Samba文件共享服务简介
Samba服务端配置
[root@shareserver ~]# yum install samba samba-common samba-client -y
[root@shareserver ~]# systemctl start smb
[root@shareserver ~]# getenforce
[root@shareserver ~]# setenforce 0
[root@shareserver ~]# getenforce
[root@shareserver ~]# smbpasswd -a student 添加student
[root@shareserver ~]# useradd westos
[root@shareserver ~]# smbpasswd -a westos
[root@shareserver ~]# pdbedit -L 显示用户
[root@shareserver ~]# pdbedit -x westos 删除westos
[root@shareserver ~]# pdbedit -L
Samba客户端配置
[root@client ~]# yum install samba-client -y 客户端软件
Samba配置及参数的详细说明
/etc/samba/smb.conf:这时SAMBA的主要配置文件,基本上SAMBA仅有这个配置文件而已,且这个配置文件本身就是很详细的说明文件,用vim去查阅它。主要的设置项目分为服务器的全剧设置(global),如工作组、NetBIOS名称与密码等级,以及共享目录相关设置,如实际目录、共享资源名称与权限等两大部分。
/etc/sysconfig/samba:提供启动smbd、nmbd时,还想要加入的相关服务参数。
client
[root@client ~]# smbclient -L //172.25.254.160 -U student
这里会看到存储目录,也就是student的家目录,没有-U代表匿名登陆
[root@client ~]# smbclient //172.25.254.160/student -U student
登陆到文件
[root@client ~]# mount -o username=student,password=mtf //172.25.254.160/student /mnt/ 挂载
[root@client ~]# df
[root@client ~]# cd /mnt/
[root@client mnt]# touch linux
[root@client mnt]# rm -rf linux
[root@client ~]# cd /mnt/
[root@client mnt]# touch linux
[root@client mnt]# ls
linux
[root@client mnt]# rm -rf linux
[root@client mnt]# cd
[root@client ~]# cd /mnt/
[root@client mnt]# touch file
[root@client mnt]# cd
shareserver
[root@shareserver ~]# cd /home/student/
[root@shareserver student]# ls
file
以student用户查看共享文件
以student用户登录
可以在服务端查看,也可以登录到共享文件用ls查看
更改共享目录名称
[root@shareserver ~]# vim /etc/samba/smb.conf
89 workgroup = WESTOS
[root@shareserver ~]# smbclient -L //172.25.254.160 -U student
打开selinux通道
[root@shareserver ~]# getenforce
Permissive
[root@shareserver ~]# setenforce 1
[root@shareserver ~]# getenforce
Enforcing
[root@shareserver ~]# getsebool -a | grep samba
[root@shareserver ~]# setsebool -P samba_enable_home_dirs on
[root@shareserver ~]# smbclient //172.25.254.160/student -U student
ls
将selinux开到强制模式,通过控制bool置,对服务开启对应的权限
黑白名单可以对比着看
白名单
[root@shareserver ~]# vim /etc/samba/smb.conf
hosts allow = 172.25.254.160
[root@shareserver ~]# smbclient //172.25.254.160/student -U student
ls
黑名单
[root@shareserver ~]# vim /etc/samba/smb.conf
hosts deny = 172.25.254.161
[root@client ~]# smbclient //172.25.254.160/student -U student
共享自己创建的目录
[root@shareserver ~]# mkdir /mtf
[root@shareserver ~]# vim /etc/samba/smb.conf
321 [mtf01] 共享的名称
322 comment = hello world 给用户看的解释
323 path = /mtf 实际共享路径
[root@shareserver ~]# ls -Zd /mtf
-rw-r--r--. root root unconfined_u:object_r:etc_runtime_t:s0 /mtf
[root@shareserver ~]# semanage fcontext -a -t samba_share_t '/mtf(/.*)?' 更改安全上下文
[root@shareserver ~]# restorecon -RvvF /mtf/
[root@shareserver ~]# smbclient //172.25.254.160/mtf01 -U student
ls
共享系统目录和共享自己创建的目录,不同的是共享自己创建的目录,可以直接更改安全上下文,但是系统目录需要控制selinux的bool值,系统目录如果更改安全上下文,会导致系统自身启动、程序允许发生错误
共享系统目录
