Linux網絡文件共享服務之smaba
1、SAMBA服務簡介linux
samba是1991年由Andrew Tridgel開發實現,主要用於Windows和unix文件共享。samba實現了共享文件和打印,實如今線編輯,登陸SAMBA用戶的身份認證,能夠進行NetBIOS名稱解析和外圍設備共享。相關的軟件包有samba,這個包主要提供smb服務。smb是Server Message Block的縮寫意思是服務器消息塊,IBM發佈,最先是DOS網絡文件共享協議。samba-client這個軟件包是客戶端軟件,samba-common通用軟件包 ,cifs-utils 也是smb客戶端工具 ,samba-winbind 這個包主要有和Windows AD域相關的組件;samba服務相關進程有兩個,一個是smbd 提供smb(cifs)服務 監聽在TCP的139和445端口。另一個和名稱解析相關nmbd NetBIOS名稱解析默認工做在UDP的137和138。若是咱們訪問的samba服務器不用名稱解析,nmbd這個服務是能夠不用開的。samba的主配置文件是/etc/samba/smb.conf,配置文件的幫助文檔可使用man smb.conf 來查看。samba同apache相似,它也有配置文件語法檢測的工具: testparm [-v] [/etc/samba/smb.conf],默認狀況它不須要跟samba的配置文件路徑。samba除了服務端工具,還提供了客戶端工具,如smbclient,mount.cifs;cifs是common internet file system的縮寫,咱們能夠理解爲它是SMB的升級協議,由微軟實現。ios
2、SAMBA服務配置文件說明shell
/etc/samba/smb.conf繼承了.ini文件的格式,用[ ]分紅了不一樣的部分,其中全局設置是[global]語句下設置,這裏主要設置服務器的通用或全局配置,除了全局配置,還有特定目錄共享的設置如[homes] 用戶的家目錄共享,[printers] 定義打印機資源和服務,[sharename] 自定義的共享目錄配置,固然自定義目錄中括號的名字就是咱們共享出來的目錄名稱,這個名稱是能夠和共享目錄的名稱不同,它其實就是給恭喜那個目錄起了一個名字而已。/etc/samba/smb.conf這個文件中以井號和分號開始的都是註釋,中括號中的名稱大小寫不敏感。數據庫
配置文件宏定義apache
%m:客戶端主機的NetBIOS名vim
%H:當前用戶家目錄路徑windows
%g:當前用戶所屬組centos
%L:samba服務器的NetBIOS名安全
%T:當前日期和時間bash
%M:客戶端主機的FQDN
%U:當前用戶用戶名
%h:samba服務器的主機名
%I(大寫i):客戶端主機的IP
%S:可登陸的用戶名
2.一、SAMBA服務器全局配置指令說明
workgroup 指定工做組名稱
server string 主機註釋信息
netbios name 指定NetBIOS名
interfaces 指定服務偵聽接口和IP
hosts allow 可用「,」 ,空格,或tab分隔,默認容許全部主機訪問,也可在每一個共享獨立配置,如在[global]設置,將應用並覆蓋全部共享設置
IPv4 network/prefix: 172.25.0.0/24 IPv4前綴: 172.25.0.
IPv4 network/netmask: 172.25.0.0/255.255.255.0
主機名: desktop.example.com
以example.com後綴的主機名: .example.com
示例:
hosts allow = 172.25.
hosts allow = 172.25. .example.com
hosts deny 拒絕指定主機訪問
config file=/etc/samba/conf.d/%U 用戶獨立的配置文件
Log file=/var/log/samba/log.%m 不一樣客戶機採用不一樣日誌
log level = 2 日誌級別,默認爲0,不記錄日誌
max log size=50 日誌文件達到50K,將輪循rotate,單位KB
Security三種認證方式:
share:匿名(CentOS7再也不支持)
user:samba用戶(採有linux用戶,samba的獨立口令)
domain:使用DC(DOMAIN CONTROLLER)認證
passdb backend = tdbsam 密碼數據庫格式;samba用戶必須是Linux用戶,爲了安全建議使用/sbin/nologin的shell類型
3、安裝、配置和使用SAMBA服務
一、安裝
[root@test ~]# yum install samba -y ……省略部分類容 Installed: samba.x86_64 0:4.6.2-8.el7 Dependency Installed: avahi-libs.x86_64 0:0.6.31-17.el7 cups-libs.x86_64 1:1.6.3-29.el7 libldb.x86_64 0:1.1.29-1.el7 libtalloc.x86_64 0:2.1.9-1.el7 libtdb.x86_64 0:1.3.12-2.el7 libtevent.x86_64 0:0.9.31-1.el7 libwbclient.x86_64 0:4.6.2-8.el7 pytalloc.x86_64 0:2.1.9-1.el7 samba-client-libs.x86_64 0:4.6.2-8.el7 samba-common.noarch 0:4.6.2-8.el7 samba-common-libs.x86_64 0:4.6.2-8.el7 samba-common-tools.x86_64 0:4.6.2-8.el7 samba-libs.x86_64 0:4.6.2-8.el7 Complete! [root@test ~]# rpm -qf /etc/samba/smb.conf samba-common-4.6.2-8.el7.noarch [root@test ~]#
說明:安裝samba服務默認會安裝一些依賴的工具包,如上所示,其中配置文件/etc/samba/smb.conf文件就來自samba-common這個包。
二、配置目錄共享
[root@test ~]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[share]
comment = this is test share
path = /data/smb_dir
[root@test ~]#
說明:以上配置在原有的配置文件中新加了一個[share]語句塊,它表示把/data/smb_dir目錄共享出去,而且共享出去的名字叫share。
[root@test ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = SAMBA
printcap name = cups
security = USER
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
browseable = No
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[printers]
comment = All Printers
path = /var/tmp
browseable = No
printable = Yes
create mask = 0600
