:rwx /zz
此时linux端jack用户可以写
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> mkdir jack1
此时windows端tom用户无权限
还原
[root@130 ~]# setfacl -x u:jack /zz
[root@130 ~]# chmod o+w /zz/
凡是出现在hosts allow的都是允许的,没有出现在hosts allow的都是拒绝的
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
hosts allow = 192.168.85.132 只允许访问的地址
[root@130 ~]# systemctl restart smb
此时windows 访问不成功,linux可以访问
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \>
凡是出现在deny的都是拒绝的,没有出现在deny的都是允许的
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
hosts deny = 192.168.85.132
[root@130 ~]# systemctl restart smb
此时windows可以访问,linux被拒绝
[root@132 ~]# smbclient //192.168.85.130/zz-test -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
隐藏共享browseable
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
browseable = no
[root@130 ~]# systemctl restart smb
重启后看不到隐藏文件
[root@132 ~]# smbclient -L //192.168.85.130/ -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
test Disk test
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
想实现指定某用户看到隐藏文件,给特定的用户设置配置文件
config file =/etc/samba/smb.conf.%U
[root@130 ~]# cd /etc/samba/
[root@130 samba]# cp smb.conf smb.conf.tom
[root@130 samba]# vim smb.conf.tom
[zz-test]
comment = zz-test
path = /zz
writable = no
write list = tom
browseable = yes
[root@130 ~]# systemctl restart smb
此时使用tom用户可以看到隐藏文件,jack看不到隐藏文件
[root@132 ~]# smbclient -L //192.168.85.130/ -U jack%redhat
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
test Disk test
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
jack Disk Home Directories
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------