samba可以用於linux和windows之間文件共享。
需要安裝的軟件包
samba-3.0.23c-2.i386.rpm
samba-client-3.0.23c-2.i386.rpm
samba-common-3.0.23c-2.i386.rpm
samba-swat-3.0.23c-2.i386.rpm
system-config-samba-1.2.39-1.el5.noarch.rpm
啓動腳本:/etc/init.d/smb
配置文件:/etc/samba/smb.conf
實驗完成了security安全級別爲 share、user共享目錄讀寫訪問控制。
過程如下:
[chen@localhost 桌面]$ rpm -qa|grep samba samba-winbind-clients-3.5.4-68.el6.i686 samba-common-3.5.4-68.el6.i686 samba-client-3.5.4-68.el6.i686 [chen@localhost 桌面]$ chkconfig --list|grep smb [chen@localhost 桌面]$ yum list|grep samba *Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories. samba-client.i686 3.5.4-68.el6 @anaconda-RedHatEnterpriseLinux-201009221732.i386/6.0 samba-common.i686 3.5.4-68.el6 @anaconda-RedHatEnterpriseLinux-201009221732.i386/6.0 samba-winbind-clients.i686 3.5.4-68.el6 @anaconda-RedHatEnterpriseLinux-201009221732.i386/6.0 samba.i686 3.5.4-68.el6 rhel-source samba-winbind.i686 3.5.4-68.el6 rhel-source sblim-cmpi-samba.i686 1.0-1.el6 rhel-source [chen@localhost 桌面]$ yum -y install samba* Loaded plugins: refresh-packagekit, rhnplugin *Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories. You need to be root to perform this command. [chen@localhost 桌面]$ su - root 密碼: [root@localhost ~]# yum -y install samba* Loaded plugins: refresh-packagekit, rhnplugin This system is not registered with RHN. RHN support will be disabled. rhel-source | 3.7 kB 00:00 ... Setting up Install Process Package samba-common-3.5.4-68.el6.i686 already installed and latest version Package samba-winbind-clients-3.5.4-68.el6.i686 already installed and latest version Package samba-client-3.5.4-68.el6.i686 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package samba.i686 0:3.5.4-68.el6 set to be updated ---> Package samba-winbind.i686 0:3.5.4-68.el6 set to be updated --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: samba i686 3.5.4-68.el6 rhel-source 5.0 M samba-winbind i686 3.5.4-68.el6 rhel-source 3.5 M Transaction Summary ==================================================================================================== Install 2 Package(s) Upgrade 0 Package(s) Total download size: 8.5 M Installed size: 30 M Downloading Packages: ---------------------------------------------------------------------------------------------------- Total 19 MB/s | 8.5 MB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : samba-winbind-3.5.4-68.el6.i686 1/2 Installing : samba-3.5.4-68.el6.i686 2/2 Installed: samba.i686 0:3.5.4-68.el6 samba-winbind.i686 0:3.5.4-68.el6 Complete! [root@localhost ~]# chkconfig --list|grep smb smb 0:關閉 1:關閉 2:關閉 3:關閉 4:關閉 5:關閉 6:關閉 [root@localhost ~]# chkconfig smb on [root@localhost ~]# /etc/init.d/smb start 啓動 SMB 服務: [確定] [root@localhost ~]# ls /etc/samba/ lmhosts smb.conf smbusers [root@localhost ~]# vim /etc/samba/smb.conf [root@localhost ~]# tail -8 /etc/samba/smb.conf [files] comment = Public Files Share path = /home/samba public = yes writable = yes printable = no [root@localhost ~]# 剛纔的vim修改增加了最後那幾行和把global下面到security改爲了share^C [root@localhost ~]# /etc/init.d/smb restart 關閉 SMB 服務: [確定] 啓動 SMB 服務: [確定] [root@localhost ~]# setenforce 0 [root@localhost ~]# smbclient //192.169.1.98/files #登陸不上,因爲/home/samba目錄還沒有創建 Enter root's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] Server not using user level security and no password supplied. tree connect failed: NT_STATUS_BAD_NETWORK_NAME [root@localhost ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[files]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v security = SHARE log file = /var/log/samba/log.