《2024网络建设与运维》河北省samba 服务配置。
任务描述:请采用samba 服务,实现资源共享。
- 配置 linux3 为 samba 服务器,建立共享目录/sharesmb,共享名与目录名相同。
[root@linux3 ~]# yum install samba -y
[root@linux3 ~]# sudo mkdir -p /sharesmb
[root@linux2 ~]# chown root:admin /sharesmb
[root@linux2 ~]# chmod 2770 /sharesmb
- 新建用户user00-user03, 用户名和密码相同。user00 和user01 添加到 admin 组,user02 和 user03 添加到 hr 组。把用户 user00- user03 添加到samba 用户。
[root@linux3 ~]# vim 1.sh
for user in user00 user01 user02 user03; do
sudo useradd $user
echo "$user:$user" | sudo chpasswd
done
[root@linux3 ~]# chmod +x 1.sh
[root@linux3 ~]# ./1.sh
[root@linux3 ~]# sudo groupadd admin
[root@linux3 ~]# sudo groupadd hr
[root@linux3 ~]# sudo usermod -aG admin user00
[root@linux3 ~]# sudo usermod -aG admin user01
[root@linux3 ~]# sudo usermod -aG hr user02
[root@linux3 ~]# sudo usermod -aG hr user03
[root@linux3 ~]# vim 1.sh
groupadd admin
for username in user{00..01}
do
# 使用'usermod'命令将'username'用户添加到'dev'组。'-g'选项表示要设置的组名。
useradd $username
usermod -aG admin $username
# 输出"Pass-1234",然后通过管道('|'符号)将这个输出作为'passwd'命令的输入。
# '--stdin'选项表示密码将从标准输入获取,而不是从终端输入。
echo "$username:$username" | sudo chpasswd
done
groupadd hr
for username in user{02..03}
do
useradd $username
usermod -aG hr $username
echo "$username:$username" | sudo chpasswd
done
[root@linux3 ~]# chmod +x 1.sh #给予运行权限
[root@linux3 ~]# ./1.sh #运行脚本
[root@linux3 ~]# id user03
uid=1003(user03) gid=1003(user03) groups=1003(user03),1005(hr)
[root@linux3 ~]# id user01
uid=1001(user01) gid=1001(user01) groups=1001(user01),1004(admin)
[root@linux3 ~]# smbpasswd -a user00
New SMB password:
Retype new SMB password:
Added user user00.
Enabled user user00.
[root@linux3 ~]# smbpasswd -a user01
[root@linux3 ~]# smbpasswd -a user02
[root@linux3 ~]# smbpasswd -a user03
- admin 组用户对sharesmb共享有读写权限,hr 组对 sharesmb 共享有只读权限;用户对自己新建的文件有完全权限, 对其他用户的文件只有读权限,且不能删除别人的文件。
[root@linux3 ~]# vim /etc/samba/smb.conf
[sharesmb]
path = /sharesmb
browseable = yes #这个共享在网络上可以被其他计算机浏览
writable = yes #允许客户端写入这个共享
valid list = @hr,@admin #这限制了只有 hr 和 admin 这两个组的成员才能访问这个共享
write list = @admin #admin 组的成员才能写入这个共享
read list = @hr #指定 hr 用户组的用户具有读权限
read only = no #是否只读
force group = admin #管理员
setfacl -Rdm g:admin:rwx /sharesmb #admin读写执行权
setfacl -Rdm g:hr:rx /sharesmb #hr读取执行权
- 在本机用smbclient 命令测试。
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user01
Password for [SAMBA\user01]:
Try "help" to get a list of possible commands.
smb: \> put 1.txt
putting file 1.txt as \1.txt (0.0 kb/s) (average 0.0 kb/s)
smb: \> get 1.txt 2.txt
getting file \1.txt of size 0 as 2.txt (0.0 KiloBytes/sec) (average -nan KiloBytes/sec)
smb: \> exit
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user03
Password for [SAMBA\user03]:
Try "help" to get a list of possible commands.
