关键词:
文件共享服务---Samba
=============================================================================
Samba介绍
★smb:Service Message Block;服务信息块
★cifs:Common Internet File System,
★samba:作者:Andrew Tridgell;
实事上是smb功能的实现,核心当中所实现的主要协议是cifs协议
★功能:
文件系统共享;
NetBIOS协议(进行Windows网络上的主机名解析);
打印服务;
Samba安装配置
1)程序环境
★samba安装
# yum install samba -y
★主配置文件
/etc/samba/smb.conf
★主程序:
/usr/sbin/nmbd:
Network Naming Service,主要是完成NetBIOS名称解析;
/usr/sbin/smbd:
SMB/CIFS Service;核心主程序,完成SMB/CIFS服务
★Unit File
/usr/lib/systemd/system/nmb.service
/usr/lib/systemd/system/smb.service
★监听的端口:
UDP:137/udp, 138/udp
TCP:139/tcp, 445/tcp
★客户端程序:
mount -t cifs = mount.cifs
smbclient:交互式命令行客户端工具;
2)samba的配置
/etc/samba/smb.conf
★主配置文件:/etc/samba/smb.conf
[[email protected] ~]# cd /etc/samba [[email protected] samba]# ls lmhosts smb.conf [[email protected] samba]# cp smb.conf{,.bak} # 首先备份 [[email protected] samba]# ls lmhosts smb.conf smb.conf.bak [[email protected] samba]# grep -i -E "^#[[:space:]]*(=|-)+" smb.conf # 过滤出配置段 #--------------- #-------------- # 全局配置段 #======================= Global Settings ===================================== # ----------------------- Network-Related Options ------------------------- # --------------------------- Logging Options ----------------------------- # ----------------------- Standalone Server Options ------------------------ # ----------------------- Domain Members Options ------------------------ # ----------------------- Domain Controller Options ------------------------ # ----------------------- Browser Control Options ---------------------------- #----------------------------- Name Resolution ------------------------------- # --------------------------- Printing Options ----------------------------- # --------------------------- File System Options --------------------------- #============================ Share Definitions ============================== # 用户自定义的共享配置段★两类配置段:
◎全局配置
[global]
workgroup = MYGROUP 工作组模型 用来定义工作组
server string = Samba Server Version %v 定义提示信息
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 指明要监听的地址或网络接口;
hosts allow = 127. 192.168.12. 192.168.13. 访问控制,相当于白名单
log file = /var/log/samba/log.%m 每个客户端将使用自己专用的日志文件;
max log size = 50 指明日志文件大小,默认为KB
security = user 定义安全级别,user提供账号和密码
share (depricated) 匿名共享
server (depricated) 实现集中式身份认证
domain
passdb backend = tdbsam 账号密码的存储格式
load printers = yes samba 服务启动时是否装载打印机驱动
cups options = raw 通用的打印机的服务方式
◎共享文件系统:
[shared_ID]
有三类:
[homes]:每个samba用户是否能够通过samba服务访问其家目录;
[printers]:打印服务;
[shared_FS]:用户自定义的共享目录;
常用指令:
comment:注释信息;
path:本地文件系统路径;
browseable:是否可浏览,是否为用户可见;
guest ok:是否允许来宾账号访问;
public:是否公开给所有来宾;
writable:是否可写;
writable=YES和read only = no是一样的
write list:拥有写权限的用户或组列表;
用户名
@组名, +组名
2)samba用户管理
★命令:
smbpasswd, pdbedit
1)smbpasswd
语法:
smbpasswd [OPTIONS] USERNAME(系统用户)
选项:
-a:添加;
-x:删除;
-d:禁用;
-e:启用
2)pdbedit:
-L:列出samba服务中的所有用户;
-a:添加用户为samba用户;
-u USERNAME:
-x:删除
-t:从标准输出接收密码;
★访问服务:
☉smbclient交互式客户端程序:
查看目标服务上的共享
smbclient -L SMB_SERVER [-U USERNAME]
访问共享服务
smbclient //SMB_SERVER[/SHARE_NAME] [-U USERNAME]
☉mount.cifs