%m max log size = 50 cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [files] comment = Public Files Share path = /home/samba read only = No guest ok = Yes [root@localhost ~]# mkdir /home/samba [root@localhost ~]# chmod o+w /home/samba/ [root@localhost ~]# ls -ld /home/samba/ drwxr-xrwx. 2 root root 4096 8月 9 20:47 /home/samba/ [root@localhost ~]# smbclient //192.169.1.98/files Enter root's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] Server not using user level security and no password supplied. smb: \> ls . D 0 Thu Aug 9 20:47:01 2012 .. D 0 Thu Aug 9 20:47:01 2012 40317 blocks of size 262144. 26849 blocks available smb: \> ls . D 0 Thu Aug 9 20:49:30 2012 .. D 0 Thu Aug 9 20:47:01 2012 8.9samba A 19725 Thu Aug 9 11:38:38 2012 #這個文件是在虛擬機外面的windows中傳上去的 40317 blocks of size 262144. 26848 blocks available smb: \> put 1 .gnote/ off .xauthnex4AK a .gnupg/ .printer-groups.xml .xauthQDpdMq anaconda-ks.cfg .gstreamer-0.10/ .pulse/ .xauths3w8PP .bash_history .gtk-bookmarks .pulse-cookie .xauthWHeJNQ .bash_logout .gvfs/ .recently-used.xbel .xauthzsGCtR .bash_profile .ICEauthority .ssh/ 公共的/ .bashrc .icons/ .tcshrc 模板/ .cache/ .imsettings.log .themes/ 視頻/ .config/ install.log .thumbnails/ 圖片/ .cshrc install.log.syslog .viminfo 文檔/ .dbus/ .lesshst .xauthEjNjkE 下載/ .esd_auth .lftp/ .xauthH1M7lM 音樂/ .gconf/ .local/ .xauthiHGPWs 桌面/ .gconfd/ loginDir/ .xauthKSE2s2 .gnome2/ .nautilus/ .xauthmGZjkB smb: \> put a putting file a as \a (0.0 kb/s) (average 0.0 kb/s) smb: \> ls . D 0 Thu Aug 9 20:49:30 2012 .. D 0 Thu Aug 9 20:47:01 2012 a A 0 Thu Aug 9 20:50:27 2012 8.9samba A 19725 Thu Aug 9 11:38:38 2012 40317 blocks of size 262144. 26848 blocks available smb: \> get 8.9samba getting file \8.9samba of size 19725 as 8.9samba (6420.7 KiloBytes/sec) (average 6420.9 KiloBytes/sec) smb: \> quit [root@localhost ~]# ls 1 a install.log loginDir 公共的 視頻 文檔 音樂 8.9samba anaconda-ks.cfg install.log.syslog off 模板 圖片 下載 桌面 [root@localhost ~]# #匿名用戶可以登陸,且可以get,put -------------------------------需要用戶名和密碼驗證------------------------------------- [root@localhost ~]# [root@localhost ~]# security=share不要用戶名和密碼的方式實驗成功,下面測試security=users需要驗證^C [root@localhost ~]# [root@localhost ~]# [root@localhost ~]# vim /etc/samba/smb.conf [root@localhost ~]# 把security=user,然後添加了以下10行^C [root@localhost ~]# tail -11 /etc/samba/smb.conf [movies] comment = This is a movies world! path = /var/public/movies public = no writable = yes printable = no valid users = user1 user2 @root write list = user1 @root directory mask = 0744 create mask = 0600 [root@localhost ~]# service smb restart 關閉 SMB 服務: [確定] 啓動 SMB 服務: [確定] [root@localhost ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[files]" Processing section "[movies]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v log file = /var/log/samba/log.%m max log size = 50 cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [files] comment = Public Files Share path = /home/samba read only = No guest ok = Yes [movies] comment = This is a movies world! path = /var/public/movies valid users = user1, user2, @root write list = user1, @root read only = No create mask = 0600 directory mask = 0744 [root@localhost ~]# smbpasswd -a user1 New SMB password: Retype new SMB password: Added user user1. [root@localhost ~]# smbclient -U user1 //192.168.1.98/movies Enter user1's password: Connection to 192.168.1.98 failed (Error NT_STATUS_HOST_UNREACHABLE) [root@localhost ~]# setenforce 0 [root@localhost ~]# mkdir -p /var/public/movies [root@localhost ~]# chmod o+w /var/public/movies/ [root@localhost ~]# ls -ld /var/public/movies/ drwxr-xrwx. 2 root root 4096 8月 9 21:20 /var/public/movies/ [root@localhost ~]# smbclient -U user1 //192.168.1.98/movies #這裏的ip地址寫錯了,所以登不上,囧。。。 