Change myself!
分类: LINUX
2016-10-23 16:40:23
建立samba共享,共享目录为/data,要求:(描述完整的过程)
1)共享名为shared,工作组为changecan;
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
3)添加samba用户gentoo,centos和ubuntu,密码均为“change”;
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
5)此samba共享服务仅允许来自于192.168.190.0/24网络的主机访问;
(1)使用yum下载samba
[root@localhost ~]# setenforce 0 # 设置SELinux
[root@localhost ~]# getenforce
Permissive
[root@localhost ~]# service iptables stop # 直接关闭防火墙了
[root@localhost ~]# yum install samba -y
2)添加组develop,添加用户gentoo,centos和ubuntu,其中gentoo和centos以develop为附加组,ubuntu不属于develop组;密码均为用户名;
[root@localhost ~]# groupadd develop
[root@localhost ~]# useradd -s
/sbin/nologin -G develop gentoo
[root@localhost ~]# useradd -s /sbin/nologin -G develop centos
[root@localhost ~]# useradd -s /sbin/nologin ubuntu
[root@localhost ~]# echo "gentoo" | passwd --stdin gentoo
[root@localhost ~]# echo "centos" | passwd --stdin centos
[root@localhost ~]# echo "ubuntu" | passwd --stdin ubuntu
3)添加samba用户gentoo,centos和ubuntu,密码均为“change”;
[root@localhost ~]# smbpasswd -a gentoo
New SMB password: #输入密码change
Retype new SMB password:
Added user gentoo.
[root@localhost ~]# smbpasswd -a centos
[root@localhost ~]# smbpasswd -a ubuntu
#注意:使用smbpasswd添加samba用户的前提是用户在系统上必须存在!!!
[root@localhost ~]# smbpasswd -a change
New SMB password:
Retype new SMB password:
Failed to add entry for user change. # 因为此用户在系统上不存在,所以添加失败
[root@localhost ~]# pdbedit -L # 查询目前已存在的Samba账号,会列出账号和UID
gentoo:500:
ubuntu:502:
centos:501:
4)此samba共享shared仅允许develop组具有写权限,其他用户只能以只读方式访问;
[root@localhost ~]# mkdir /data
[root@localhost ~]# ll -d /data
drwxr-xr-x. 2 root root 4096 Oct 20 11:01 /data
[root@localhost ~]# chmod g+w /data/ && chown :develop /data/
[root@localhost ~]# ll -d /data
drwxrwxr-x. 2 root develop 4096 Oct 20 11:01 /data
[root@localhost ~]# cp /etc/samba/smb.conf{,.bak}
[root@localhost ~]# vim /etc/samba/smb.conf # 修改配置文件
#================== Global Settings =====================
[global] # 全局配置
workgroup = changecan # 工作组为changecan
hosts allow = 192.168.190.0/24 # 仅允许来自于192.168.190.0/24网络的主机访问
# ----------------------- Standalone Server Options ------------------------ security = user # 用户工作模式
passdb backend = tdbsam
#================= Share Definitions =====================
[shared] # 共享名为shared,共享设置
comment = Shared test~~~ # 注释信息
path = /data # 共享目录为/data
valid users = gentoo,centos,ubuntu,@develop
read list = ubuntu #可读
write list = @develop # 指明可写用户列表
writeable = yes #可写
printable = no #可打印
[root@localhost ~]# testparm # 测试配置文件是否有语法错误,以及显示最终生效配置
[root@localhost ~]# service smb start
Starting SMB services: [ OK ]
[root@localhost ~]# service nmb start
Starting NMB services: [ OK ]
[root@localhost ~]# netstat -tunl
# 可查看到137/udp,138/udp,139/tcp,445/tcp四个端口都是打开的
(5) 测试samba服务是否正常
[root@localhost ~]# smbclient //192.168.190.138/shared -U gentoo
Enter gentoo's password: #输入密码:change
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-36.el6_8]
smb: \> mkdir gentoo # gentoo具有读写权限
smb: \> ls
. D 0 Thu Oct 20 11:28:08 2016
.. DR 0 Thu Oct 20 11:01:39 2016
gentoo D 0 Thu Oct 20 11:28:08 2016
35162 blocks of size 524288. 25498 blocks available
smb: \> exit
[root@localhost ~]# smbclient //192.168.190.138/shared -U centos
Enter centos's password: #输入密码:change
Domain=[MYGROUP]
OS=[Unix]
Server=[Samba 3.6.23-36.el6_8]
smb: \> mkdir centos # ubuntu具有读写权限
smb: \> ls
. D 0 Thu Oct 20 11:28:35 2016
.. DR 0 Thu Oct 20 11:01:39 2016
centos D 0 Thu Oct 20 11:28:35 2016
gentoo D 0 Thu Oct 20 11:28:08 2016
35162 blocks of size 524288. 25498 blocks available
smb: \> exit
[root@localhost ~]# smbclient //192.168.190.138/shared -U ubuntu
Enter ubuntu's password: #输入密码:change
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.6.23-36.el6_8]
smb: \> mkdir ubuntu #可以看到ubuntu用户只有读权限
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \ubuntu
smb: \> ls
. D 0 Thu Oct 20 11:28:35 2016
.. DR 0 Thu Oct 20 11:01:39 2016
centos D 0 Thu Oct 20 11:28:35 2016
gentoo D 0 Thu Oct 20 11:28:08 2016
35162 blocks of size 524288. 25498 blocks available
smb: \> exit
在windows上面直接输入\\192.168.190.138\shared登录用户名+密码change便可直接访问linux上面的共享目录了~~~
