关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
关闭selinux
一定要关闭selinux(否则会造成windows客户机连接Samba失败)
/etc/selinux/config 文件 修改成以下内容
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. # SELINUX=enforcing SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
安装
[root@localhost ]# yum install samba #查看 [root@localhost ]# rpm -qa | grep samba samba-common-libs-4.8.3-4.el7.x86_64 samba-libs-4.8.3-4.el7.x86_64 samba-common-tools-4.8.3-4.el7.x86_64 samba-common-4.8.3-4.el7.noarch samba-client-libs-4.8.3-4.el7.x86_64 samba-4.8.3-4.el7.x86_64 samba-client-4.8.3-4.el7.x86_64
安装包说明
samba-common-3.5.10-125.el6.x86_64 //主要提供samba服务器的设置文件与设置文件语法检验程序testparm samba-client-3.5.10-125.el6.x86_64 //客户端软件,主要提供linux主机作为客户端时,所需要的工具指令集 samba-swat-3.5.10-125.el6.x86_64 //基于https协议的samba服务器web配置界面 samba-3.5.10-125.el6.x86_64 //服务器端软件,主要提供samba服务器的守护程序,共享文档,日志的轮替,开机默认选项
配置服务
[global] workgroup=workgroup netbios name=Samba server string=Samba Server #security=share security=user map to guest = Bad User [samba] path=/opt/samba readonly=yes writable = yes browseable=yes guest ok=yes [pc521] path = /opt/pc521 valid users = root public = no writable = yes browseable = no
释义:
path=/opt/samba #共享路径 public = yes #是否公开 readonly=yes #是否只读 writable = yes #是否写入 browseable=yes #是否可浏览 guest ok=yes #是否允许匿名访问 valid users = root #允许用户
如果无法写入请将文件夹权限设置为777
启动服务和查看服务
# 启动smb服务 [root@localhost samba]# systemctl start smb [root@localhost samba]# systemctl status smb ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2019-04-25 14:44:24 CST; 3s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 22111 (smbd) Status: "smbd: ready to serve connections..." Memory: 8.3M CGroup: /system.slice/smb.service ├─22111 /usr/sbin/smbd --foreground --no-process-group ├─22115 /usr/sbin/smbd --foreground --no-process-group ├─22116 /usr/sbin/smbd --foreground --no-process-group └─22117 /usr/sbin/smbd --foreground --no-process-group Apr 25 14:44:24 localhost.localdomain systemd[1]: Starting Samba SMB Daemon... Apr 25 14:44:24 localhost.localdomain smbd[22111]: [2019/04/25 14:44:24.814732, 0] ../lib/util/become_daemon.c:138(daemon_ready) Apr 25 14:44:24 localhost.localdomain smbd[22111]: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections Apr 25 14:44:24 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
添加账户(添加的账户必须linux已经创建的)
pdbedit 命令用于管理Samba服务的帐户信息数据库,格式为:"pdbedit [选项] 帐户"
第一次把用户信息写入到数据库时需要使用-a参数,以后修改用户密码、删除用户等等操作就不再需要了。
pdbedit -L : 查看samba用户 pdbedit -a -u user:添加samba用户 pdbedit -r -u user:修改samba用户信息 pdbedit -x -u user:删除samba用户
samba服务数据库的密码也可以用 smbpasswd 命令 操作
smbpasswd -a user:添加一个samba用户 smbpasswd -d user:禁用一个samba用户 smbpasswd -e user:恢复一个samba用户 smbpasswd -x user:删除一个samba用户
创建linux账户
[root@localhost share]# groupadd test -g 6000 [root@localhost share]# useradd test -u 6000 -g 6000 -s /sbin/nologin -d /dev/null useradd: warning: the home directory already exists. Not copying any file from skel directory into it.
创建samba用户
[root@localhost share]# smbpasswd -a test Unknown parameter encountered: " map to guest" Ignoring unknown parameter " map to guest" New SMB password: Retype new SMB password: Added user test.
删除samba用户
[root@localhost samba]# smbpasswd -x test Deleted user test.
