嵌入式视频行业。
分类: LINUX
2012-12-23 22:10:33
Samba
security= share
workgroup= WORKGROUP
smbpasswd –a iskey
[public]
comment = Public Stuff
path = /home/samba
public = yes
writable = yes
printable = no
write list = +staff
valid users = iskey
查看当前的防火墙规则:
iptables -L -n -v --line-numbers
添加samba的使能防火墙规则:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
需要注意的是,以上两条规则,要在以下这条规则之上
-A INPUT -j REJECT --reject-with icmp-host-prohibited
selinux
立即关闭selinux:
/usr/sbin/setenforce 0
立即开启selinux:
/usr/sbin/setenforce 1
getsebool -a | grep smb
chcon –t samba_share_t /home/samba
samba自带的smb.conf配置文件里,有如下内容:
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# chcon –t samba_share_t /home/samba -R
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#---------------