1.介紹
????????Samba是一個開源文件共享服務,可以使linux與windows之間進行文件共享,可以根據不同人員調整共享設置以及權限管理。
2.安裝
? ? ? ? 一個命令就OK了:yum install -y samba
[root@ansible01 ~]# yum install -y samba
已加載插件:langpacks, product-id, search-disabled-repos, subscription-manager
epel | 4.3 kB 00:00:00
rhel-7-server-rpms | 3.5 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:02
(2/2): epel/x86_64/primary_db | 8.7 MB 00:00:26
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 samba.x86_64.0.4.10.16-25.el7_9 將被 安裝
--> 正在處理依賴關系 libwbclient = 4.10.16-25.el7_9,它被軟件包 samba-4.10.16-25.el7_9.x86_64 需要
--> 正在處理依賴關系 libwbclient = 4.10.16-25.el7_9,它被軟件包 samba-4.10.16-25.el7_9.x86_64 需要
......
作為依賴被升級:libldb.x86_64 0:1.5.4-2.el7_9 libsmbclient.x86_64 0:4.10.16-25.el7_9 libwbclient.x86_64 0:4.10.16-25.el7_9 samba-client-libs.x86_64 0:4.10.16-25.el7_9 samba-common.noarch 0:4.10.16-25.el7_9 samba-common-libs.x86_64 0:4.10.16-25.el7_9 完畢!
[root@ansible01 ~]#
3.配置
? ? ? ? 我們的目的是創建3個用戶:test1、test2、test3,三個共享文件夾:share1、share2、share3,權限為:
? ? ? ? share1目錄三個用戶都可讀可寫
? ? ? ? share2目錄是三個用戶都可讀,但是僅test2可寫
? ? ? ? share3目錄是僅test3可讀可寫
? ? ? ? 3.1 創建用戶和目錄
#1.創建3個用戶test1,test2,test3,并禁止登錄
[root@ansible01 ~]# for i in {test1,test2,test3};do useradd $i -s /sbin/nologin;done
#2.檢查是否創建成功
[root@ansible01 ~]# cat /etc/passwd|grep test
test1:x:1001:1001::/home/test1:/sbin/nologin
test2:x:1002:1002::/home/test2:/sbin/nologin
test3:x:1003:1003::/home/test3:/sbin/nologin
#3.設置SMB用戶認證密碼
[root@ansible01 ~]# smbpasswd -a test1
New SMB password:
Retype new SMB password:
Added user test1.
[root@ansible01 ~]# smbpasswd -a test2
New SMB password:
Retype new SMB password:
Added user test2.
[root@ansible01 ~]# smbpasswd -a test3
New SMB password:
Retype new SMB password:
Added user test3.
#4.創建3個共享目錄
[root@ansible01 ~]# mkdir /share{1..3}
#5.創建測試文件
[root@ansible01 ~]# touch /share1/file{11..19}
[root@ansible01 ~]# touch /share2/file{21..29}
[root@ansible01 ~]# touch /share3/file{31..39}
#6.設置共享文件權限
[root@ansible01 ~]# chmod o+w /share{1..3}3.2 修改配置文件
[root@ansible01 ~]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.[global]workgroup = SAMBAsecurity = userpassdb backend = tdbsamprinting = cupsprintcap name = cupsload printers = yescups options = raw
[share1]
comment = this is share1
path = /share1
public = no
browseable = yes
writable = yes
[share2]
comment = this is share2
path = /share2
public = no
browseable = yes
writable = no
write list = test2
[share3]
comment = this is share3
path = /share3
public = no
browseable = yes
writable = no
write list = test3
valid users = test3
path:共享目錄絕對路徑
public:是否允許匿名訪問,yes代表允許,no代表不允許
browseable:當前狀態下的共享文件是否公開可見,為no時,A用戶登錄后無法看到file文件夾,為yes時用戶登錄可以看到文件夾
writable:登錄用戶能否讀寫,yes是可讀寫,no是僅讀
write list:可寫用戶,一般是writable為no時添加
valid users:指定用戶訪問
3.3 服務啟動
[root@ansible01 ~]# systemctl restart smb
[root@ansible01 ~]# systemctl status smb.service
● smb.service - Samba SMB DaemonLoaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)Active: active (running) since 三 2024-05-29 10:20:05 CST; 5s agoDocs: man:smbd(8)man:samba(7)man:smb.conf(5)Main PID: 16809 (smbd)Status: "smbd: ready to serve connections..."Tasks: 4CGroup: /system.slice/smb.service├─16809 /usr/sbin/smbd --foreground --no-process-group├─16811 /usr/sbin/smbd --foreground --no-process-group├─16812 /usr/sbin/smbd --foreground --no-process-group└─16813 /usr/sbin/smbd --foreground --no-process-group5月 29 10:20:05 ansible01 systemd[1]: Starting Samba SMB Daemon...
