實驗開始前:
[root@localhost ~]# systemctl stop firewalld
SMB文件共享
通用Internet文件系統(CIFS)也稱爲服務器信息塊(SMB),是適用於MicrosoftWindows服務器和客戶端的標準文件和打印機共享系統。Samba服務可用於將Linux文件系統作爲CIFS/SMB網絡文件共享進行共享,並將Linux打印機作爲CIFS/SMB打印機共享進行共享
Samba服務的組成部分
1. 軟件包:
Samba-common – Samba的支持文件
Samba-client – 客戶端應用程序
Samba – 服務器應用程序
2. 服務名稱:smb nmb
3. 服務端口: 通常使用TCP/445進行所有連接。還使用UDP137、UDP138和TCP/139進行向後兼容
4. 主配置文件:/etc/samba/smb.conf
1)服務的安裝:
[root@localhost ~]# yum install samba samba-client.x86_64 samba-common -y
[root@localhost ~]# systemctl start smb nmb
[root@localhost ~]# systemctl enable smb nmb
2)添加smb用戶
[root@localhost ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@localhost ~]# smbpasswd -a student ##添加samba用戶
New SMB password:
Retype new SMB password:
Added user student.
[root@localhost ~]# smbclient -L //172.25.254.113
Enter root's password:
Connection to 172.25.254.113 failed (Error NT_STATUS_CONNECTION_REFUSED)
[root@localhost ~]# pdbedit -L ##查看smb用戶信息
student:1000:Student User
[root@localhost ~]# setsebool -P samba_enable_home_dirs on##在selinux中設定smb用戶可以訪問自己的家目錄
Boolean enable_samba_home_dirs is not defined
[root@localhost ~]# getsebool -a | grep samba
[root@localhost ~]# smbpasswd -x student ##刪除samba用戶
測試:
[root@localhost ~]# smbclient //172.25.254.113/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Thu Jul 10 18:19:09 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28503 blocks available
smb: \> quit
[root@localhost ~]#
3)共享目錄的基本設定
[root@localhost ~]# vim /etc/samba/smb.conf
321 [haha] ##共享目錄
322 comment = local directory ##對共享目錄的描述
323 path = /smbshare ##共享目錄的絕對路徑
89 workgroup = WESTOS ##組名的更改(可改可不改,如果改就在這改)
[root@localhost ~]# systemctl restart smb.service
####當共享目錄爲用戶自建立目錄時
[root@localhost ~]# mkdir /smbshare ##自己建立的文件
[root@localhost ~]# touch /smbshare/westosha
[root@localhost ~]# semanage fcontext -a -t samba_share_t '/smbshare(/.*)?' ##安全上下文的統一
[root@localhost ~]# restorecon -RvvF /smbshare刷新
context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
restorecon reset /smbshare/westosha context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
smb: \> quit
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:25:33 2017
.. D 0 Sat Jun 3 14:25:16 2017
westosha N 0 Sat Jun 3 14:25:33 2017
10473900 blocks of size 1024. 7296000 blocks available
smb: \> quit
[root@localhost ~]# setsebool -P samba_enable_home_dirs 0
[root@localhost ~]# systemctl restart smb.service
[root@localhost ~]# cd /mnt
[root@localhost mnt]# ls
[root@localhost mnt]# touch file{1..5}
[root@localhost mnt]# ls
file1 file2 file3 file4 file5
[root@localhost mnt]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
####當共享目錄爲系統建立目錄
[root@localhost mnt]# setsebool -P samba_export_all_ro on##只讀共享
[root@localhost mnt]# systemctl restart smb.service
[root@localhost mnt]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> on
samba_export_all_rw --> off##讀寫共享
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@localhost smbshare]# vim /etc/samba/smb.conf
321 [haha]
322 comment = local directory
323 path = /mnt
[root@localhost smbshare]# systemctl restart smb.service
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:36:40 2017
.. D 0 Sat Jun 3 14:25:16 2017
file1 N 0 Sat Jun 3 14:36:40 2017
file2 N 0 Sat Jun 3 14:36:40 2017
file3 N 0 Sat Jun 3 14:36:40 2017
file4 N 0 Sat Jun 3 14:36:40 2017
file5 N 0 Sat Jun 3 14:36:40 2017
10473900 blocks of size 1024. 7305632 blocks available
smb: \>
4)samba的配置參數
更改完配置文件時刻重啓生效:systemctl restart smb.service
vim /etc/samba/smb.conf
guest ok = yes ##匿名用戶的訪問
map to guest = bad user
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha
Enter kiosk's password: ##直接跳過不用輸密碼,smb用戶裏面沒有kiosk
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:36:40 2017
.. D 0 Sat Jun 3 14:25:16 2017
file1 N 0 Sat Jun 3 14:36:40 2017
file2 N 0 Sat Jun 3 14:36:40 2017
file3 N 0 Sat Jun 3 14:36:40 2017
file4 N 0 Sat Jun 3 14:36:40 2017
file5 N 0 Sat Jun 3 14:36:40 2017
10473900 blocks of size 1024. 7305624 blocks available
smb: \> quit
###訪問控制
1.hosts allow = ip##僅允許當前ip
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:36:40 2017
.. D 0 Sat Jun 3 14:25:16 2017
file1 N 0 Sat Jun 3 14:36:40 2017
file2 N 0 Sat Jun 3 14:36:40 2017
file3 N 0 Sat Jun 3 14:36:40 2017
file4 N 0 Sat Jun 3 14:36:40 2017
file5 N 0 Sat Jun 3 14:36:40 2017
10473900 blocks of size 1024. 7303804 blocks available
smb: \> quit
2.hosts deny = ip ##僅拒絕當前ip
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
3.