客户端访问共享目录
在windows输入\\19.6.6.192 然后输入设置的用户名和密码就可以了,并且可以将连接的文件夹映射为网络驱动器,这样就可以直接操作了
设置开机启动的方法:
常用命令行中输入:
#开启服务 systemctl start smb #查看服务 systemctl status smb #重启服务 systemctl restart smb #设置开机自动启动 systemctl enable smb #禁止开机自动启动 systemctl disable smb
可以在一个samba环境下建立多个业务组的共享目录
比如: 创建一个运维部门的samba共享磁盘,可以看到所有的共享内容; 创建一个产品风控组的samba共享磁盘,只能看到自己组的共享内容; [root@samba ~]# cd /etc/samba/ [root@samba samba]# ls lmhosts ops.smb.conf smb.conf smb.conf.bak smbusers chanpinfengkong.smb.conf [root@samba samba]# diff smb.conf smb.conf.bak 103d102 < config file = /etc/samba/%U.smb.conf #使用config file时,当用户访问Samba服务器,只能看到自己,其他在smb.conf中定义的共享资源都无法看到。 [root@samba samba]# cat ops.smb.conf [信息科技部-运维小窝] comment = please do not modify it all will path= /data/samba public = no valid users = wangshibo,linan,@samba printable = no write list = @samba [root@samba samba]# cat chanpinfengkong.smb.conf [产品风控组共享目录] comment = please do not modify it all will path= /data/samba/产品风控组 public = no valid users = xiaomin,haokun,@samba printable = no write list = @samba useradd创建以上的几个用户,并设置好用户家目录 [root@samba ~]# useradd wangshibo -d /data/samba -s /sbin/nologin [root@samba ~]# useradd linan -d /data/samba -s /sbin/nologin [root@samba ~]# useradd xiaomin -d /data/samba/产品风控组 -s /sbin/nologin [root@samba ~]# useradd haokun -d /data/samba/产品风控组 -s /sbin/nologin [root@samba ~]# cat /etc/passwd ...... wangshibo:x:507:508::/data/samba:/sbin/nologin lijinhe:x:508:509::/data/samba:/sbin/nologin ...... xiaomin:x:1006:1006::/data/samba/产品风控组:/sbin/nologin haokun:x:1007:1007::/data/samba/产品风控组:/sbin/nologin chanpinfengkong:x:1010:1010::/home/chanpinfengkong:/bin/bash 将这几个用户添加到samba里 [root@samba ~]# pdbedit -a -u wangshibo [root@samba ~]# pdbedit -a -u linan [root@samba ~]# pdbedit -a -u xiaomin [root@samba ~]# pdbedit -a -u haokun [root@samba ~]# pdbedit -L wangshibo:507: linan:510: xiaomin:1006: haokun:1007: 创建chanpinfengkong组,将xiaomin和haokun添加到这个组内 [root@samba ~]# useradd chanpinfengkong [root@samba ~]# usermod -G chanpinfengkong xiaomin [root@samba ~]# usermod -G chanpinfengkong haokun 创建samba共享目录 [root@samba ~]# cd /data/ [root@samba data]# mkdir samba [root@samba data]# mkdir samba/产品风控组 [root@samba data]# chown -R samba.samba samba [root@samba data]# chmod -R 777 samba [root@samba data]# setfacl -R -m g:chanpinfengkong:rwx samba/产品风控组 赋权脚本 [root@samba ~]# cat /opt/samba.sh #!/bin/bash while [ "1" = "1" ] do /bin/chmod -R 777 /data/samba /usr/bin/setfacl -R -m g:chanpinfengkong:rwx /data/samba/产品风控组 done [root@samba ~]# nohup sh -x /opt/samba.sh & [root@samba ~]# ps -ef|grep samba.sh root 62836 1 16 May09 ? 14-23:47:39 sh -x /opt/samba.sh root 185455 117471 0 15:41 pts/2 00:00:00 grep samba.sh 如上配置后,登录samba: 1)用wangshibo,linan账号登录samba,能看到"/data/samba"下面所有的共享内容。 2)用xiaomin,haokun账号登录samba,只能看到"/data/samba/产品风控组" 下面的共享内容 3)如果还需要分更多的组,就如上面的"产品风控组"一样进行配置即可!