mount -t cifs //SMB_SERVER/SHARED_ID /MOUNT_POINT -o username=USER,password=PASS(指明用户身份和密码)
注意:
挂载操作中的用户,与-o选项中指定的用户直接产生映射关系;访问挂载,是以-o选项指定的用户身份运行,与本地用户以ID产生映射;
★自定义共享的方式:
[shared_ID]
comment =
path =
guest ok =
read only =
public =
browseable =
write list =
☉注意:
定义所有用户在服务级的写权限write = yes (read only = no)不建议与write list同时使用;
命令演示:
1.添加用户
[[email protected] ~]# pdbedit -a -u tao # 添加用户 new password: retype new password: Unix username: tao NT username: Account Flags: [U ] User SID: S-1-5-21-1194301372-4224252613-970535052-1000 Primary Group SID: S-1-5-21-1194301372-4224252613-970535052-513 Full Name: Home Directory: \centos7 ao HomeDir Drive: Logon Script: Profile Path: \centos7 aoprofile Domain: CENTOS7 Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 23:06:39 CST Kickoff time: Wed, 06 Feb 2036 23:06:39 CST Password last set: Tue, 18 Oct 2016 23:24:50 CST Password can change: Tue, 18 Oct 2016 23:24:50 CST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [[email protected] ~]# pdbedit -L # 列出samba用户 tao:1000: [[email protected] ~]# pdbedit -a -u xiu # 再添加一个用户xiu [[email protected] ~]# pdbedit -L tao:1000: xiu:1001:
启动samba服务,并查看端口号
[[email protected] ~]# systemctl start nmb.service smb.service [[email protected] ~]# ss -unl # 查看udp端口 137,138 State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:68 *:* UNCONN 0 0 192.168.1.255:137 *:* UNCONN 0 0 192.168.1.15:137 *:* UNCONN 0 0 *:137 *:* UNCONN 0 0 192.168.1.255:138 *:* UNCONN 0 0 192.168.1.15:138 *:* UNCONN 0 0 *:138 *:* UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 *:34320 *:* UNCONN 0 0 :::10025 :::* UNCONN 0 0 ::1:323 :::* [[email protected] ~]# ss -tnl # 查看tcp协议端口 139,445 State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:6012 *:* LISTEN 0 50 *:445 *:* LISTEN 0 50 *:3306 *:* LISTEN 0 50 *:139 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 127.0.0.1:6010 *:* LISTEN 0 128 127.0.0.1:6011 *:* LISTEN 0 128 ::1:6012 :::* LISTEN 0 50 :::445 :::* LISTEN 0 50 :::139 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 ::1:6010 :::* LISTEN 0 128 ::1:6011 :::*
2.smbclient命令查看目标主机上的共享
这里以centos 6 主机作为客户端,访问作为samba服务器的centos 7
# 匿名访问,不输入密码,如下: [[email protected] ~]# smbclient -L 192.168.1.15 Enter root‘s password: Anonymous login successful Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.2.3) Anonymous login successful Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL # 已创建的系统用户来访问,如下: [[email protected] ~]# smbclient -L 192.168.1.15 -U tao Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.2.3) tao Disk Home Directories Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL
3.smbclient命令访问目标主机上的共享服务