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
create mask = 0664
directory mask = 0775
write list = root
[share]
comment = this is test share
path = /data/smb_dir
[root@test ~]#
說明:語法檢查沒有問題後,新建目錄,而後再重啓服務
[root@test ~]# mkdir /data/smb_dir -p [root@test ~]# systemctl restart smb [root@test ~]#
說明:到此咱們就把一個目錄給共享出來了,接下來咱們用smbclients工具來查看共享出來的目錄狀況
[root@test ~]# smbclient -L 192.168.0.10
Enter SAMBA\root's password:
Anonymous login successful
OS=[Windows 6.1] Server=[Samba 4.6.2]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share Disk this is test share
IPC$ IPC IPC Service (Samba 4.6.2)
Anonymous login successful
OS=[Windows 6.1] Server=[Samba 4.6.2]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@test ~]#
說明:-L選項表示列出指定主機上的共享文件列表,一般狀況後面沒有指定用戶和密碼,表示匿名用戶;固然後面也能夠用-U指定用戶名%指定密碼,以下所示
[root@test ~]# smbclient -L 192.168.0.232 -U qiuhom%...
Domain=[QIUHOM] OS=[Windows 7 Ultimate 7601 Service Pack 1] Server=[Windows 7 Ultimate 6.1]
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk 遠程管理
C$ Disk 默認共享
D$ Disk 默認共享
IPC$ IPC 遠程 IPC
print$ Disk 打印機驅動程序
Share Disk
Connection to 192.168.0.232 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
[root@test ~]#
三、管理SAMBA用戶
添加samba用戶
[root@test ~]# useradd -s /sbin/nologin sambauser1 [root@test ~]# useradd -s /sbin/nologin sambauser2 [root@test ~]# smbpasswd -a sambauser1 New SMB password: Retype new SMB password: Added user sambauser1. [root@test ~]# smbpasswd -a sambauser2 New SMB password: Retype new SMB password: Added user sambauser2. [root@test ~]#
說明:samba服務的用戶必須是Linux系統的用戶,若是不Linux系統不存在用戶,用smbpasswd 這個命令是添加不上用戶的。爲了Linux系統的安全,這兩個帳號都只用於登陸samba服務,所用shell類型給修改爲/sbin/nologin是比較安全的;除此以外,添加用戶也能夠用pdbedit命令來添加,以下所示
[root@test ~]# useradd -s /sbin/nologin sambauser3 [root@test ~]# pdbedit -a -u sambauser3 new password: retype new password: Unix username: sambauser3 NT username: Account Flags: [U ] User SID: S-1-5-21-1369552498-1030126791-3625437691-1002 Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513 Full Name: Home Directory: \\test\sambauser3 HomeDir Drive: Logon Script: Profile Path: \\test\sambauser3\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 23:06:39 CST Kickoff time: Wed, 06 Feb 2036 23:06:39 CST Password last set: Wed, 29 Jan 2020 02:15:48 CST Password can change: Wed, 29 Jan 2020 02:15:48 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [root@test ~]#
說明:用pdbedit添加用戶 能夠看到用戶帳號的信息
修改用戶密碼
[root@test ~]# smbpasswd sambauser1 New SMB password: Retype new SMB password: [root@test ~]#
說明:修改用戶密碼直接跟要修改密碼的用戶名便可,不須要指定選項
查看samba用戶列表
[root@test ~]# pdbedit -L sambauser1:1002: sambauser3:1004: sambauser2:1003: [root@test ~]# pdbedit -L -v --------------- Unix username: sambauser1 NT username: Account Flags: [U ] User SID: S-1-5-21-1369552498-1030126791-3625437691-1000 Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513 Full Name: Home Directory: \\test\sambauser1 HomeDir Drive: Logon Script: Profile Path: \\test\sambauser1\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 23:06:39 CST Kickoff time: Wed, 06 Feb 2036 23:06:39 CST Password last set: Wed, 29 Jan 2020 02:17:38 CST Password can change: Wed, 29 Jan 2020 02:17:38 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- Unix username: sambauser3 NT username: Account Flags: [U ] User SID: S-1-5-21-1369552498-1030126791-3625437691-1002 Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513 Full Name: Home Directory: \\test\sambauser3 HomeDir Drive: Logon Script: Profile Path: \\test\sambauser3\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 23:06:39 CST Kickoff time: Wed, 06 Feb 2036 23:06:39 CST Password last set: Wed, 29 Jan 2020 02:15:48 CST Password can change: Wed, 29 Jan 2020 02:15:48 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --------------- Unix username: sambauser2 NT username: Account Flags: [U ] User SID: S-1-5-21-1369552498-1030126791-3625437691-1001 Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513 Full Name: Home Directory: \\test\sambauser2 HomeDir Drive: Logon Script: Profile Path: \\test\sambauser2\profile Domain: TEST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 23:06:39 CST Kickoff time: Wed, 06 Feb 2036 23:06:39 CST Password last set: Wed, 29 Jan 2020 02:08:54 CST Password can change: Wed, 29 Jan 2020 02:08:54 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [root@test ~]#
說明:-L表示列出帳號列表,-v表示列出帳號的詳細信息
刪除用戶和密碼
[root@test ~]# smbpasswd -x sambauser3 Deleted user sambauser3. [root@test ~]# pdbedit -L sambauser1:1002: sambauser2:1003: [root@test ~]# pdbedit -x -u sambauser2 [root@test ~]# pdbedit -L sambauser1:1002: [root@test ~]#
說明:smbpasswd和pdbedit兩個命令都是能夠刪除用戶的,二者的區別是smbpasswd命令刪除用戶後要提示,pdbedit不提示
用新建的用戶去鏈接samba服務
[root@test ~]# smbclient //192.168.0.10/share -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 01:52:43 2020
.. D 0 Wed Jan 29 01:52:43 2020
48209924 blocks of size 1024. 45019976 blocks available
smb: \>
說明:smbclient 這個命令行工具同FTP命令行工具相似,用法都差很少。在Windows上使用就須要用UNC路徑,它的格式是\\sambserver\sharename 以下所示
測試新建的sambauser1權限
[root@test ~]# ls
[root@test ~]# cp /etc/fstab ./f1
[root@test ~]# ls
f1
[root@test ~]# smbclient //192.168.0.10/share -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 01:52:43 2020
.. D 0 Wed Jan 29 01:52:43 2020
48209924 blocks of size 1024. 45019800 blocks available
smb: \> !ls
f1
smb: \> put f1
NT_STATUS_ACCESS_DENIED opening remote file \f1
smb: \> ls
. D 0 Wed Jan 29 01:52:43 2020
.. D 0 Wed Jan 29 01:52:43 2020
48209924 blocks of size 1024. 45019800 blocks available
smb: \> q
[root@test ~]#
說明:咱們往共享出來的目錄裏上傳f1文件,它提示咱們訪問拒絕。這是由於說明呢?是咱們的帳號權限不對?仍是文件系統權限不對? 這樣,咱們把共享出來的目錄權限改爲777權限,而後在上傳文件看看能夠上傳上去不?這樣就能夠排除出究竟是帳號權限不夠仍是共享目錄的權限太嚴格
[root@test ~]# ll -d /data/smb_dir/
drwxr-xr-x 2 root root 16 Jan 29 03:26 /data/smb_dir/
[root@test ~]# chmod 777 /data/smb_dir/
[root@test ~]# ll -d /data/smb_dir/
drwxrwxrwx 2 root root 16 Jan 29 03:26 /data/smb_dir/
[root@test ~]# smbclient //192.168.0.10/share -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 03:28:39 2020
.. D 0 Wed Jan 29 01:52:43 2020
48209924 blocks of size 1024. 45019872 blocks available
smb: \> !ls
f1
smb: \> put f1
NT_STATUS_ACCESS_DENIED opening remote file \f1
smb: \> q
[root@test ~]#
說明:咱們把共享出來的目錄權限修改爲777後仍是不能正常上傳,這是爲何呢 ? 其實咱們拿sambauser1這個用戶去登陸samba服務器的時候,它默認是用Linux系統上的sambauser1這個用的權限去訪問共享目錄。因此咱們在共享目錄上不用給777,給sambauser1有讀寫執行權限就行了。它這裏不能上傳說明不是文件系統自己權限致使了,是由於samba服務共享出來默認權限是隻讀權限,因此咱們要在配置文件中明卻告訴samba服務,咱們共享出來的目錄是容許寫的;接下來修改共享目錄的權限爲755,而後給sambauser1讀寫執行權限,而後在配置文件中明確指定共享目錄可寫
[root@test ~]# ll -d /data/smb_dir/
drwxrwxrwx 2 root root 6 Jan 29 03:28 /data/smb_dir/
[root@test ~]# chmod 755 /data/smb_dir/
