目录
运行环境
## samba软件安装
[root@vm3 etc]# yum -y install samba-*
## 关闭防火墙
[root@vm3 etc]# systemctl stop firewalld
## 修改selinux
[root@vm3 etc]# setenforce 0
[root@vm3 etc]# getenforce
Permissive
## samba软件安装
## cifs文件系统挂载工具
[root@vm1 mnt]# yum -y install samba-client cifs-utils
## 关闭防火墙
[root@vm1 etc]# systemctl stop firewalld
## 修改selinux
[root@vm1 mnt]# setenforce 0
[root@vm1 mnt]# getenforce
Permissive
1.搭建匿名共享smb服务
1.1 服务端
[root@vm3 samba]# vim smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
map to guest = bad user //匿名访问必加,bad user
[smb-public]
comment = smb-public
path = /smb/smb-public // 共享目录路径
guest ok = yes // 所有人是否可以访问
writable = yes // 共享目录是否可写
public = yes // 是否允许匿名用户访问
browseable = yes // 设置共享是否可见
[root@vm3 samba]# useradd -M -r -s /sbin/nologin smb1
[root@vm3 samba]# useradd -M -r -s /sbin/nologin smb2
[root@vm3 samba]# useradd smb3
## smbpasswd,pdbedit用于编辑samba用户
[root@vm3 samba]# smbpasswd -a smb1
New SMB password:
Retype new SMB password:
[root@vm3 samba]# smbpasswd -a smb2
New SMB password:
Retype new SMB password:
[root@vm3 samba]# pdbedit -a -u smb3
new password:
retype new password:
#查看添加的samba用户
[root@vm3 samba]# pdbedit -L
smb2:994:
smb3:1002:
smb1:995:
#查看创建的共享目录
[root@vm3 smb]# tree .
.
├── smb-public
│ └── 123
└── smb-shared
└── 123
[root@vm3 smb]# ll
total 0
drwxr-xrwx. 2 root root 17 Oct 10 21:28 smb-public
drwxr-xrwx. 3 root root 39 Oct 10 21:40 smb-shared
[root@vm3 smb]# systemctl start smb
[root@vm3 smb]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 0.0.0.0:445 0.0.0.0:*
LISTEN 0 50 0.0.0.0:139 0.0.0.0:*
LISTEN 0 50 [::]:445 [::]:*
LISTEN 0 50 [::]:139 [::]:*
.........................................................
1.2 客户端
[root@vm1 mnt]# smbclient -L 172.16.104.132
Enter SAMBA\root's password: //直接回车,匿名不用输密码
Sharename Type Comment
--------- ---- -------
smb-public Disk smb-public
smb-shared Disk smb-shared
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[root@vm1 mnt]# smbclient //172.16.104.132/smb-public
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sat Oct 10 21:28:11 2020
.. D 0 Sat Oct 10 19:21:20 2020
123 N 0 Sat Oct 10 21:28:11 2020
smb: \> mkdir abc
smb: \> ls
. D 0 Sat Oct 10 21:37:22 2020
.. D 0 Sat Oct 10 19:21:20 2020
123 N 0 Sat Oct 10 21:28:11 2020
abc D 0 Sat Oct 10 21:37:22 2020
smb: \> quit
[root@vm1 mnt]#
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-public /mnt/smb-public/
Password for root@//172.16.104.132/smb-public: //直接回车,不需要密码
[root@vm1 mnt]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 963M 0 963M 0% /dev
tmpfs tmpfs 981M 0 981M 0% /dev/shm
tmpfs tmpfs 981M 8.7M 972M 1% /run
tmpfs tmpfs 981M 0 981M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 2.0G 16G 12% /
/dev/sda1 ext4 976M 109M 800M 12% /boot
tmpfs tmpfs 197M 0 197M 0% /run/user/0
//172.16.104.132/smb-public cifs 17G 2.2G 15G 13% /mnt/smb-public
[root@vm1 smb-pulic]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
drwxr-xr-x. 2 root root 0 Oct 10 21:37 abc
[root@vm1 smb-public]# touch 456
[root@vm1 smb-public]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 01:37 456
drwxr-xr-x. 2 root root 0 Oct 10 21:37 abc
1.3 验证效果
##查看服务端共享目录
[root@vm3 smb-public]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 nobody nobody 0 Oct 15 2020 456