valid users = 用戶 ##當前共享的有效用戶
valid users = @westos或+westos ##當前共享的有效用戶爲westos組
測試:
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U westos
Enter westos's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:36:40 2017
.. D 0 Sat Jun 3 14:25:16 2017
file1 N 0 Sat Jun 3 14:36:40 2017
file2 N 0 Sat Jun 3 14:36:40 2017
file3 N 0 Sat Jun 3 14:36:40 2017
file4 N 0 Sat Jun 3 14:36:40 2017
file5 N 0 Sat Jun 3 14:36:40 2017
10473900 blocks of size 1024. 7303804 blocks available
smb: \> quit
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
[root@localhost smbshare]# usermod -G westos student
[root@foundation13 Desktop]# smbclient //172.25.254.113/haha -U student
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 3 14:36:40 2017
.. D 0 Sat Jun 3 14:25:16 2017
file1 N 0 Sat Jun 3 14:36:40 2017
file2 N 0 Sat Jun 3 14:36:40 2017
file3 N 0 Sat Jun 3 14:36:40 2017
file4 N 0 Sat Jun 3 14:36:40 2017
file5 N 0 Sat Jun 3 14:36:40 2017
10473900 blocks of size 1024. 7303804 blocks available
smb: \> quit
###讀寫控制
所有用戶均可寫
[root@localhost smbshare]# chmod o+w /mnt
[root@localhost smbshare]# setsebool -P samba_export_all_rw on
[root@localhost smbshare]# vim /etc/samba/smb.conf
[haha]
comment = local directory
path = /mnt
writable = yes ##讀寫控制打開
admin user = westos ##允許用戶westos
[root@localhost smbshare]# systemctl restart smb.service
測試:
[root@foundation13 Desktop]# mount -o username=westos,password=westos //172.25.254.113/haha /mnt/
[root@foundation13 Desktop]# cd /mnt
[root@foundation13 mnt]# ls
file1 file2 file3 file4 file5
[root@foundation13 mnt]# touch file6
[root@foundation13 mnt]# ls
file1 file2 file3 file4 file5 file6
設定指定用戶可寫
write list = student##可寫用戶
write list = +student##可寫用戶組
write list = @student
admin users = westos##共享的超級用戶指定
5)smb多用戶掛載
在client上
[root@foundation13 mnt]# vim /root/haha
1 username=student
2 password=student
測試:
[root@foundation13 mnt]# chmod 600 /root/haha
[root@foundation13 mnt]# yum install cifs-utils -y
[root@foundation13 mnt]# mount -o credentials=/root/haha,multiuser,sec=ntlmssp //172.25.254.113/haha /mnt/
#credentials=/root/haha ##指定掛載時所用到的用戶文件
#multiuser ##支持多用戶認證
#sec=ntlmssp ##認證方式爲標準smb認證方式
[root@foundation13 mnt]# ls
file
[root@foundation13 mnt]# su - kiosk
Last login: Sat Jun 3 16:43:08 CST 2017 on pts/5
[kiosk@foundation13 ~]$ ls /mnt/
ls: cannot access /mnt/: Permission denied##因爲沒有做smb的認證所以無法訪問smb共享
[kiosk@foundation13 ~]$ cifscreds add -u westos 172.25.254.113
Password:
[kiosk@foundation13 ~]$ ls /mnt
file