samba文件共享服务

开通VIP，畅享免费电子书等14项超值服

首页

好书

留言交流

下载APP

联系客服

2019.05.24

文件共享服务---Samba

=============================================================================

★smb：ServiceMessageBlock；服务信息块

★cifs：CommonInternetFileSystem，

★samba：作者：AndrewTridgell；

★功能：

1）程序环境

★samba安装

★主配置文件

★主程序：

★UnitFile

★监听的端口：

★客户端程序：

2）samba的配置

/etc/samba/smb.conf

★主配置文件：/etc/samba/smb.conf

◎全局配置

[global]

share(depricated)匿名共享

server(depricated)实现集中式身份认证

domain

◎共享文件系统：

[shared_ID]

有三类：

常用指令：

2）samba用户管理

★命令：

smbpasswd,pdbedit

1）smbpasswd

语法：

smbpasswd[OPTIONS]USERNAME(系统用户)

选项：

2）pdbedit：

-uUSERNAME：

★访问服务：

☉smbclient交互式客户端程序：

smbclient-LSMB_SERVER[-UUSERNAME]

smbclient//SMB_SERVER[/SHARE_NAME][-UUSERNAME]

☉mount.cifs

注意：

挂载操作中的用户，与-o选项中指定的用户直接产生映射关系；访问挂载，是以-o选项指定的用户身份运行，与本地用户以ID产生映射；

★自定义共享的方式：

comment=

path=

guestok=

readonly=

public=

browseable=

writelist=

☉注意：

定义所有用户在服务级的写权限write=yes(readonly=no）不建议与writelist同时使用；

命令演示：

1.添加用户

[root@centos7~]#pdbedit-a-utao#添加用户newpassword:retypenewpassword:Unixusername:taoNTusername:AccountFlags:[U]UserSID:S-1-5-21-1194301372-4224252613-970535052-1000PrimaryGroupSID:S-1-5-21-1194301372-4224252613-970535052-513FullName:HomeDirectory:\\centos7\taoHomeDirDrive:LogonScript:ProfilePath:\\centos7\tao\profileDomain:CENTOS7Accountdesc:Workstations:Mungeddial:Logontime:0Logofftime:Wed,06Feb203623:06:39CSTKickofftime:Wed,06Feb203623:06:39CSTPasswordlastset:Tue,18Oct201623:24:50CSTPasswordcanchange:Tue,18Oct201623:24:50CSTPasswordmustchange:neverLastbadpassword:0Badpasswordcount:0Logonhours:FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF[root@centos7~]#pdbedit-L#列出samba用户tao:1000:[root@centos7~]#pdbedit-a-uxiu#再添加一个用户xiu[root@centos7~]#pdbedit-Ltao:1000:xiu:1001:启动samba服务，并查看端口号

[root@centos7~]#systemctlstartnmb.servicesmb.service[root@centos7~]#ss-unl#查看udp端口137,138StateRecv-QSend-QLocalAddress:PortPeerAddress:PortUNCONN00*:68*:*UNCONN00192.168.1.255:137*:*UNCONN00192.168.1.15:137*:*UNCONN00*:137*:*UNCONN00192.168.1.255:138*:*UNCONN00192.168.1.15:138*:*UNCONN00*:138*:*UNCONN00127.0.0.1:323*:*UNCONN00*:34320*:*UNCONN00:::10025:::*UNCONN00::1:323:::*[root@centos7~]#ss-tnl#查看tcp协议端口139,445StateRecv-QSend-QLocalAddress:PortPeerAddress:PortLISTEN0128127.0.0.1:6012*:*LISTEN050*:445*:*LISTEN050*:3306*:*LISTEN050*:139*:*LISTEN0128*:22*:*LISTEN0128127.0.0.1:631*:*LISTEN0100127.0.0.1:25*:*LISTEN0128127.0.0.1:6010*:*LISTEN0128127.0.0.1:6011*:*LISTEN0128::1:6012:::*LISTEN050:::445:::*LISTEN050:::139:::*LISTEN0128:::22:::*LISTEN0128::1:631:::*LISTEN0100::1:25:::*LISTEN0128::1:6010:::*LISTEN0128::1:6011:::*2.smbclient命令查看目标主机上的共享

这里以centos6主机作为客户端，访问作为samba服务器的centos7

#匿名访问，不输入密码，如下：[root@CentOS6~]#smbclient-L192.168.1.15Enterroot‘spassword:AnonymousloginsuccessfulDomain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] SharenameTypeComment -------------------- IPC$IPCIPCService(SambaServerVersion4.2.3)AnonymousloginsuccessfulDomain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] ServerComment ---------------- CENTOS7SambaServerVersion4.2.3 WorkgroupMaster ---------------- MYGROUPCENTOS7 WORKGROUPPC-20160624QLWL #已创建的系统用户来访问，如下：[root@CentOS6~]#smbclient-L192.168.1.15-UtaoEntertao‘spassword:Domain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] SharenameTypeComment -------------------- IPC$IPCIPCService(SambaServerVersion4.2.3) taoDiskHomeDirectoriesDomain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] ServerComment ---------------- CENTOS7SambaServerVersion4.2.3 WorkgroupMaster ---------------- MYGROUPCENTOS7 WORKGROUPPC-20160624QLWL3.smbclient命令访问目标主机上的共享服务