[root@test ~]# ll -d /data/smb_dir/
drwxr-xr-x 2 root root 6 Jan 29 03:28 /data/smb_dir/
[root@test ~]# setfacl -m u:sambauser1:rwx /data/smb_dir/
[root@test ~]# getfacl /data/smb_dir/
getfacl: Removing leading '/' from absolute path names
# file: data/smb_dir/
# owner: root
# group: root
user::rwx
user:sambauser1:rwx
group::r-x
mask::rwx
other::r-x
[root@test ~]# tail /etc/samba/smb.conf
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[share]
comment = this is test share
path = /data/smb_dir
read only=No
[root@test ~]# systemctl restart smb
[root@test ~]#
說明:咱們把共享目錄的權限給sambauser1讀寫執行權限,並在samba的配置文件中明確配置了共享目錄read only=No ,這個選項和writable=yes是同樣的意思,任意選一個都表示可寫,接下來咱們再來測試是否可正常上傳文件
[root@test ~]# smbclient //192.168.0.10/share -U sambauser1%admin
main=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 03:28:39 2020
.. D 0 Wed Jan 29 01:52:43 2020
48209924 blocks of size 1024. 45019860 blocks available
smb: \> !ls
f1
smb: \> put f1
putting file f1 as \f1 (97.8 kb/s) (average 97.9 kb/s)
smb: \> ls
. D 0 Wed Jan 29 03:42:51 2020
.. D 0 Wed Jan 29 01:52:43 2020
f1 A 501 Wed Jan 29 03:42:51 2020
48209924 blocks of size 1024. 45019724 blocks available
smb: \> q
[root@test ~]# ls /data/smb_dir/
f1
[root@test ~]# ll /data/smb_dir/
total 4
-rwxr--r-- 1 sambauser1 sambauser1 501 Jan 29 03:42 f1
[root@test ~]#
說明:能夠看到咱們把f1文件已經成功上傳上去了,在共享的真正目錄裏也看到了f1文件,可是上傳上去的權限有點不對,咱們但願上傳到服務器上的文件不擁有執行權限。咱們若是要對上傳和新建的文件和目錄有權限的限制,還須要在配置文件中指定,新建文件的權限和目錄的權限
[root@test ~]# tail -6 /etc/samba/smb.conf
[share]
comment = this is test share
path = /data/smb_dir
read only=No
create mask=0644
directory mask=0755
[root@test ~]# systemctl restart smb
[root@test ~]# smbclient //192.168.0.10/share -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:03:19 2020
.. D 0 Wed Jan 29 03:58:37 2020
48209924 blocks of size 1024. 45019496 blocks available
smb: \> !ls
f1 passwd
smb: \> mput f1 passwd
Put file f1? y
putting file f1 as \f1 (122.3 kb/s) (average 122.3 kb/s)
Put file passwd? y
putting file passwd as \passwd (645.0 kb/s) (average 296.5 kb/s)
smb: \> mkdir newdir
smb: \> ls
. D 0 Wed Jan 29 04:04:10 2020
.. D 0 Wed Jan 29 03:58:37 2020
f1 N 501 Wed Jan 29 04:04:02 2020
passwd N 1321 Wed Jan 29 04:04:03 2020
newdir D 0 Wed Jan 29 04:04:10 2020
48209924 blocks of size 1024. 45019436 blocks available
smb: \> q
[root@test ~]# ll /data/smb_dir/
total 8
-rw-r--r-- 1 sambauser1 sambauser1 501 Jan 29 04:04 f1
drwxr-xr-x 2 sambauser1 sambauser1 6 Jan 29 04:04 newdir
-rw-r--r-- 1 sambauser1 sambauser1 1321 Jan 29 04:04 passwd
[root@test ~]#
說明:咱們在配置文件中給指定共享目錄裏明確指定新建文件的權限和目錄權限後,上傳和新建目錄的權限就沒有問題了
基於特定用戶和組的共享
[root@test ~]# tail -6 /etc/samba/smb.conf
[share2]
path=/data/smb_dir2
writeable=no
valid users=sambauser2,sambauser3
browseable=no
write list=sambauser2
[root@test ~]# mkdir /data/smb_dir2
[root@test ~]# getent passwd sambauser2
sambauser2:x:1003:1003::/home/sambauser2:/sbin/nologin
[root@test ~]# getent passwd sambauser3
sambauser3:x:1004:1004::/home/sambauser3:/sbin/nologin
[root@test ~]# pdbedit -a -u sambauser2
new password:
retype new password:
Unix username: sambauser2
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1369552498-1030126791-3625437691-1004
Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513
Full Name:
Home Directory: \\test\sambauser2