[[email protected] ~]# smbclient //192.168.1.15/ -U tao Enter tao‘s password: [[email protected] ~]# smbclient //192.168.1.15/tao -U tao # 要添加访问共享的shaaname Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > help # 获取帮助 ? allinfo altname archive blocksize cancel case_sensitive cd chmod chown close del dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect .. ! smb: > pwd # 显示的是samba服务器上系统用户tao的家目录 Current directory is \192.168.1.15 aosmb: > ls . D 0 Tue Oct 18 13:09:36 2016 .. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash_logout H 18 Fri Nov 20 13:02:30 2015 .bash_profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash_history H 361 Tue Oct 18 12:43:06 2016 .mysql_history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 f1 13 Tue Oct 18 13:09:36 2016 40940 blocks of size 1048576. 40072 blocks available smb: > put /etc/fstab # 上传Cen 6 中的文件发现不能上传,这里最好使用当前路径 NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file /etc/fstab smb: > lcd /etc # 切换到要上传文件的当前目录中 smb: > put fstab # 上传文件,发现可以上传这是因为系统文件中定义的writable=YES,有写权限,并且tao用户对自己的家目录也有写权限 putting file fstab as fstab (52.3 kb/s) (average 52.3 kb/s) smb: > ls . D 0 Wed Oct 19 00:11:59 2016 .. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash_logout H 18 Fri Nov 20 13:02:30 2015 .bash_profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash_history H 361 Tue Oct 18 12:43:06 2016 .mysql_history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 f1 13 Tue Oct 18 13:09:36 2016 fstab #已上传的文件 A 1017 Wed Oct 19 00:11:59 2016 40940 blocks of size 1048576. 40072 blocks available smb: > ^C
4.自定义共享服务
[[email protected] ~]# mkdir -pv /samba/tools # 创建共享的目录 mkdir: created directory ‘/samba’ mkdir: created directory ‘/samba/tools’ [[email protected] ~]# vim /etc/samba/smb.conf # 编辑主配置文件 [apps] # 自定义一个共享名 comment = tools # 注释为tools工具 path = /samba/tools # 本地文件系统路径 browseable = yes # 允许非属主,数组浏览 guest ok = yes # 允许来宾访问,即匿名用户 writable = yes # 允许写操作(如:上传和删除等) # 配置好之后保存退出,并测试语法 [[email protected] samba]# testparm # 语法测试 Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[apps]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # 敲回车,打印出服务所有的生效配置 # Global parameters [global] workgroup = MYGROUP server string = Samba Server Version %v security = USER log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [apps] comment = tools path = /samba/tools read only = No # 非只读,代表可写 guest ok = Yes [[email protected] samba]# systemctl restart smb 重启服务
查看共享服务,并访问
# 查看系统用户下的共享服务 [[email protected] ~]# smbclient -L 192.168.1.15 -U tao Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- apps Disk tools IPC$ IPC IPC Service (Samba Server Version 4.2.3) tao Disk Home Directories Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL
访问共享服务
# 匿名用户(来宾账号)可以登录,但是不能上传文件 [[email protected] ~]# smbclient //192.168.1.17/apps Enter root‘s password: Anonymous login successful Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > !pwd /etc smb: > put fstab # 不能上传 NT_STATUS_ACCESS_DENIED opening remote file fstab smb: > ^C # 系统账号登录,访问共享服务 [[email protected] ~]# smbclient //192.168.1.15/apps -U tao # 指定共享服务目录为apps Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > pwd Current directory is \192.168.1.15apps # 在apps下 smb: > ls . D 0 Wed Oct 19 00:31:41 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > put fstab NT_STATUS_ACCESS_DENIED opening remote file fstab # 不能上传,虽然服务有写权限,但是对目录对文件系统没有写权限 smb: >
要想使tao用户可以上传和删除文件,除了系统当中的定义的允许写操作外,目录文件系统也要有写权限才可以,仅对tao用户定义如下:
[[email protected] ~]# setfacl -m u:tao:rwx /samba/tools # 设定tao用户的rwx权限 [[email protected] ~]# getfacl /samba/tools getfacl: Removing leading ‘/‘ from absolute path names # file: samba/tools # owner: root # group: root user::rwx user:tao:rwx group::r-x mask::rwx other::r-x
再次访问上传如下
[[email protected] ~]# smbclient //192.168.1.15/apps -U tao Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 00:31:41 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > put fstab putting file fstab as fstab (99.3 kb/s) (average 99.3 kb/s) #上传成功 smb: > ls . D 0 Wed Oct 19 01:00:43 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 01:00:43 2016 40940 blocks of size 1048576. 40072 blocks available smb: > rm fstab # 删除文件 smb: > ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks available smb: >
5.假设现在tao用户和xiu用户都有写操作,即可以向/samba/tools上传文件,但是我只想允许让tao有上传权限,xiu用户不可以传,该如何设置呢? 如下
[[email protected] ~]# setfacl -m u:xiu:rwx /samba/tools [[email protected] ~]# getfacl /samba/tools getfacl: Removing leading ‘/‘ from absolute path names # file: samba/tools # owner: root # group: root user::rwx user:tao:rwx user:xiu:rwx # xiu用户对文件也有rwx权限 group::r-x mask::rwx other::r-x [[email protected] ~]# smbclient //192.168.1.17/apps -U xiu # 系统用户xiu登录访问 Enter xiu‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks available smb: > lcd /etc smb: > put issue # 上传成功 putting file issue as issue (4.2 kb/s) (average 4.2 kb/s) smb: > ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40071 blocks available smb: > ^C
编辑配置文件/etc/samba/smb.conf
重启服务,访问如下:
[[email protected] samba]# systemctl restart smb # 重启服务 [[email protected] ~]# smbclient //192.168.1.17/apps -U xiu # xiu用户再次登录 Enter xiu‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > put fstab NT_STATUS_ACCESS_DENIED opening remote file fstab [[email protected] ~]# smbclient //192.168.1.17/apps -U tao # tao用户可以上传文件 Enter tao‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > put fstab # 上传成功 putting file fstab as fstab (55.2 kb/s) (average 55.2 kb/s) smb: > ls . D 0 Wed Oct 19 21:37:12 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks available
6.定义属组,是属组中的用户都有写权限
[[email protected] ~]# groupadd distro [[email protected] ~]# ll -d /samba/tools/ drwxrwxr-x+ 2 root root 30 Oct 19 21:37 /samba/tools/ [[email protected] ~]# chgrp distro /samba/tools/ [[email protected] ~]# ll -d /samba/tools/ drwxrwxr-x+ 2 root distro 30 Oct 19 21:37 /samba/tools/ [[email protected] ~]# setfacl -b /samba/tools # 为了保证实验,清空目录的acl权限 [[email protected] ~]# getfacl /samba/tools getfacl: Removing leading ‘/‘ from absolute path names # file: samba/tools # owner: root # group: distro user::rwx group::r-x other::r-x [[email protected] ~]# chmod 775 /samba/tools/ # 设定目录的属组有写权限 [[email protected] ~]# ll -d /samba/tools/ drwxrwxr-x 2 root distro 30 Oct 19 22:23 /samba/tools/ [[email protected] ~]# usermod -a -G distro tao [[email protected] ~]# usermod -a -G distro xiu [[email protected] ~]# id tao uid=1000(tao) gid=1000(tao) groups=1000(tao),2003(distro) [[email protected] ~]# id xiu uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