drwxr-xr-x. 2 nobody nobody 6 Oct 10 21:37 abc
2.配置用户认证共享
- 需求:只允许smb1,smb2访问共享目,且smb1拥有写权限
2.1 服务端
[root@vm3 samba]# vim smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
map to guest = bad user
[smb-shared]
comment = smb-shared
path = /smb/smb-shared //共享目录路径
browseable = yes
guest ok = yes
writable = yes
write list = smb1 // 允许写操作的用户或组(@组名)列表
public = no
read only = yes // 只读
valid users = smb1,smb2 // 有的用户或组(@组名)
directory mask = 0755 // 客户端创建目录的默认权限
create mask = 0644 // 客户端创建文件的默认权限
[root@vm3 smb]# cd smb-shared/
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
[root@vm3 smb-shared]# systemctl restart smb
[root@vm3 smb-shared]# systemctl reload smb
2.2 客户端
[root@vm1 mnt]# smbclient -L //172.16.104.132/smb-shared -U smb1
Enter SAMBA\smb1's password:
Sharename Type Comment
--------- ---- -------
smb-public Disk smb-public
smb-shared Disk smb-shared
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[root@vm1 mnt]# smbclient //172.16.104.132/smb-shared
Enter SAMBA\root's password:
tree connect failed: NT_STATUS_ACCESS_DENIED ##不能匿名访问
[root@vm1 mnt]# smbclient //172.16.104.132/smb-shared -U smb1
Enter SAMBA\smb1's password: ##输入smb1 samba用户的密码
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sat Oct 10 21:55:21 2020
.. D 0 Sat Oct 10 19:21:20 2020
123 N 0 Sat Oct 10 21:28:11 2020
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb1,password=samba
[root@vm1 mnt]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 963M 0 963M 0% /dev
tmpfs tmpfs 981M 0 981M 0% /dev/shm
tmpfs tmpfs 981M 8.7M 972M 1% /run
tmpfs tmpfs 981M 0 981M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 2.0G 16G 12% /
/dev/sda1 ext4 976M 109M 800M 12% /boot
//172.16.104.132/smb-public cifs 17G 2.2G 15G 13% /mnt/smb-public
tmpfs tmpfs 197M 0 197M 0% /run/user/0
//172.16.104.132/smb-shared cifs 17G 2.2G 15G 13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared/
[root@vm1 smb-shared]#
2.3 验证效果
在客户端以smb1用户访问
[root@vm1 smb-shared]# touch abc
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
[root@vm1 smb-shared]# mkdir m
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 smb1 smb1 0 Oct 15 2020 abc //smb1可以创建文件,权限为644
drwxr-xr-x. 2 smb1 smb1 6 Oct 10 22:13 m //smb1可以创建目录,权限为755
在客户端以smb2用户访问
[root@vm1 mnt]# umount /mnt/smb-shared/
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb2,password=samba
[root@vm1 mnt]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 963M 0 963M 0% /dev
tmpfs tmpfs 981M 0 981M 0% /dev/shm
tmpfs tmpfs 981M 8.7M 972M 1% /run
tmpfs tmpfs 981M 0 981M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 2.0G 16G 12% /
/dev/sda1 ext4 976M 109M 800M 12% /boot
//172.16.104.132/smb-public cifs 17G 2.2G 15G 13% /mnt/smb-public
tmpfs tmpfs 197M 0 197M 0% /run/user/0
//172.16.104.132/smb-shared cifs 17G 2.2G 15G 13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared
[root@vm1 smb-shared]# ll //smb2可以访问共享目录
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
[root@vm1 smb-shared]# touch 456 //smb2没有写权限
touch: cannot touch '456': Permission denied
[root@vm1 smb-shared]# mkdir efg
mkdir: cannot create directory ‘efg’: Permission denied
客户端以smb3用户访问
[root@vm1 mnt]# umount /mnt/smb-shared/
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=smb3,password=samba