HomeDir Drive:
Logon Script:
Profile Path: \\test\sambauser2\profile
Domain: TEST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Wed, 29 Jan 2020 04:19:09 CST
Password can change: Wed, 29 Jan 2020 04:19:09 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@test ~]# pdbedit -a -u sambauser3
new password:
retype new password:
Unix username: sambauser3
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1369552498-1030126791-3625437691-1005
Primary Group SID: S-1-5-21-1369552498-1030126791-3625437691-513
Full Name:
Home Directory: \\test\sambauser3
HomeDir Drive:
Logon Script:
Profile Path: \\test\sambauser3\profile
Domain: TEST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Wed, 29 Jan 2020 04:19:19 CST
Password can change: Wed, 29 Jan 2020 04:19:19 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@test ~]# pdbedit -L
sambauser2:1003:
sambauser1:1002:
sambauser3:1004:
[root@test ~]# setfacl -m u:sambauser2:rwx /data/smb_dir2
[root@test ~]# setfacl -m u:sambauser3:rwx /data/smb_dir2
[root@test ~]# getfacl /data/smb_dir2
getfacl: Removing leading '/' from absolute path names
# file: data/smb_dir2
# owner: root
# group: root
user::rwx
user:sambauser2:rwx
user:sambauser3:rwx
group::r-x
mask::rwx
other::r-x
[root@test ~]# systemctl restart smb
[root@test ~]#
說明:以上在samba服務上有從新共享了一個目錄爲share2 ,這個共享目錄只能有sambauser2和sambauser3這兩個用戶才能訪問其餘用戶無法訪問;sambauser2對這個共享目錄可寫,sambauser3對其不可寫,接下來測試下是不是這樣的
[root@test ~]# smbclient -L 192.168.0.10 -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share Disk this is test share
IPC$ IPC IPC Service (Samba 4.6.2)
sambauser1 Disk Home Directories
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@test ~]# smbclient -L 192.168.0.10 -U sambauser2%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
share Disk this is test share
IPC$ IPC IPC Service (Samba 4.6.2)
sambauser2 Disk Home Directories
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@test ~]#
說明:從上面的信息看,sambauser1和sambauser2都是看不到share2這個共享目錄的,由於咱們在配置文件中設置了browsable=no,這個就表示不容許全部用戶看到此共享目錄,也就是把此共享給隱藏了
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser1%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser2%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:17:15 2020
.. D 0 Wed Jan 29 04:17:15 2020
48209924 blocks of size 1024. 45019880 blocks available
smb: \> q
[root@test ~]#
說明:sambauser1訪問share2被拒絕了,sambauser2是能夠正常訪問的,說明咱們設置的針對特定目錄讓特定的用戶訪問是能夠的,若是是針對組的話,須要在配置文件中寫組名,組名前用@或者+就表示組名,不然它會認爲你寫的是用戶名稱
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser2%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:17:15 2020
.. D 0 Wed Jan 29 04:17:15 2020
48209924 blocks of size 1024. 45019880 blocks available
smb: \> !ls
f1 passwd
smb: \> put f1
putting file f1 as \f1 (61.2 kb/s) (average 61.2 kb/s)
smb: \> ls
. D 0 Wed Jan 29 04:34:20 2020
.. D 0 Wed Jan 29 04:17:15 2020
f1 A 501 Wed Jan 29 04:34:20 2020
48209924 blocks of size 1024. 45019788 blocks available
smb: \> q
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser3%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:34:20 2020
.. D 0 Wed Jan 29 04:17:15 2020
f1 A 501 Wed Jan 29 04:34:20 2020
48209924 blocks of size 1024. 45019788 blocks available
smb: \> put passwd
NT_STATUS_ACCESS_DENIED opening remote file \passwd
smb: \> ls
. D 0 Wed Jan 29 04:34:20 2020
