『2-6』Linux之网络文件系统
一、samba服务简介
作用:
smb = Server Message Block Sum
cifs = Common Internet File System Microsoft
windows系统共享文件时用到的协议smb
windows端设置好共享目录
linux下:
smbclient -L //192.168.1.5
smbclient -L //192.168.1.5 -U administrator
smbclient //192.168.1.5/C$ -U xingyuqi
mount //192.168.1.5 /mnt -o username=administrator,password=
[root@node26 mnt]# touch file{1..4}
smb是由microsoft+sun
Linux cifs
二、samba基本信息
服务启动脚本:
smb.service
主目录配置:
/etc/samba
主配置文件:
/etc/smb.conf
安全上下文:
samba_share_t
端口:
139
445
安装包
samba
samba-common
二、 samba的安装与启用
samba的安装:
dnf install samba samba-common samba-client -y
samba服务启动:
systemctl enable --now smb
samba服务启用
firewall-cmd --permanent --add-service=samba
firewall-cmd --reload
测试:
dnf install samba-client -y
smbclient -L //172.25.254.20 当要输入root密码时请直接回车
三、samba用户的建立
1.samba用户必须是存在的用户
[root@node126 ~]# useradd westos
[root@node126 ~]# useradd lee
[root@node126 ~]# useradd ricky
useradd: user 'ricky' already exists
[root@node126 ~]#
2.samba用户的建立
smbpasswd -a lee 添加用户
[root@node126 ~]# smbpasswd -a lee
New SMB password:
Retype new SMB password:
Added user lee.
[root@node126 ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Added user westos.
[root@node126 ~]# smbpasswd -a ricky
New SMB password:
Retype new SMB password:
Added user ricky.
[root@node126 ~]#
pdbedit -L 查看用户列表
pdbedit -x lee 删除用户
四、samba用户访问家目录
[root@node226 /]# smbclient -L //172.25.254.126 -U ricky
[root@node226 /]# smbclient //172.25.254.126/westos -U westos
服务端
[root@node126 ~]# getsebool -a |grep samba
客户端
五、samba服务共享目录
mkdir /westosdir
touch /westosdir/westosfile{1..5}
[root@node126 ~]# cd /etc/samba/
[root@node126 samba]# ls
lmhosts smb.conf smb.conf.example
[root@node126 samba]# mv smb.conf smb.conf.back
[root@node126 samba]# cp smb.conf.example smb.conf
[root@node126 samba]#
systemctl restart smb.service
semanage fcontext -a -t samba_share_t '/westosdir(/.*)?'
restorecon -RvvF /westosdir/
vim /etc/samba/smb.conf
[westosdir] 共享名称
comment = westosdir 共享说明
path= /westosdir 共享路径
systemctl restart smb
客户端测试:
[root@node226 /]# smbclient -L //172.25.254.126 -U westos
smbclient //172.25.254.20/westosdir -U westos
服务端
[root@node126 samba]# systemctl restart smb.service
[root@node126 samba]# ls -Zd /mnt/
[root@node126 samba]# touch /mnt/666
客户端
[root@node226 /]# smbclient //172.25.254.126/MNT -U westos
服务端
客户端
[root@node226 /]# smbclient //172.25.254.126/MNT -U westos
mount -o username=westos,password=westos //172.25.254.126/WESTOS /mnt
六、samba的访问控制
hosts allow 172.25.254.30 172.25.254.40当写到共享时只对此共享生效
[root@node126 samba]# vim /etc/samba/smb.conf
172.25.254.226
[root@node226 /]# umount /mnt
[root@node226 /]# mount -o username=westos,password=westos //172.25.254.126/WESTOS /mnt
172.25.254.126
[root@node126 samba]# mount -o username=westos,password=westos //172.25.254.126/WESTOS /mnt
hosts deny 当写到「GLOBAL」时对samba整体生效。
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb.service
172.25.254.126
服务端
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb
[root@node126 samba]#
172.25.254.126
服务端
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb
[root@node126 samba]#
此处注意同时挂载可能导致死循环。
七、samba的常见配置参数
writable = yes 可写
客户端172.25.254.226
[root@node226 /]# mkdir /westos
[root@node226 /]# mount -o username=westos,password=westos //172.25.254.126/WESTOS /westos
[root@node226 /]# cd /westos/
服务端
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb
[root@node126 samba]#
[root@node226 westos]# touch 999
touch: cannot touch '999': Permission denied
仍然拒绝。客户端root以samba组身份写入目录。
目录权限未对samba组开放。
服务器
[root@node126 ~]# chmod 777 /westosdir/
客户端
write list = westos 指定用户可写
write list = +westos 指定组可写
write list = @westos
valid users = lee 指定访问用户
valid users = +lee | @lee 指定访问组
服务端
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb
[root@node126 samba]#
服务端
[root@node126 samba]# vim /etc/samba/smb.conf