编辑配置文件/etc/samba/smb.conf如下:
[[email protected] samba]# systemctl restart smb [[email protected] ~]# smbclient //192.168.1.17/apps -U xiu # 使用xiu用户登录 Enter xiu‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 21:37:12 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks available smb: > pwd Current directory is \192.168.1.17appssmb: > rm issue # 可以删除 smb: > ls . D 0 Wed Oct 19 22:22:30 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks available smb: > lcd /etc smb: > put issue # 可以上传 putting file issue as issue (5.2 kb/s) (average 5.2 kb/s) smb: > ls . D 0 Wed Oct 19 22:23:51 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:23:51 2016 40940 blocks of size 1048576. 40072 blocks available #================================================================================== [[email protected] ~]# gpasswd -d xiu distro # 把秀从组中移除 Removing user xiu from group distro [[email protected] ~]# groupmems -g distro -l # 查看组成员 tao # 再次使用秀用户登录,发现不能上传,如下 [[email protected] ~]# smbclient //192.168.1.17/apps -U xiu Enter xiu‘s password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] smb: > ls . D 0 Wed Oct 19 22:40:22 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:40:22 2016 40940 blocks of size 1048576. 40072 blocks available smb: > pwd Current directory is \192.168.1.17appssmb: > rm issue # 不能删除 NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file issue NT_STATUS_MEDIA_WRITE_PROTECTED listing issue smb: > lcd /etc smb: > put issue # 不能上传 NT_STATUS_ACCESS_DENIED opening remote file issue
7.使用mount.cifs访问
[[email protected] ~]# usermod -a -G distro xiu # 把xiu用户加入到distro组中,即也有写权限 [root[email protected] ~]# id xiu uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro) [[email protected] ~]# ll -d /samba/tools/ drwxrwxr-x 2 root distro 63 Oct 19 23:24 /samba/tools/ # 使用mount -t cifs(mount.cifs)方式指明smb服务器,共享目录,以及使用登陆的系统用户和密码 [[email protected] ~]# mount -t cifs //192.168.1.17/apps/ /mnt -o username=xiu,password=134296 [[email protected] ~]# mount # 查看挂载点 /dev/mapper/vg0-root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext4 (rw) /dev/mapper/vg0-usr on /usr type ext4 (rw) /dev/mapper/vg0-var on /var type ext4 (rw) /dev/sda5 on /home type ext4 (rw,usrquota,grpquota) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) //192.168.1.17/apps/ on /mnt type cifs (rw) # 已经挂载上了 [[email protected] ~]# cd /mnt/ [[email protected] mnt]# ls fstab issue [[email protected] mnt]# echo taotaoxiuxiu > test.txt # 可见客户端的root用户对挂载点/mnt有写权限 [[email protected] mnt]# su - tao # 切换到一个普通用户 [[email protected] ~]$ cd /mnt/ [[email protected] mnt]$ ls fstab issue test.txt [[email protected] mnt]$ cat test.txt taotaoxiuxiu [[email protected] mnt]$ echo nulixiangqian >> test.txt -bash: test.txt: Permission denied # 虽然在服务端系统用户有写权限(包括文件系统),但客户单普通用户对挂载点没有写权限
既然如此,我们就在本地创建一个目录/data/apps专门作为挂载点,并赋予tao用户rwx权限,看能否写进去,如下:
# 创建挂载点目录 [[email protected] ~]# mkdir -pv /data/apps mkdir: created directory `/data‘ mkdir: created directory `/data/apps‘ #============================================================================= # 使tao用户对此目录有rwx权限 [[email protected] ~]# setfacl -m u:tao:rwx /data/apps/ [[email protected] ~]# getfacl /data/apps getfacl: Removing leading ‘/‘ from absolute path names # file: data/apps # owner: root # group: root user::rwx user:tao:rwx group::r-x mask::rwx other::r-x #============================================================================== # 挂载到/data/apps,切换到tao用户,看能否写 [[email protected] ~]# mount -t cifs //192.168.1.17/apps/ /data/apps -o username=xiu,password=134296 [[email protected] ~]# mount /dev/mapper/vg0-root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/sda1 on /boot type ext4 (rw) /dev/mapper/vg0-usr on /usr type ext4 (rw) /dev/mapper/vg0-var on /var type ext4 (rw) /dev/sda5 on /home type ext4 (rw,usrquota,grpquota) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) //192.168.1.17/apps/ on /data/apps type cifs (rw) [[email protected] ~]# cd /data/apps/ [[email protected] apps]# ll total 12 -rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab -rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue -rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt [[email protected] apps]# su - tao [[email protected] ~]$ cd /data/apps/ [[email protected] apps]$ ls fstab issue test.txt [[email protected] apps]$ echo nulizaiyiqi >> test.txt -bash: test.txt: Permission denied # 权限被拒绝
如上,我们发现还是被拒绝,这到底是为什么呢?这是因为远程和客户端用的是id映射,和用户名无关,只和id号有关
[[email protected] ~]# ll /data/apps/ # 客户端显示的属主 total 12 -rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab -rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue -rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt [[email protected] ~]# id xiu uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro) [[email protected] ~]# ll /samba/tools/ # 服务端显示的属主 total 12 -rwxr--r-- 1 tao tao 1017 Oct 19 21:37 fstab -rwxr--r-- 1 xiu xiu 90 Oct 19 22:40 issue -rw-r--r-- 1 xiu xiu 13 Oct 19 23:33 test.txt [[email protected] ~]# useradd -u 1001 wang # 创建一个同服务端属主id号相同的用户 [[email protected] ~]# su - wang [[email protected] ~]$ cd /data/apps/ [[email protected] apps]$ ls fstab issue test.txt [[email protected] apps]$ echo nulizaiyiqi >> test.txt # 写操作成功 [[email protected] apps]$ cat test.txt taotaoxiuxiu nulizaiyiqi [[email protected] apps]$ ll total 12 -rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab -rwxr--r-- 1 wang 2002 90 Oct 19 2016 issue -rw-r--r-- 1 wang 2002 25 Oct 20 2016 test.txt
3)smbstatus命令:
★显示samba服务的相关共享的访问状态信息;
-b:显示简要格式信息;
-v:显示详细格式信息;
演示
[[email protected] ~]# smbstatus Samba version 4.2.3 PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 # 挂载访问 Service pid machine Connected at ------------------------------------------------------- IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 # 客户端方式访问 No locked files
简要显示 -b,和详细显示-v
[[email protected] ~]# smbstatus -b Samba version 4.2.3 PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 [[email protected] ~]# smbstatus -v using configfile = /etc/samba/smb.conf Samba version 4.2.3 PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 Opened /var/lib/samba/connections.tdb Service pid machine Connected at ------------------------------------------------------- IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 No locked files