[root@shareserver ~]# vim /etc/samba/smb.conf
325 [mnt]
326 comment = hello mnt 给用户看的解释
327 path = /mnt
[root@shareserver ~]# getsebool -a | grep samba
[root@shareserver ~]# setsebool -P samba_export_all_ro on 开启selinux的可读权限
[root@shareserver ~]# smbclient //172.25.254.160/mnt -U student
ls
下面这些参数在实验的时候一定要注意,是否发生冲突,最好再做后面的实验时候注释掉前面的内容,但是不要注释掉可写的权限
共享配置参数
writabel = yes/no 可写 服务可写,需要文件权限可写777
!ls 只能上传当前目录下的
write list = westos 允许westos可写
valid list = westos 允许westos可登陆
@ + westos的组
browseable = yes/no 能不能看见
admin users = student student以root身份上传文件
guest ok = yes 允许匿名登陆
map to guest = bad user
[root@shareserver ~]# chmod 777 /mtf
[root@shareserver ~]# vim /etc/samba/smb.conf
324 writable = yes
[root@shareserver ~]# smbclient //172.25.254.160/mtf01 -U student
smb: \> !ls
smb: \> put anaconda-ks.cfg
putting file anaconda-ks.cfg as \anaconda-ks.cfg (382.6 kb/s) (average 382.6 kb/s)
smb: \> exit
[root@shareserver ~]# vim /etc/samba/smb.conf
326 browseable = no
[root@shareserver ~]# smbclient -L //172.25.254.160/mtf01
[root@shareserver ~]# smbclient -L //172.25.254.160/mtf01 -U student
[root@shareserver ~]# vim /etc/samba/smb.conf
325 guest ok = yes
125 map to guest = bad user
[root@shareserver ~]# smbclient //172.25.254.160/mtf01
smb: \> ls
smb: \> rm anaconda-ks.cfg
smb: \> ls
smb: \> exit
smb多用户挂载
client
[root@client ~]# yum install cifs-utils -y
shareserver
[root@shareserver ~]# useradd xiaomi 创建用户并且加入smb服务
[root@shareserver ~]# useradd huawei
[root@shareserver ~]# useradd iphone
[root@shareserver ~]# smbpasswd -a xiaomi
New SMB password:
Retype new SMB password:
Added user xiaomi.
[root@shareserver ~]# smbpasswd -a huawei
New SMB password:
Retype new SMB password:
Added user huawei.
[root@shareserver ~]# smbpasswd -a iphone
New SMB password:
Retype new SMB password:
Added user iphone.
[root@shareserver ~]# pdbedit -L 查看smb中加入的用户
student:1000:Student User
xiaomi:1002:
iphone:1004:
huawei:1003:
client
[root@client ~]# vim /root/smbpasswd 认证文件,帐户和密码
username=student
password=westos
[root@client ~]# chmod 600 /root/smbpasswd 密码文件为确保安全性,只允许root用户可读可写
[root@client ~]# mount -o credentials=/root/smbpasswd,sec=ntlmssp,multiuser //172.25.254.104/mtf01 /mnt 通过root用户认证,其他用户通过ntlmssp认证,多用户认证机制
[root@client ~]# df -h
[root@client ~]# cd /mnt/
[root@client mnt]# touch ceshi
[root@client mnt]# ls -l
[root@client ~]# su - huawei
[huawei@client ~]$ cd /mnt
[huawei@client mnt]$ ls
ls: reading directory .: Permission denied 无权限查看
[huawei@client mnt]$ cifscreds add -u huawei 172.25.254.160
Password:
[huawei@client mnt]$ ls
ceshi file
[huawei@client mnt]$ exit
[root@client ~]# su - iphone
su: user iphone does not exist
[root@client ~]# su - huawei
Last login: Sat Nov 24 02:23:02 EST 2018 on pts/0
[huawei@client ~]$ cifscreds add -u iphone 172.25.254.160
Password:
[huawei@client ~]$ ls
[huawei@client ~]$ cd /mnt/
[huawei@client mnt]$ ls
ceshi file
cifscreds clearall 当密码输入错误,执行,才能再次登录