关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# systemctl disable firewalld.service Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.
关闭selinux
一定要关闭selinux(否则会造成windows客户机连接Samba失败)
/etc/selinux/config 文件 修改成以下内容
[root@localhost ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. # SELINUX=enforcing SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
安装
[root@localhost ]# yum install samba #查看 [root@localhost ]# rpm -qa | grep samba samba-common-libs-4.8.3-4.el7.x86_64 samba-libs-4.8.3-4.el7.x86_64 samba-common-tools-4.8.3-4.el7.x86_64 samba-common-4.8.3-4.el7.noarch samba-client-libs-4.8.3-4.el7.x86_64 samba-4.8.3-4.el7.x86_64 samba-client-4.8.3-4.el7.x86_64
安装包说明
samba-common-3.5.10-125.el6.x86_64 //主要提供samba服务器的设置文件与设置文件语法检验程序testparm samba-client-3.5.10-125.el6.x86_64 //客户端软件,主要提供linux主机作为客户端时,所需要的工具指令集 samba-swat-3.5.10-125.el6.x86_64 //基于https协议的samba服务器web配置界面 samba-3.5.10-125.el6.x86_64 //服务器端软件,主要提供samba服务器的守护程序,共享文档,日志的轮替,开机默认选项
配置服务
[global] workgroup=workgroup netbios name=Samba server string=Samba Server #security=share security=user map to guest = Bad User [samba] path=/opt/samba readonly=yes writable = yes browseable=yes guest ok=yes [pc521] path = /opt/pc521 valid users = root public = no writable = yes browseable = no
释义:
path=/opt/samba #共享路径 public = yes #是否公开 readonly=yes #是否只读 writable = yes #是否写入 browseable=yes #是否可浏览 guest ok=yes #是否允许匿名访问 valid users = root #允许用户
如果无法写入请将文件夹权限设置为777
启动服务和查看服务
# 启动smb服务
[root@localhost samba]# systemctl start smb
[root@localhost samba]# systemctl status smb
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-04-25 14:44:24 CST; 3s ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 22111 (smbd)
Status: "smbd: ready to serve connections..."
Memory: 8.3M
CGroup: /system.slice/smb.service
├─22111 /usr/sbin/smbd --foreground --no-process-group
├─22115 /usr/sbin/smbd --foreground --no-process-group
├─22116 /usr/sbin/smbd --foreground --no-process-group
└─22117 /usr/sbin/smbd --foreground --no-process-group
Apr 25 14:44:24 localhost.localdomain systemd[1]: Starting Samba SMB Daemon...
Apr 25 14:44:24 localhost.localdomain smbd[22111]: [2019/04/25 14:44:24.814732, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Apr 25 14:44:24 localhost.localdomain smbd[22111]: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
Apr 25 14:44:24 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
添加账户(添加的账户必须linux已经创建的)
pdbedit 命令用于管理Samba服务的帐户信息数据库,格式为:"pdbedit [选项] 帐户"
第一次把用户信息写入到数据库时需要使用-a参数,以后修改用户密码、删除用户等等操作就不再需要了。
pdbedit -L : 查看samba用户 pdbedit -a -u user:添加samba用户 pdbedit -r -u user:修改samba用户信息 pdbedit -x -u user:删除samba用户
samba服务数据库的密码也可以用 smbpasswd 命令 操作
smbpasswd -a user:添加一个samba用户 smbpasswd -d user:禁用一个samba用户 smbpasswd -e user:恢复一个samba用户 smbpasswd -x user:删除一个samba用户
创建linux账户
[root@localhost share]# groupadd test -g 6000 [root@localhost share]# useradd test -u 6000 -g 6000 -s /sbin/nologin -d /dev/null useradd: warning: the home directory already exists. Not copying any file from skel directory into it.
创建samba用户
[root@localhost share]# smbpasswd -a test Unknown parameter encountered: " map to guest" Ignoring unknown parameter " map to guest" New SMB password: Retype new SMB password: Added user test.
删除samba用户
[root@localhost samba]# smbpasswd -x test Deleted user test.