smb: \> put 2.txt
NT_STATUS_ACCESS_DENIED opening remote file \2.txt
smb: \> get 2.txt 5.txt
NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \2.txt
smb: \> ls
. D 0 Sun Jun 30 15:00:14 2024
.. D 0 Sun Jun 30 14:42:31 2024
1.txt A 0 Sun Jun 30 15:00:14 2024
13092864 blocks of size 1024. 11316848 blocks available
smb: \> get 1.txt 5.txt
getting file \1.txt of size 0 as 5.txt (0.0 KiloBytes/sec) (average -nan KiloBytes/sec)
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user00 #删除权限
Password for [SAMBA\user00]:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sun Jun 30 22:49:24 2024
.. D 0 Sun Jun 30 14:42:31 2024
1.txt A 0 Sun Jun 30 22:49:19 2024
2.txt A 0 Sun Jun 30 22:49:24 2024
smb: \> del 2.txt
smb: \> ls
. D 0 Sun Jun 30 22:50:10 2024
.. D 0 Sun Jun 30 14:42:31 2024
1.txt A 0 Sun Jun 30 22:49:19 2024
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user03 删除别人的权限
Password for [SAMBA\user03]:
Try "help" to get a list of possible commands.
smb: \> del 5.txt
NT_STATUS_ACCESS_DENIED deleting remote file \5.txt
安装客户端
[root@linux3 ~]# yum install -y samba-client
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user01 #遇到这个情况为服务器未启动smb
Password for [SAMBA\user01]:
do_connect: Connection to 10.4.220.102 failed (Error NT_STATUS_CONNECTION_REFUSED)
NT_STATUS_ACCESS_DENIED opening remote file \1.txt
[root@linux3 ~]# systemctl restart smb.service #启动即可
[root@linux3 ~]# smbclient //10.4.220.102/sharesmb -U user01
Password for [SAMBA\user01]:
Try "help" to get a list of possible commands.
smb: \> put 1.txt #可能是权限没有设置,也可能是selinux没关
NT_STATUS_ACCESS_DENIED opening remote file \1.txt
[root@linux2 ~]# setenforce 0 #关闭即可
[root@linux2 ~]# smbclient //10.4.220.102/sharesmb -U user01
Password for [SAMBA\user01]:
Try "help" to get a list of possible commands.
smb: \> put 1.txt
putting file 1.txt as \1.txt (0.0 kb/s) (average 0.0 kb/s)
- 在linux4上使用用户user00实现无需手动输入密码自动挂载linux3 的sharesmb 共享到/sharesmb,同时防止运行恶意脚本运,禁止运行.sh 文件,禁止在挂载命令中显示明文密码。
[root@linux4 ~]# sudo mkdir -p /sharesmb
[root@linux4 ~]# vim /etc/samba/user00.credentials
username=user00
password=user00
[root@linux4 ~]# chmod 600 /etc/samba/user00.credentials
[root@linux4 ~]# vim /etc/fstab
//10.4.220.102/sharesmb /sharesmb cifs credentials=/etc/samba/user00.credentials,iocharset=utf8,sec=ntlmv2,nosuid,nodev,noexec 0 0
[root@linux4 ~]# systemctl daemon-reload #加载组件
[root@linux4 ~]# mount -a
mount: /sharesmb: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program.
#遇到这个情况是没有下载完依赖包,差组件cifs-utils 软件包
[root@linux4 ~]# sudo yum install cifs-utils
//10.4.220.102/sharesmb # 远程共享路径
/sharesmb # 本地挂载点
cifs # 使用 CIFS 协议
credentials=/etc/samba/user00.credentials, # 认证信息文件路径
nodev, # 不解读设备文件
noexec # 不允许执行文件
0 # dump 备份时不备份此文件系统
0 # 启动时不检查此文件系统
如有不懂的地方欢迎评论或者私信,看到就会回,小伙伴们。
标签:samba,服务,配置,linux3,sharesmb,txt,root,smb,user00 From: https://www.cnblogs.com/a-wei/p/18298607