Enter user1's password: Connection to 192.168.1.98 failed (Error NT_STATUS_HOST_UNREACHABLE) [root@localhost ~]# chmod o+w /var/public #這句話不加應該也可以的 [root@localhost ~]# service smb restart 關閉 SMB 服務: [確定] 啓動 SMB 服務: [確定] [root@localhost ~]# smbclient -U user1 //192.169.1.98/movies Enter user1's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 21:20:05 2012 .. D 0 Thu Aug 9 21:20:05 2012 40317 blocks of size 262144. 26847 blocks available smb: \> pwd Current directory is \\192.169.1.98\movies\ smb: \> put 1 .gnome2/ .nautilus/ .xauthmGZjkB 8.9samba .gnote/ off .xauthnex4AK a .gnupg/ .printer-groups.xml .xauthQDpdMq anaconda-ks.cfg .gstreamer-0.10/ .pulse/ .xauths3w8PP .bash_history .gtk-bookmarks .pulse-cookie .xauthWHeJNQ .bash_logout .gvfs/ .recently-used.xbel .xauthzsGCtR .bash_profile .ICEauthority .ssh/ 公共的/ .bashrc .icons/ .tcshrc 模板/ .cache/ .imsettings.log .themes/ 視頻/ .config/ install.log .thumbnails/ 圖片/ .cshrc install.log.syslog .viminfo 文檔/ .dbus/ .lesshst .xauthEjNjkE 下載/ .esd_auth .lftp/ .xauthH1M7lM 音樂/ .gconf/ .local/ .xauthiHGPWs 桌面/ .gconfd/ loginDir/ .xauthKSE2s2 smb: \> put a putting file a as \a (0.0 kb/s) (average 0.0 kb/s) smb: \> ls . D 0 Thu Aug 9 21:22:21 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir user1dir1 smb: \> ls . D 0 Thu Aug 9 21:22:26 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 40317 blocks of size 262144. 26847 blocks available smb: \> ls . D 0 Thu Aug 9 21:23:23 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 #這個文件是在windows下拖進去的 user1dir1 D 0 Thu Aug 9 21:22:26 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# smbclient -U user2 //192.169.1.98/movies Enter user2's password: session setup failed: NT_STATUS_LOGON_FAILURE [root@localhost ~]# user2沒有通過smbpasswd添加,所以登錄不上去 -bash: user2沒有通過smbpasswd添加,所以登錄不上去: command not found [root@localhost ~]# id user2 #先看本地是否有user2用戶 uid=503(user2) gid=503(user2) 組=503(user2) [root@localhost ~]# id chen #試一下沒在valid users中的用戶是否能登陸 uid=500(chen) gid=500(chen) 組=500(chen) [root@localhost ~]# smbpasswd -a user2 New SMB password: Retype new SMB password: Added user user2. [root@localhost ~]# smbpasswd -a chen New SMB password: Retype new SMB password: Added user chen. [root@localhost ~]# smbclient -U chen //192.169.1.98/movies Enter chen's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] tree connect failed: NT_STATUS_ACCESS_DENIED #登陸不上 [root@localhost ~]# smbclient -U user2 //192.169.1.98/movies Enter user2's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 21:23:23 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir user2dir2 #這裏user2沒在write list裏面,但是還是能創建 smb: \> ls . D 0 Thu Aug 9 21:23:23 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 40317 blocks of size 262144. 26847 blocks available smb: \> put 1 #也能上傳,這個是不應該的 putting file 1 as \1 (0.0 kb/s) (average 0.0 kb/s) smb: \> ls . D 0 Thu Aug 9 21:23:23 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit -----------------------下面是問題解決問題的試驗過程,可能有不合理的地方---------------------------- [root@localhost ~]# cat /etc/group |grep user2 #看一下user2是否在root組裏,因爲剛纔write list裏有 @root user2:x:503: [root@localhost ~]# vim /etc/samba/smb.conf [root@localhost ~]# 把 @root從write list中刪除了 #這裏的vim把 @root從write list中刪除了,write list只有user1了 -bash: 把 @root從write: command not found [root@localhost ~]# service smb restart 關閉 SMB 服務: [確定] 啓動 SMB 服務: [確定] [root@localhost ~]# smbclient -U root //192.169.1.98/movies #用root登陸進去看是否能寫 Enter root's password: session setup failed: NT_STATUS_LOGON_FAILURE [root@localhost ~]# smbpasswd -a root New SMB password: Retype new SMB password: Added user root. [root@localhost ~]# smbclient -U root //192.169.1.98/movies Enter root's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 21:49:55 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir rootdir3 #root還是可以寫 smb: \> ls . D 0 Thu Aug 9 21:49:55 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# tail -11 /etc/samba/smb.conf #看一下配置文件 [movies] comment = This is a movies world! path = /var/public/movies public = no writable = yes printable = no valid users = user1 user2 @root write list = user1 directory mask = 0744 create mask = 0600 [root@localhost ~]# vim /etc/samba/smb.conf #把writable = yes刪掉了 [root@localhost ~]# service smb restart 關閉 SMB 服務: [確定] 啓動 SMB 服務: [確定] [root@localhost ~]# smbclient -U root //192.169.1.98/movies Enter root's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir rootdir4 NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \rootdir4 #哈哈。。