.. D 0 Wed Jan 29 04:17:15 2020
f1 A 501 Wed Jan 29 04:34:20 2020
48209924 blocks of size 1024. 45019868 blocks available
smb: \> q
[root@test ~]#
說明:咱們用sambauser2登陸到share2裏面是能夠正常上傳文件,可是sambauser3在裏面上傳文件被拒絕了,說明咱們設置的針對特定的用戶給特定的權限也是實現了。
實現不一樣的用戶訪問同一共享名稱後,以不一樣的權限進入不一樣目錄
[root@test ~]# vim /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = SAMBA
security = user
config file=/etc/samba/conf.d/%U
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
[share]
"/etc/samba/smb.conf" 48L, 930C written
[root@test ~]# mkdir -p /etc/samba/conf.d/
[root@test ~]# cat >/etc/samba/conf.d/sambauser2
[share2]
path=/smb/sambauser2/
read only=no
^C
[root@test ~]# cat /etc/samba/conf.d/sambauser2
[share2]
path=/smb/sambauser2/
read only=no
[root@test ~]# mkdir -pv /smb/sambauser2
mkdir: created directory ‘/smb’
mkdir: created directory ‘/smb/sambauser2’
[root@test ~]# setfacl -m u:sambauser2:rwx /smb/sambauser2
[root@test ~]# getfacl /smb/sambauser2
getfacl: Removing leading '/' from absolute path names
# file: smb/sambauser2
# owner: root
# group: root
user::rwx
user:sambauser2:rwx
group::r-x
mask::rwx
other::r-x
[root@test ~]# touch /smb/sambauser2/smb_user2.txt
[root@test ~]# systemctl restart smb
[root@test ~]#
說明:以上配置表達的意思是sambauser2訪問share2這個共享目錄時,它和sambauser3訪問share2時不時訪問的同一目錄。咱們在主配置文件中的全局配置中加上了config file=/etc/samba/conf.d/%U 這句話表示用戶訪問共享目錄時代配置文件是/etc/samba/conf.d/和用戶名同名的文件。這個和FTP那個配置有點相似,用戶訪問服務器,讀取不一樣的配合文件。這樣就實現了不一樣的用戶擁有各自的配置文件。固然若是這個目錄下沒有當前訪問用戶的配置文件,那麼他就是用主配置文件中的配置生效。接下來測試下,看看sambauser2訪問share2這個共享目錄時,是否是訪問的咱們給指定的目錄下了,若是是,咱們能夠看到smb_user2.txt這個文件
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser2%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:54:52 2020
.. D 0 Wed Jan 29 04:53:38 2020
smb_user2.txt N 0 Wed Jan 29 04:54:52 2020
48209924 blocks of size 1024. 45019672 blocks available
smb: \> !ls
f1 passwd
smb: \> mkdir user2
smb: \> ls
. D 0 Wed Jan 29 05:05:25 2020
.. D 0 Wed Jan 29 04:53:38 2020
smb_user2.txt N 0 Wed Jan 29 04:54:52 2020
user2 D 0 Wed Jan 29 05:05:25 2020
48209924 blocks of size 1024. 45019600 blocks available
smb: \> q
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser3%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 04:34:20 2020
.. D 0 Wed Jan 29 04:17:15 2020
f1 A 501 Wed Jan 29 04:34:20 2020
48209924 blocks of size 1024. 45019792 blocks available
smb: \> q
[root@test ~]#
說明:能夠看到sambauser2訪問share2 是能夠看到smb_user2.txt,說明他訪問的目錄是/smb/sambauser2這個目錄,何況他也是能夠在裏面建立目錄的,說明寫的權限生效了;sambauser3訪問share2則訪問的是主配置文件中定義目錄中的文件
實現不一樣的客戶機採用不一樣的日誌
[root@test ~]# grep -v ^"#" /etc/samba/smb.conf|head
[global]
workgroup = SAMBA
security = user
config file=/etc/samba/conf.d/%U
log file=/var/log/samba/log.%m
log level=2
passdb backend = tdbsam
[root@test ~]#
說明:以上配置表示不一樣的客戶端主機訪問就把日誌記錄到/var/log/samba/log.客戶端主機名結尾的日誌文件中
[root@test ~]# systemctl restart smb
[root@test ~]# ll /var/log/samba/
total 4
drwx------ 3 root root 18 Jan 29 01:43 cores
-rw-r--r-- 1 root root 3670 Jan 29 05:17 log.smbd
drwx------ 2 root root 6 Aug 7 2017 old
[root@test ~]# smbclient //192.168.0.10/share2 -U sambauser2%admin
Domain=[TEST] OS=[Windows 6.1] Server=[Samba 4.6.2]
smb: \> ls
. D 0 Wed Jan 29 05:05:25 2020
.. D 0 Wed Jan 29 04:53:38 2020
smb_user2.txt N 0 Wed Jan 29 04:54:52 2020
user2 D 0 Wed Jan 29 05:05:25 2020