5月 29 10:20:05 ansible01 smbd[16809]: [2024/05/29 10:20:05.830974, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
5月 29 10:20:05 ansible01 smbd[16809]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
5月 29 10:20:05 ansible01 systemd[1]: Started Samba SMB Daemon.
4.測試
? ? ? ? 4.1 linux測試
#1.安裝samba客戶端
[root@k8s-master ~]# yum install samba-client cifs-utils -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
kubernetes | 1.4 kB 00:00:00
updates | 2.9 kB 00:00:00
Package samba-client-4.10.16-25.el7_9.x86_64 already installed and latest version
Package cifs-utils-6.2-10.el7.x86_64 already installed and latest version
Nothing to do
#2.查看服務器共享目錄狀態
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test1
Enter SAMBA\test1's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test2
Enter SAMBA\test2's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test3
Enter SAMBA\test3's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
? ? ? ? 我們分別掛載后在測試下:
mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share1" /mnt
#1.test1對share1目錄的權限
[root@k8s-master ~]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share1" /mnt
[root@k8s-master ~]# cd /mnt/
[root@k8s-master mnt]# ls
file11 file12 file13 file14 file15 file16 file17 file18 file19
[root@k8s-master mnt]# ls -la
total 0
drwxr-xr-x 2 root root 0 May 29 10:06 .
dr-xr-xr-x. 18 root root 256 May 27 13:43 ..
-rwxr-xr-x 1 root root 0 May 29 10:06 file11
-rwxr-xr-x 1 root root 0 May 29 10:06 file12
-rwxr-xr-x 1 root root 0 May 29 10:06 file13
-rwxr-xr-x 1 root root 0 May 29 10:06 file14
-rwxr-xr-x 1 root root 0 May 29 10:06 file15
-rwxr-xr-x 1 root root 0 May 29 10:06 file16
-rwxr-xr-x 1 root root 0 May 29 10:06 file17
-rwxr-xr-x 1 root root 0 May 29 10:06 file18
-rwxr-xr-x 1 root root 0 May 29 10:06 file19
[root@k8s-master mnt]# echo "hello world" >file12
#2.test1對share2目錄的權限
[root@k8s-master /]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share2" /mnt
[root@k8s-master /]# cd /mnt/
[root@k8s-master mnt]# ls
file21 file22 file23 file24 file25 file26 file27 file28 file29
[root@k8s-master mnt]# ls -la
total 0
drwxr-xr-x 2 root root 0 May 29 10:06 .
dr-xr-xr-x. 18 root root 256 May 27 13:43 ..
-rwxr-xr-x 1 root root 0 May 29 10:06 file21
-rwxr-xr-x 1 root root 0 May 29 10:06 file22
-rwxr-xr-x 1 root root 0 May 29 10:06 file23
-rwxr-xr-x 1 root root 0 May 29 10:06 file24
-rwxr-xr-x 1 root root 0 May 29 10:06 file25
-rwxr-xr-x 1 root root 0 May 29 10:06 file26
-rwxr-xr-x 1 root root 0 May 29 10:06 file27
-rwxr-xr-x 1 root root 0 May 29 10:06 file28
-rwxr-xr-x 1 root root 0 May 29 10:06 file29
[root@k8s-master mnt]# vim file21
[root@k8s-master mnt]# echo "hello world" >file21
-bash: file21: Permission denied
#3.test1對share3目錄的權限
[root@k8s-master ~]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share3" /mnt
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)我們只使用test1對share1、share2、share3進行了測試。
? ? ? ? 4.2 windows測試
? ? ? ? 我們直接在我的電腦中舒服\\11.0.1.18回車輸入smb賬號密碼后即可
可以分別進去后看能否讀寫即可
注:
使用Windows客戶端測試,每測試完一個用戶需要在命令行中運行下面命令,刪除緩存。
net use * /del修改smb默認端口:
vim /etc/samba/smb.conf#在[global]下添加
smb ports = 555
---PTA實驗C++)
)
)