mount error(13): Permission denied //smb3没有访问权限
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
3. 配置用户认证共享---用户映射smbusers
- 需求:将用户smb1,smb2映射为share虚拟用户,然后以share访问共享目录
3.1 服务端
- 1.编辑smb.conf //对上一个配置做了一点修改
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
map to guest = bad user
username map = /etc/samba/smbusers //添用户映射文件路径
[smb-shared]
comment = smb-shared
path = /smb/smb-shared
browseable = yes
guest ok = yes
writable = yes
write list = share //映射到share虚拟用户的共享用户有写权限
public = yes // 必须开启
# read only = no //必须删除
# valid users = smb1,smb2 //必须删除,否则会冲突
directory mask = 0755
create mask = 0644
- 2.编辑/etc/samba/smbusers文件
[root@vm3 samba]# vim smbusers
share = smb1 smb2
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 smb1 smb1 0 Oct 15 2020 abc
drwxr-xr-x. 2 smb1 smb1 6 Oct 10 22:13 m
[root@vm3 smb-shared]# systemctl restart smb
[root@vm3 smb-shared]# systemctl reload smb
3.2 客户端
[root@vm1 mnt]# smbclient -L //172.16.104.132/smb-shared -U share
Enter SAMBA\share's password:
Sharename Type Comment
--------- ---- -------
smb-public Disk smb-public
smb-shared Disk smb-shared
IPC$ IPC IPC Service (Samba 4.11.2)
SMB1 disabled -- no workgroup available
[root@vm1 mnt]# smbclient //172.16.104.132/smb-shared -U share
Enter SAMBA\share's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sat Oct 10 22:13:24 2020
.. D 0 Sat Oct 10 19:21:20 2020
123 N 0 Sat Oct 10 21:28:11 2020
abc A 0 Thu Oct 15 02:09:37 2020
m D 0 Sat Oct 10 22:13:24 2020
17811456 blocks of size 1024. 15559832 blocks available
smb: \> mkdir j
smb: \> ls
. D 0 Sat Oct 10 22:46:17 2020
.. D 0 Sat Oct 10 19:21:20 2020
123 N 0 Sat Oct 10 21:28:11 2020
abc A 0 Thu Oct 15 02:09:37 2020
m D 0 Sat Oct 10 22:13:24 2020
j D 0 Sat Oct 10 22:46:17 2020
[root@vm1 mnt]# mount.cifs //172.16.104.132/smb-shared /mnt/smb-shared/ -o username=share,password=samba
[root@vm1 mnt]# df -hT
Filesystem Type Size Used Avail Use% Mounted on
devtmpfs devtmpfs 963M 0 963M 0% /dev
tmpfs tmpfs 981M 0 981M 0% /dev/shm
tmpfs tmpfs 981M 8.7M 972M 1% /run
tmpfs tmpfs 981M 0 981M 0% /sys/fs/cgroup
/dev/mapper/cl-root xfs 17G 2.0G 16G 12% /
/dev/sda1 ext4 976M 109M 800M 12% /boot
//172.16.104.132/smb-public cifs 17G 2.2G 15G 13% /mnt/smb-public
tmpfs tmpfs 197M 0 197M 0% /run/user/0
//172.16.104.132/smb-shared cifs 17G 2.2G 15G 13% /mnt/smb-shared
[root@vm1 mnt]# cd smb-shared/
[root@vm1 smb-shared]#
[root@vm1 smb-shared]# ll //客户端可以通过虚拟用户share访问共享目录
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:46 j
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
[root@vm1 smb-shared]# touch 456 //share映射的用户有写权限
[root@vm1 smb-shared]# mkdir h
[root@vm1 smb-shared]# ll
total 0
-rwxr-xr-x. 1 root root 0 Oct 10 21:28 123
-rwxr-xr-x. 1 root root 0 Oct 15 02:45 456
-rwxr-xr-x. 1 root root 0 Oct 15 02:09 abc
drwxr-xr-x. 2 root root 0 Oct 10 22:49 h
drwxr-xr-x. 2 root root 0 Oct 10 22:46 j
drwxr-xr-x. 2 root root 0 Oct 10 22:13 m
## 发现通过smbusers映射的用户创建的文件属性为nobody
[root@vm3 smb-shared]# ll
total 0
-rw-r--r--. 1 root root 0 Oct 10 21:28 123
-rw-r--r--. 1 nobody nobody 0 Oct 15 2020 456
-rw-r--r--. 1 smb1 smb1 0 Oct 15 2020 abc
drwxr-xr-x. 2 nobody nobody 6 Oct 10 22:49 h
drwxr-xr-x. 2 nobody nobody 6 Oct 10 22:46 j
drwxr-xr-x. 2 smb1 smb1 6 Oct 10 22:13 m