48209924 blocks of size 1024. 45019916 blocks available
smb: \> q
[root@test ~]# ll /var/log/samba/
total 12
drwx------ 3 root root 18 Jan 29 01:43 cores
-rw-r--r-- 1 root root 754 Jan 29 05:18 log.192.168.0.10
-rw-r--r-- 1 root root 3670 Jan 29 05:17 log.smbd
-rw-r--r-- 1 root root 625 Jan 29 05:18 log.test
drwx------ 2 root root 6 Aug 7 2017 old
[root@test ~]# cat /var/log/samba/log.test
[2020/01/29 05:18:28.232515, 2] ../source3/param/loadparm.c:2769(lp_do_section)
Processing section "[share2]"
[2020/01/29 05:18:28.232705, 2] ../source3/lib/interface.c:345(add_interface)
added interface ens33 ip=192.168.0.10 bcast=192.168.0.255 netmask=255.255.255.0
[2020/01/29 05:18:28.234784, 2] ../source3/smbd/service.c:822(make_connection_snum)
test (ipv4:192.168.0.10:33624) connect to service share2 initially as user sambauser2 (uid=1003, gid=1003) (pid 10105)
[2020/01/29 05:18:33.956451, 2] ../source3/smbd/service.c:1098(close_cnum)
test (ipv4:192.168.0.10:33624) closed connection to service share2
[root@test ~]#
說明:可看到修改配置文件後,重啓服務,在對應的目錄下是沒有生成日誌文件的,而後咱們經過訪問samba共享的目錄,在對應的目錄下生成了以主機名結尾的日誌文件和ip地址結尾的日誌文件。裏面記錄了客戶端的主機名信息,IP地址和端口信息,還有訪問了那個共享目錄和以那個用戶身份訪問的
4、掛載CIFS文件系統
上面咱們演示了管理和配置samba的共享目錄,可是都是用smbclient 工具去和samba交互使用的。接下來咱們演示下怎麼掛載cifs文件系統
手動掛載
[root@test ~]# df 文件系統 1K-塊 已用 可用 已用% 掛載點 /dev/mapper/centos-root 27560808 13929596 13631212 51% / devtmpfs 923148 0 923148 0% /dev tmpfs 935012 0 935012 0% /dev/shm tmpfs 935012 17204 917808 2% /run tmpfs 935012 0 935012 0% /sys/fs/cgroup /dev/sda2 1038336 221032 817304 22% /boot /dev/sda1 204580 11364 193216 6% /boot/efi tmpfs 187004 0 187004 0% /run/user/1000 [root@test ~]# mount -t cifs -o username=sambauser2,password=admin //192.168.0.10/share2 /mnt [root@test ~]# df 文件系統 1K-塊 已用 可用 已用% 掛載點 /dev/mapper/centos-root 27560808 13930088 13630720 51% / devtmpfs 923148 0 923148 0% /dev tmpfs 935012 0 935012 0% /dev/shm tmpfs 935012 17204 917808 2% /run tmpfs 935012 0 935012 0% /sys/fs/cgroup /dev/sda2 1038336 221032 817304 22% /boot /dev/sda1 204580 11364 193216 6% /boot/efi tmpfs 187004 0 187004 0% /run/user/1000 //192.168.0.10/share2 48209924 3190212 45019712 7% /mnt [root@test ~]# cd /mnt [root@test mnt]# ls smb_user2.txt user2 [root@test mnt]#
說明:手動掛載須要指定文件系統類型和掛載選項用戶名和密碼來進行掛載,這樣存在不安全風險,別人登陸到Linux系統上查看命令歷史,咱們的用戶名和密碼就泄露了,因此仍是不建議手動掛載
開機自動掛載
[root@test ~]# df
文件系統 1K-塊 已用 可用 已用% 掛載點
/dev/mapper/centos-root 27560808 13929600 13631208 51% /
devtmpfs 923148 0 923148 0% /dev
tmpfs 935012 0 935012 0% /dev/shm
tmpfs 935012 17204 917808 2% /run
tmpfs 935012 0 935012 0% /sys/fs/cgroup
/dev/sda2 1038336 221032 817304 22% /boot
/dev/sda1 204580 11364 193216 6% /boot/efi
pfs 187004 0 187004 0% /run/user/1000
▽/192.168.0.10/share2 48209924 3190116 45019808 7% /mnt
[root@test ~]# umount /mnt
[root@test ~]# df
文件系統 1K-塊 已用 可用 已用% 掛載點
/dev/mapper/centos-root 27560808 13929600 13631208 51% /
devtmpfs 923148 0 923148 0% /dev
tmpfs 935012 0 935012 0% /dev/shm
tmpfs 935012 17204 917808 2% /run
tmpfs 935012 0 935012 0% /sys/fs/cgroup
/dev/sda2 1038336 221032 817304 22% /boot
/dev/sda1 204580 11364 193216 6% /boot/efi
tmpfs 187004 0 187004 0% /run/user/1000
[root@test ~]# echo '//192.168.0.10/share2 /mnt cifs credentials=/etc/samba/smb.txt 0 0' >> /etc/fstab
[root@test ~]# tail -1 /etc/fstab
//192.168.0.10/share2 /mnt cifs credentials=/etc/samba/smb.txt 0 0
