Linux基礎學習-Samba文件共享服務

使用Samba文件共享服務

Samba起源：

早期網絡想要在不一樣主機之間共享文件大多要用FTP協議來傳輸，但FTP協議僅能作到傳輸文件卻不能直接修改對方主機的資料數據，這樣確實不太方便，因而便出現了NFS開源文件共享程序:NFS(NetworkFile System)是一個可以將多臺Linux的遠程主機數據掛載到本地目錄的服務，屬於輕量級的文件共享服務，不支持Linux與 Windows系統間的文件共享。

隨後在1991年時大學生Tridgwell爲了解決Linux與Windows系統之間共享文件的問題，便開發出了SMB協議與Samba服務程序。
SMB(Server Messages Block)協議:實現局域網內文件或打印機等資源共享服務的協議。

當時Tridgwell想要註冊SMBServer這個商標，但卻被由於SMB是沒有意義的字符被拒絕了，通過Tridgwell不斷翻看詞典，終於找到了一個拉丁舞蹈的名字——SAMBA，而這個熱情舞蹈的名字中又剛好包含了SMB(SAMBA)，因而這即是Samba程序名字的由來。

Samba服務程序是一款基於SMB協議並由服務端和客戶端組成的開源文件共享軟件，實現了Linux與Windows系統間的文件共享

1 samba安裝

[root@qdlinux ~]# yum install samba cifs-utils -y

2 啓動服務加入開機自啓動

[root@qdlinux ~]# systemctl start smb
[root@qdlinux ~]# systemctl enable smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
[root@qdlinux ~]# ss -lntup | grep smb
tcp    LISTEN     0      50        *:139                   *:*                   users:(("smbd",pid=1095,fd=38))
tcp    LISTEN     0      50        *:445                   *:*                   users:(("smbd",pid=1095,fd=37))
tcp    LISTEN     0      50       :::139                  :::*                   users:(("smbd",pid=1095,fd=36))
tcp    LISTEN     0      50       :::445                  :::*                   users:(("smbd",pid=1095,fd=35))

3 配置samba

[root@qdlinux ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@qdlinux ~]# cat /etc/samba/smb.conf.bak | grep -v "#" | grep -v ";" | grep -v "^$" > /etc/samba/smb.conf 
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
    workgroup = SAMBA
    security = user
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw
[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = root
    create mask = 0664
    directory mask = 0775

4 修改配置文件以下

[root@qdlinux ~]# vim /etc/samba/smb.conf
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
    workgroup = WORKGROUP
    security = user
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw
[share]
    comment = This is share /data/samba/share
    path = /data/samba/share
    public = no
    writable = yes

5 添加一個用戶用於訪問共享資源

[root@qdlinux ~]# useradd samba_user
[root@qdlinux ~]# usermod -s /sbin/nologin samba_user

[root@qdlinux ~]# pdbedit -L 
[root@qdlinux ~]# pdbedit -a -u samba_user
new password:
retype new password:
Unix username:        samba_user
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-351179206-2754336130-384069223-1000
Primary Group SID:    S-1-5-21-351179206-2754336130-384069223-513
Full Name:            
Home Directory:       \\qdlinux\samba_user
HomeDir Drive:        
Logon Script:         
Profile Path:         \\qdlinux\samba_user\profile
Domain:               QDLINUX
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 23:06:39 CST
Kickoff time:         Wed, 06 Feb 2036 23:06:39 CST
Password last set:    Tue, 14 Aug 2018 19:37:44 CST
Password can change:  Tue, 14 Aug 2018 19:37:44 CST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

[root@qdlinux ~]# chown -Rf samba_user.samba_user /data/samba/share/

6 重啓服務測試

[root@qdlinux ~]# systemctl restart smb

7 發現windows不能訪問所共享的內容,解決方法以下

[root@qdlinux ~]# iptables -F
[root@qdlinux ~]# firewall-cmd --permanent --add-service=samba
success
[root@qdlinux ~]# firewall-cmd --reload 
success

[root@qdlinux ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@qdlinux ~]# setsebool -P samba_enable_home_dirs on
[root@qdlinux ~]# setsebool -P samba_export_all_rw on

匿名訪問成功