samba部署共享服务
...mba服务程序现在已经成为在Linux系统与Windows系统之间共享文件的最佳选择Samba可以使:Linux---linux之间文件共享,也可以使Linux---windows之间文件共享NFS:网络文件系统:linux---linux之间的简化文件共享服务。简单记录下搭建过程:一... 查看详情
网络文件共享服务-samba(代码片段)
...SMB:ServerMessageBlock服务器消息块,IBM发布,最早是DOS网络文件共享协议Cifs:commoninternetfilesystem,微软基于SMB发布SAMBA:1991年AndrewTridgell,实现windows和UNIX相通SAMBA的功能:共享文件和打印,实现在线编辑实现登录SAMBA用户的身份认证... 查看详情
文件共享服务之一samba服务
...a: 是一款在Linux/Unix系统上实现与windows系统进行文件共享的免费开源软件。广泛应用于Unix-like与Windows之间,提供文件共享和打印机共享服务,使得不同系统之间跨平台共享资源更加便 查看详情
samba文件共享服务
...15g的逻辑卷,并挂载到/disk目录,并在其中创建几个测试文件3.安装samba软件包,并设置smb服务开机自动运行4.创建共享目录名为software,对应系统目录/disk5.把本人用户、班级名用户、root用户添 查看详情
共享服务samba,实现liunx与windows文件共享
...mba服务程序是一款SMB协议并有服务器和客户端组成的开源文件共享软件,实现了Linux与Windows系统之间的文件共享Samba的配置文件有太多注释的东西,为了方便使用下面的命令,可以更好的观看Samba的配置文件:mv/etc/samba/smb.conf/etc/... 查看详情
samba文件共享服务
...UNIX系统中实现了微软SMB/CIFS网络协议,从而使得跨平台的文件共享变得更加容易 CIFS协议(CommonInternetFileSystem,通用互联网文件系统)Samba服务器的主要程序 smbd 查看详情
红帽7配置samba文件共享服务(代码片段)
samba软件主要功能是为客户机提供共享使用的文件夹. 使用的协议是SMB(TCP139)、CIFS(TCP445). 所需的软件包:samba 系统服务:smb1.安装samba服务~]#yum-yinstallsamba #安装samba服务~]#systemctlstartsmb #启动samba服务~]#... 查看详情
samba文件共享服务(代码片段)
Samba文件共享服务一、简介Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。SMB(ServerMessagesBlock,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之... 查看详情
samba文件共享服务
...源: 早期网络想要在不同主机之间共享文件大多要用FTP协议来传输,但FTP协议仅能做到传输文件却不能直接修改对方主机的资料数据,这样确实不太方便,于是便出现了NFS开源文件共享程序:NFS(NetworkFile Syste... 查看详情
红帽7samba服务实现文件共享(代码片段)
Samba文件共享服务首先需要先通过Yum软件仓库来安装Samba服务程序(Samba服务程序的名字也恰巧是软件包的名字)[[email protected]~]#yuminstallsambaLoadedplugins:langpacks,product-id,subscription-managerThissystemisnotregisteredtoRedHatSubscripti 查看详情
samba
CIFS文件的存储一SMB文件共享 通用Internet文件系统(CIFS)也称为服务器信息块(SMB),是适用于MicrosoftWindows服务器和客户端的标准文件和打印机共享系统。 Samba服务可用于将Linux文件系统作为CIFS/SMB网络文件共享进行共... 查看详情
文件共享:samba
Samba共享服务–用途:为客户机提供共享使用的文件夹–协议:SMB(TCP139)、CIFS(TCP445)客户端访问服务端资源会遇到的四个问题:1,服务端,服务的访问控制2,服务端,防火墙3,服务端,SELinux策略4,服务端,本地权限SELinux策略,布... 查看详情
使用samba实现文件共享(代码片段)
SMB服务消息块协议,指在解决局域网内的文件或打印机等资源的共享问题,这也使得在多个主机之间共享文件变得越来越简单,Samba服务已经成为了,Linux系统与Windows系统之间数据传输的最佳选择.Samba服务概述Samba是SMB的一种实现方法... 查看详情
samba文件共享及账户映射
samba文件共享及账户映射实验介绍:在虚拟机Linux系统上安装sanmba服务,并在另外一台虚拟机的win7系统上访问共享文件夹,主要分为:匿名访问、身份验证访问、以及添加白名单和为了保护服务器安全的账户映射功能。1、在Linux... 查看详情
samba文件共享及账户映射
samba文件共享及账户映射实验介绍:在虚拟机Linux系统上安装sanmba服务,并在另外一台虚拟机的win7系统上访问共享文件夹,主要分为:匿名访问、身份验证访问、以及添加白名单和为了保护服务器安全的账户映射功能。1、在Linux... 查看详情
samba服务创建共享文件系统
...中的用户账户一一对应)。这就是我们在本示例的主配置文件全局配置中加上“usernamemap=/etc/Samba/smbusers”语句的原因了。可以通过编辑/etc/Samba/smbusers文件为Linux系 查看详情
samba文件共享服务搭建
主机名称操作系统IP地址Samba共享服务器红帽RHEL6操作系统192.168.0.141客户端红帽RHEL6操作系统192.168.0.142客户端Windows7操作系统192.168.0.110[[email protected]~]##yum-yinstallsamba[[email protected]~]#servicesmbrestart[[email 查看详情
cifs文件系统{samba文件共享服务}
一.samba介绍1.提供cifs协议实现共享文件,主要用于windows与linux的网络文件系统 二.搭建环境安装服务1.配置yum仓库2.关闭防火墙systemctlstopfirewalld3.安装软件,设置开机自动启动yuminstallsam... 查看详情