#查看系统用户下的共享服务[root@CentOS6~]#smbclient-L192.168.1.15-UtaoEntertao‘spassword:Domain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] SharenameTypeComment -------------------- appsDisktools IPC$IPCIPCService(SambaServerVersion4.2.3) taoDiskHomeDirectoriesDomain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3] ServerComment ---------------- CENTOS7SambaServerVersion4.2.3 WorkgroupMaster ---------------- MYGROUPCENTOS7 WORKGROUPPC-20160624QLWL访问共享服务

[root@centos7~]#setfacl-mu:tao:rwx/samba/tools#设定tao用户的rwx权限[root@centos7~]#getfacl/samba/toolsgetfacl:Removingleading‘/‘fromabsolutepathnames#file:samba/tools#owner:root#group:rootuser::rwxuser:tao:rwxgroup::r-xmask::rwxother::r-x再次访问上传如下

[root@CentOS6~]#smbclient//192.168.1.15/apps-UtaoEntertao‘spassword:Domain=[MYGROUP]OS=[Windows6.1]Server=[Samba4.2.3]smb:\>ls.D0WedOct1900:31:412016..D0WedOct1900:31:412016 40940blocksofsize1048576.40072blocksavailablesmb:\>lcd/etcsmb:\>putfstabputtingfilefstabas\fstab(99.3kb/s)(average99.3kb/s)#上传成功smb:\>ls.D0WedOct1901:00:432016..D0WedOct1900:31:412016fstabA1017WedOct1901:00:432016 40940blocksofsize1048576.40072blocksavailablesmb:\>rmfstab#删除文件smb:\>ls.D0WedOct1921:12:292016..D0WedOct1900:31:412016 40940blocksofsize1048576.40071blocksavailablesmb:\>5.假设现在tao用户和xiu用户都有写操作，即可以向/samba/tools上传文件,但是我只想允许让tao有上传权限，xiu用户不可以传，该如何设置呢？如下

重启服务，访问如下：

[root@centos7~]#groupadddistro[root@centos7~]#ll-d/samba/tools/drwxrwxr-x+2rootroot30Oct1921:37/samba/tools/[root@centos7~]#chgrpdistro/samba/tools/[root@centos7~]#ll-d/samba/tools/drwxrwxr-x+2rootdistro30Oct1921:37/samba/tools/[root@centos7~]#setfacl-b/samba/tools#为了保证实验，清空目录的acl权限[root@centos7~]#getfacl/samba/toolsgetfacl:Removingleading‘/‘fromabsolutepathnames#file:samba/tools#owner:root#group:distrouser::rwxgroup::r-xother::r-x[root@centos7~]#chmod775/samba/tools/#设定目录的属组有写权限[root@centos7~]#ll-d/samba/tools/drwxrwxr-x2rootdistro30Oct1922:23/samba/tools/[root@centos7~]#usermod-a-Gdistrotao[root@centos7~]#usermod-a-Gdistroxiu[root@centos7~]#idtaouid=1000(tao)gid=1000(tao)groups=1000(tao),2003(distro)[root@centos7~]#idxiuuid=1001(xiu)gid=2002(xiu)groups=2002(xiu),2003(distro)编辑配置文件/etc/samba/smb.conf如下：

[root@CentOS6~]#ll/data/apps/#客户端显示的属主total12-rwxr--r--1100010001017Oct192016fstab-rwxr--r--11001200290Oct192016issue-rw-r--r--11001200213Oct192016test.txt[root@centos7~]#idxiuuid=1001(xiu)gid=2002(xiu)groups=2002(xiu),2003(distro)[root@centos7~]#ll/samba/tools/#服务端显示的属主total12-rwxr--r--1taotao1017Oct1921:37fstab-rwxr--r--1xiuxiu90Oct1922:40issue-rw-r--r--1xiuxiu13Oct1923:33test.txt[root@CentOS6~]#useradd-u1001wang#创建一个同服务端属主id号相同的用户[root@CentOS6~]#su-wang[wang@CentOS6~]$cd/data/apps/[wang@CentOS6apps]$lsfstabissuetest.txt[wang@CentOS6apps]$echonulizaiyiqi>>test.txt#写操作成功[wang@CentOS6apps]$cattest.txttaotaoxiuxiunulizaiyiqi[wang@CentOS6apps]$lltotal12-rwxr--r--1100010001017Oct192016fstab-rwxr--r--1wang200290Oct192016issue-rw-r--r--1wang200225Oct202016test.txt3）smbstatus命令：

演示

[root@centos7~]#smbstatusSambaversion4.2.3PIDUsernameGroupMachineProtocolVersion------------------------------------------------------------------------------2228xiuxiu192.168.1.16(ipv4:192.168.1.16:49088)NT1#挂载访问ServicepidmachineConnectedat-------------------------------------------------------IPC$2228192.168.1.16WedOct1923:57:472016apps2228192.168.1.16WedOct1923:57:472016#客户端方式访问Nolockedfiles