客户端访问共享目录
在windows输入\\19.6.6.192 然后输入设置的用户名和密码就可以了,并且可以将连接的文件夹映射为网络驱动器,这样就可以直接操作了
设置开机启动的方法:
常用命令行中输入:
#开启服务 systemctl start smb #查看服务 systemctl status smb #重启服务 systemctl restart smb #设置开机自动启动 systemctl enable smb #禁止开机自动启动 systemctl disable smb
可以在一个samba环境下建立多个业务组的共享目录
比如:
创建一个运维部门的samba共享磁盘,可以看到所有的共享内容;
创建一个产品风控组的samba共享磁盘,只能看到自己组的共享内容;
[root@samba ~]# cd /etc/samba/
[root@samba samba]# ls
lmhosts ops.smb.conf smb.conf smb.conf.bak smbusers chanpinfengkong.smb.conf
[root@samba samba]# diff smb.conf smb.conf.bak
103d102
< config file = /etc/samba/%U.smb.conf #使用config file时,当用户访问Samba服务器,只能看到自己,其他在smb.conf中定义的共享资源都无法看到。
[root@samba samba]# cat ops.smb.conf
[信息科技部-运维小窝]
comment = please do not modify it all will
path= /data/samba
public = no
valid users = wangshibo,linan,@samba
printable = no
write list = @samba
[root@samba samba]# cat chanpinfengkong.smb.conf
[产品风控组共享目录]
comment = please do not modify it all will
path= /data/samba/产品风控组
public = no
valid users = xiaomin,haokun,@samba
printable = no
write list = @samba
useradd创建以上的几个用户,并设置好用户家目录
[root@samba ~]# useradd wangshibo -d /data/samba -s /sbin/nologin
[root@samba ~]# useradd linan -d /data/samba -s /sbin/nologin
[root@samba ~]# useradd xiaomin -d /data/samba/产品风控组 -s /sbin/nologin
[root@samba ~]# useradd haokun -d /data/samba/产品风控组 -s /sbin/nologin
[root@samba ~]# cat /etc/passwd
......
wangshibo:x:507:508::/data/samba:/sbin/nologin
lijinhe:x:508:509::/data/samba:/sbin/nologin
......
xiaomin:x:1006:1006::/data/samba/产品风控组:/sbin/nologin
haokun:x:1007:1007::/data/samba/产品风控组:/sbin/nologin
chanpinfengkong:x:1010:1010::/home/chanpinfengkong:/bin/bash
将这几个用户添加到samba里
[root@samba ~]# pdbedit -a -u wangshibo
[root@samba ~]# pdbedit -a -u linan
[root@samba ~]# pdbedit -a -u xiaomin
[root@samba ~]# pdbedit -a -u haokun
[root@samba ~]# pdbedit -L
wangshibo:507:
linan:510:
xiaomin:1006:
haokun:1007:
创建chanpinfengkong组,将xiaomin和haokun添加到这个组内
[root@samba ~]# useradd chanpinfengkong
[root@samba ~]# usermod -G chanpinfengkong xiaomin
[root@samba ~]# usermod -G chanpinfengkong haokun
创建samba共享目录
[root@samba ~]# cd /data/
[root@samba data]# mkdir samba
[root@samba data]# mkdir samba/产品风控组
[root@samba data]# chown -R samba.samba samba
[root@samba data]# chmod -R 777 samba
[root@samba data]# setfacl -R -m g:chanpinfengkong:rwx samba/产品风控组
赋权脚本
[root@samba ~]# cat /opt/samba.sh
#!/bin/bash
while [ "1" = "1" ]
do
/bin/chmod -R 777 /data/samba
/usr/bin/setfacl -R -m g:chanpinfengkong:rwx /data/samba/产品风控组
done
[root@samba ~]# nohup sh -x /opt/samba.sh &
[root@samba ~]# ps -ef|grep samba.sh
root 62836 1 16 May09 ? 14-23:47:39 sh -x /opt/samba.sh
root 185455 117471 0 15:41 pts/2 00:00:00 grep samba.sh
如上配置后,登录samba:
1)用wangshibo,linan账号登录samba,能看到"/data/samba"下面所有的共享内容。
2)用xiaomin,haokun账号登录samba,只能看到"/data/samba/产品风控组" 下面的共享内容
3)如果还需要分更多的组,就如上面的"产品风控组"一样进行配置即可!