[root@test ~]# cat >/etc/samba/smb.txt
username=sambauser2
password=admin
^C
[root@test ~]# cat /etc/samba/smb.txt
username=sambauser2
password=admin
[root@test ~]# ll /etc/samba/smb.txt
-rw-r--r-- 1 root root 35 1月 31 02:01 /etc/samba/smb.txt
[root@test ~]# chmod 600 /etc/samba/smb.txt
[root@test ~]# ll /etc/samba/smb.txt
-rw------- 1 root root 35 1月 31 02:01 /etc/samba/smb.txt
[root@test ~]# mount -a
mount: 文件系統類型錯誤、選項錯誤、//192.168.0.10/share2 上有壞超級塊、
缺乏代碼頁或助手程序,或其餘錯誤
(對某些文件系統(如 nfs、cifs) 您可能須要
一款 /sbin/mount.<類型> 助手程序)
有些狀況下在 syslog 中能夠找到一些有用信息- 請嘗試
dmesg | tail 這樣的命令看看。
[root@test ~]#
說明:咱們須要在/etc/fstab 寫好掛載策略。上面寫好各個配置文件後,測試掛載出現錯誤,讓咱們用dmesg|tail 查看錯誤信息
[root@test ~]# dmesg | tail [2046006.177249] CIFS VFS: No username specified [2046044.418403] No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
說明:在網上查了大半天,緣由是客戶端沒有安裝cifs-utils包,安裝上在測試掛載就沒有問題
[root@test ~]# yum install cifs-utils 已加載插件:fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 正在解決依賴關係 --> 正在檢查事務 ---> 軟件包 cifs-utils.x86_64.0.6.2-10.el7 將被 安裝 --> 解決依賴關係完成 依賴關係解決 =========================================================================================================================================================================== Package 架構 版本 源 大小 =========================================================================================================================================================================== 正在安裝: cifs-utils x86_64 6.2-10.el7 base 85 k 事務概要 =========================================================================================================================================================================== 安裝 1 軟件包 總下載量:85 k 安裝大小:175 k Is this ok [y/d/N]: y Downloading packages: cifs-utils-6.2-10.el7.x86_64.rpm | 85 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction 正在安裝 : cifs-utils-6.2-10.el7.x86_64 1/1 驗證中 : cifs-utils-6.2-10.el7.x86_64 1/1 已安裝: cifs-utils.x86_64 0:6.2-10.el7 完畢! [root@test ~]# mount -a [root@test ~]# df 文件系統 1K-塊 已用 可用 已用% 掛載點 /dev/mapper/centos-root 27560808 13931160 13629648 51% / devtmpfs 923148 0 923148 0% /dev tmpfs 935012 0 935012 0% /dev/shm tmpfs 935012 17204 917808 2% /run tmpfs 935012 0 935012 0% /sys/fs/cgroup /dev/sda2 1038336 221032 817304 22% /boot /dev/sda1 204580 11364 193216 6% /boot/efi tmpfs 187004 0 187004 0% /run/user/1000 //192.168.0.10/share2 48209924 3190200 45019724 7% /mnt [root@test ~]# ls /mnt smb_user2.txt user2 xxx [root@test ~]#
說明:把用戶名和密碼寫到一個配置文件中,這樣相對要比寫在命令行裏要安全一點。以上就是Linux系統上掛載cifs文件系統所有步驟。在windows 上咱們通常都是把共享目錄映射成一個盤符,而後使用就如同使用本機磁盤同樣,具體操做以下
右鍵計算機------->選擇映射網絡驅動器
點擊肯定後咱們就把samba共享的文件就映射到Windows上的一個網絡磁盤。這個時候咱們訪問共享目錄就像訪問本地磁盤同樣。
相關文章
- 1. Linux網絡文件共享服務(二)NFS服務
- 2. Linux網絡文件共享服務(三)SAMBA服務
- 3. Linux網絡文件共享服務之NFS
- 4. Linux之網絡文件共享服務(NFS)
- 5. 網絡文件共享服務
- 6. NFS網絡文件共享服務
- 7. 訪問網絡文件共享服務
- 8. 網絡文件共享服務-vsftp
- 9. 網絡文件共享服務-Samba
- 10. 網絡文件共享服務-NFS
- 更多相關文章...
- • 啓動MySQL服務 - MySQL教程
- • ASP.NET Web Forms - HTML 服務器控件 - ASP.NET 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • 互聯網組織的未來:剖析GitHub員工的任性之源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Linux網絡文件共享服務(二)NFS服務
- 2. Linux網絡文件共享服務(三)SAMBA服務
- 3. Linux網絡文件共享服務之NFS
- 4. Linux之網絡文件共享服務(NFS)
- 5. 網絡文件共享服務
- 6. NFS網絡文件共享服務
- 7. 訪問網絡文件共享服務
- 8. 網絡文件共享服務-vsftp
- 9. 網絡文件共享服務-Samba
- 10. 網絡文件共享服務-NFS