[root@node126 samba]# systemctl restart smb
[root@node126 samba]#
browseable = yes|no 是否隐藏共享
map to guest = bad user 写到全局设定中
guest ok = yes 允许此匿名用户访问
admin users = lee 指定此共享的超级用户身份
八、samba的多用户挂载
在客户端如果用普通的挂载方式
没有用过用户验证的人也可以访问samba服务
dnf install cifs-utils -y
vim /root/smbpass
username=westos
password=lee
mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.20/westos /mnt
credentials=/root/smbpass 指定认证文件
sec = ntlmssp 指定认证类型
NFS
Net File System
nfs基本信息
nfs-utils 安装包
nfs-server 服务脚本
/etc/exports 共享配置文件
nfs的启用
systemctl start nfs-server
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --permanent --add-service=mounted
firewall-cmd --permanent --add-service=nfs
firewall-cmd --reload
测试:
showmount -e 172.25.254.20
nfs 配置
vim /etc/exports 此文件更改后生效exportfs -rv
共享目录 共享给谁(共享参数)
iscsi
0.虚拟机node126新加一块硬盘
1.fdisk /dev/vdb -----------> /dev/vdb1
2.dnf install targetcli -y
(需要配置好软件仓库)
3.iscsi_server
targetcli
/> /backstores/block create westos_storage1 /dev/vdb1
/> /iscsi create iqn.2020-08.con.westos:storage1
/> /iscsi/iqn.2020-08.com.westos:storage1/tpg1/luns create /backstores/block/storage
/> /iscsi/iqn.2020-08.com.westos:storage1/tpg1/acls create iqn.2020-08.com.westos:westoskey1
/> exit
4.客户端 iscsi_client
dnf install iscsi-initiator-utils.x86_64 -y
List item
vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2020-08.com.westos:westoskey1 <---- key check
systemctl restart iscsid
dnf install iscsi-initiator-utils.x86_64 -y
[root@node226 wsgi]# iscsiadm -m discovery -t st -p 172.25.254.126
服务端:
firewall-cmd --permanent --add-port=3260/tcp
success
firewall-cmd --reload
success
客户端:
iscsiadm -m discovery -t st -p 172.25.254.126
man iscsiadm
-m, --mode op
specify the mode. op must be one of discovery, discoverydb, node, fw, host iface or session.
If no other options are specified: for discovery, discoverydb and node, all of their respective records
are displayed; for session, all active sessions and connections are displayed; for fw, all boot
firmware values are displayed; for host, all iSCSI hosts are displayed; and for iface, all ifaces setup
in /var/lib/iscsi/ifaces are displayed.
-t, --type=type
type must be sendtargets (or abbreviated as st), slp, isns or fw. Currently only sendtargets, fw, and
iSNS is supported, see the DISCOVERY TYPES section.
-p, --portal=ip[:port]
Use target portal with ip-address ip and port. If port is not passed in the default port value is 3260.
IPv6 addresses can be specified as [ddd.ddd.ddd.ddd]:port or ddd.ddd.ddd.ddd.
Hostnames can also be used for the ip argument.
This option is only valid for discovery, or for node operations with the new operator.
This should be used along with --target in node mode, to specify what the open-iscsi docs refer to as a
node or node record. Note: open-iscsi's use of the word node, does not match the iSCSI RFC's iSCSI Node
term.
iscsiadm -m node -T iqn.2020-08.com.westos:storage1 -p 172.25.254.126 -l ----> /dev/sda
-T, --targetname=targetname
Use target targetname.
This should be used along with --portal in node mode, to specify what the open-iscsi docs refer to as a
node or node record. Note: open-iscsi's use of the word node, does not match the iSCSI RFC's iSCSI Node
term.
-l, --login
For node and fw mode, login to a specified record. For discovery mode, login to all discovered targets.
This option is only valid for discovery and node modes.
fdisk /dev/sda —> /dev/sda1
mkfs.xfs /dev/sda1
mount /dev/sda1 /mnt
fdisk -l
systemctl status iscsid
systemctl enable --now iscsid 开机启动并立即生效
客户端卸载
umount /mnt
tree /var/lib/iscsi/
iscsiadm -m node -T iqn.2020-08.com.westos:storage1 -p 172.25.254.126 -u
iscsiadm -m node -T iqn.2020-08.com.westos:storage1 -p 172.25.254.126 -o delete
服务端卸载
targetcli
/> cd /iscsi/
/iscsi/> /iscsi delete iqn.2020-08.westos:storage1
/> clearconfig confirm=True
/> exit
targecli
ls