這下寫不了了,就是這個writable搗的鬼。 smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# smbclient -U user1 //192.169.1.98/movies Enter user1's password: session setup failed: NT_STATUS_LOGON_FAILURE [root@localhost ~]# smbpasswd -a user1 #上面密碼可能輸錯了,又加了一遍 New SMB password: Retype new SMB password: [root@localhost ~]# smbclient -U user1 //192.169.1.98/movies #看看user1能不能寫,應該是可以纔對 Enter user1's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir user1dir2 #的確可以,可見只要關掉writable,write list就完全起作用了 smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# smbclient -U user2 //192.169.1.98/movies #再試試user2可不可以呢?應該也不行 Enter user2's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir user2dir3 NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \user2dir3 #不行,再次驗證 smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# [root@localhost ~]# --------------測試selinux----------------------^C [root@localhost ~]# setenforce 1 [root@localhost ~]# smbclient -U user1 //192.169.1.98/movies Enter user1's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> mkdir user1dir3 NT_STATUS_ACCESS_DENIED making remote directory \user1dir3 #開selinux,就不能正常創建了,雖然user1有寫權限 smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# ls -dZ /var/public/movies/ #看一下movies的標籤(上下文) drwxr-xrwx. root root unconfined_u:object_r:public_content_rw_t:s0 /var/public/movies/ [root@localhost ~]# chcon -t samba_share_t /var/public/movies/ #把標籤改爲samba_share_t [root@localhost ~]# ls -dZ /var/public/movies/ drwxr-xrwx. root root unconfined_u:object_r:samba_share_t:s0 /var/public/movies/ [root@localhost ~]# ls -Z /var/public/movies/ -rw-------. user2 user2 unconfined_u:object_r:public_content_rw_t:s0 1 -rw-------. user1 user1 unconfined_u:object_r:public_content_rw_t:s0 8.9samba -rw-------. user1 user1 unconfined_u:object_r:public_content_rw_t:s0 a drwxr--r--. user1 user1 unconfined_u:object_r:public_content_rw_t:s0 dir1 drwxr--r--. user2 user2 unconfined_u:object_r:public_content_rw_t:s0 dir2 drwxr--r--. root root unconfined_u:object_r:public_content_rw_t:s0 dir3 drwxr--r--. user1 user1 unconfined_u:object_r:public_content_rw_t:s0 user1dir2 [root@localhost ~]# 這裏面的文件都是public_content_rw_t這個標籤,先不改,進去看是否能看到^C [root@localhost ~]# smbclient -U user1 //192.169.1.98/movies Enter user1's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> mkdir user1dir3 #可以創建了,原來的文件也可以看到,可能跟public_content_rw_t標籤兼容有關,若是其他標籤可能看不到,這時候需要把文件的標籤頁改過來 smb: \> ls . D 0 Thu Aug 9 22:07:58 2012 .. D 0 Thu Aug 9 21:20:05 2012 a 0 Thu Aug 9 21:22:21 2012 user1dir2 D 0 Thu Aug 9 22:11:34 2012 rootdir3 D 0 Thu Aug 9 22:07:58 2012 8.9samba 19725 Thu Aug 9 11:38:38 2012 user1dir1 D 0 Thu Aug 9 21:22:26 2012 user1dir3 D 0 Thu Aug 9 22:25:52 2012 user2dir2 D 0 Thu Aug 9 21:49:38 2012 1 0 Thu Aug 9 21:49:55 2012 40317 blocks of size 262144. 26847 blocks available smb: \> quit [root@localhost ~]# smbclient -U user2 //192.169.1.98/movies #再試試改完標籤後user2是否可以 Enter user2's password: Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.4-68.el6] smb: \> mkdir user2dir1 NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \user2dir1 #還是不行的 smb: \> quit [root@localhost ~]#
ps:本文出處在:http://blog.csdn.net/chen_jp/article/details/7866625 ,供學習參考用。
如果涉及到侵權,請聯繫我!