Samba

security= share

workgroup= WORKGROUP

smbpasswd –a iskey

[public]
comment = Public Stuff
path = /home/samba
public = yes
writable = yes
printable = no
write list = +staff
valid users = iskey

查看当前的防火墙规则：

iptables -L -n -v --line-numbers

添加samba的使能防火墙规则：

-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

需要注意的是，以上两条规则，要在以下这条规则之上

-A INPUT -j REJECT --reject-with icmp-host-prohibited

selinux

立即关闭selinux：

/usr/sbin/setenforce 0

立即开启selinux：

/usr/sbin/setenforce 1

getsebool -a | grep smb

chcon –t samba_share_t /home/samba

samba自带的smb.conf配置文件里，有如下内容：

#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# chcon –t samba_share_t /home/samba -R
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#---------------