|
標簽:samba 文件共享服務(wù)---Samba =============================================================================
Samba介紹★smb:Service Message Block;服務(wù)信息塊 ★cifs:Common Internet File System���, ★samba:作者:Andrew Tridgell�; ★功能:
Samba安裝配置1)程序環(huán)境
★samba安裝 ★主配置文件 ★主程序: ★Unit File
★監(jiān)聽的端口: UDP:137/udp, 138/udp TCP:139/tcp, 445/tcp
★客戶端程序:
2)samba的配置
/etc/samba/smb.conf ★主配置文件:/etc/samba/smb.conf [root@centos7 ~]# cd /etc/samba
[root@centos7 samba]# ls
lmhosts smb.conf
[root@centos7 samba]# cp smb.conf{,.bak} # 首先備份
[root@centos7 samba]# ls
lmhosts smb.conf smb.conf.bak
[root@centos7 samba]# grep -i -E "^#[[:space:]]*(=|-)+" smb.conf # 過濾出配置段
#---------------
#-------------- # 全局配置段
#======================= Global Settings =====================================
# ----------------------- Network-Related Options -------------------------
# --------------------------- Logging Options -----------------------------
# ----------------------- Standalone Server Options ------------------------
# ----------------------- Domain Members Options ------------------------
# ----------------------- Domain Controller Options ------------------------
# ----------------------- Browser Control Options ----------------------------
#----------------------------- Name Resolution -------------------------------
# --------------------------- Printing Options -----------------------------
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
# 用戶自定義的共享配置段★兩類配置段: ◎全局配置 [global] workgroup = MYGROUP 工作組模型 用來定義工作組 server string = Samba Server Version %v 定義提示信息 interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 指明要監(jiān)聽的地址或網(wǎng)絡(luò)接口�����; hosts allow = 127. 192.168.12. 192.168.13. 訪問控制�,相當于白名單
share (depricated) 匿名共享 server (depricated) 實現(xiàn)集中式身份認證 domain ◎共享文件系統(tǒng): [shared_ID] 有三類: 常用指令: comment:注釋信息�����; path:本地文件系統(tǒng)路徑; browseable:是否可瀏覽����,是否為用戶可見; guest ok:是否允許來賓賬號訪問�����; public:是否公開給所有來賓�; writable:是否可寫; writable=YES和read only = no是一樣的 write list:擁有寫權(quán)限的用戶或組列表�; 用戶名 @組名, +組名
2)samba用戶管理 ★命令: smbpasswd, pdbedit 1)smbpasswd 語法: smbpasswd [OPTIONS] USERNAME(系統(tǒng)用戶) 選項: -a:添加�����; -x:刪除��; -d:禁用�; -e:啟用
2)pdbedit: -L:列出samba服務(wù)中的所有用戶; -a:添加用戶為samba用戶��;
-u USERNAME: ★訪問服務(wù): ☉smbclient交互式客戶端程序: smbclient -L SMB_SERVER [-U USERNAME] smbclient //SMB_SERVER[/SHARE_NAME] [-U USERNAME] ☉mount.cifs 注意: 掛載操作中的用戶��,與-o選項中指定的用戶直接產(chǎn)生映射關(guān)系�����;訪問掛載��,是以-o選項指定的用戶身份運行��,與本地用戶以ID產(chǎn)生映射���; ★自定義共享的方式: [shared_ID] comment = path = guest ok = read only = public = browseable = write list = ☉注意: 定義所有用戶在服務(wù)級的寫權(quán)限write = yes (read only = no)不建議與write list同時使用�����;
命令演示:
1.添加用戶 [root@centos7 ~]# pdbedit -a -u tao # 添加用戶
new password:
retype new password:
Unix username: tao
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1194301372-4224252613-970535052-1000
Primary Group SID: S-1-5-21-1194301372-4224252613-970535052-513
Full Name:
Home Directory: \\centos7\tao
HomeDir Drive:
Logon Script:
Profile Path: \\centos7\tao\profile
Domain: CENTOS7
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 18 Oct 2016 23:24:50 CST
Password can change: Tue, 18 Oct 2016 23:24:50 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@centos7 ~]# pdbedit -L # 列出samba用戶
tao:1000:
[root@centos7 ~]# pdbedit -a -u xiu # 再添加一個用戶xiu
[root@centos7 ~]# pdbedit -L
tao:1000:
xiu:1001: 啟動samba服務(wù)��,并查看端口號 [root@centos7 ~]# systemctl start nmb.service smb.service
[root@centos7 ~]# ss -unl # 查看udp端口 137,138
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:68 *:*
UNCONN 0 0 192.168.1.255:137 *:*
UNCONN 0 0 192.168.1.15:137 *:*
UNCONN 0 0 *:137 *:*
UNCONN 0 0 192.168.1.255:138 *:*
UNCONN 0 0 192.168.1.15:138 *:*
UNCONN 0 0 *:138 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:34320 *:*
UNCONN 0 0 :::10025 :::*
UNCONN 0 0 ::1:323 :::*
[root@centos7 ~]# ss -tnl # 查看tcp協(xié)議端口 139,445
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6012 *:*
LISTEN 0 50 *:445 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 50 *:139 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 127.0.0.1:6011 *:*
LISTEN 0 128 ::1:6012 :::*
LISTEN 0 50 :::445 :::*
LISTEN 0 50 :::139 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*
LISTEN 0 128 ::1:6011 :::* 2.smbclient命令查看目標主機上的共享 這里以centos 6 主機作為客戶端��,訪問作為samba服務(wù)器的centos 7 # 匿名訪問��,不輸入密碼�,如下:
[root@CentOS6 ~]# smbclient -L 192.168.1.15
Enter root‘s password:
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL
# 已創(chuàng)建的系統(tǒng)用戶來訪問,如下:
[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
tao Disk Home Directories
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL 3.smbclient命令訪問目標主機上的共享服務(wù) [root@CentOS6 ~]# smbclient //192.168.1.15/ -U tao
Enter tao‘s password:
[root@CentOS6 ~]# smbclient //192.168.1.15/tao -U tao # 要添加訪問共享的shaaname
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> help # 獲取幫助
? allinfo altname archive blocksize
cancel case_sensitive cd chmod chown
close del dir du echo
exit get getfacl geteas hardlink
help history iosize lcd link
lock lowercase ls l mask
md mget mkdir more mput
newer open posix posix_encrypt posix_open
posix_mkdir posix_rmdir posix_unlink print prompt
put pwd q queue quit
readlink rd recurse reget rename
reput rm rmdir showacls setea
setmode stat symlink tar tarmode
timeout translate unlock volume vuid
wdel logon listconnect showconnect ..
!
smb: \> pwd # 顯示的是samba服務(wù)器上系統(tǒng)用戶tao的家目錄
Current directory is \\192.168.1.15\taosmb: \> ls
. D 0 Tue Oct 18 13:09:36 2016
.. D 0 Tue Oct 18 11:38:44 2016
.mozilla DH 0 Mon Jul 25 23:57:35 2016
.bash_logout H 18 Fri Nov 20 13:02:30 2015
.bash_profile H 193 Fri Nov 20 13:02:30 2015
.bashrc H 231 Fri Nov 20 13:02:30 2015
.zshrc H 658 Fri Nov 20 21:11:02 2015
.Xauthority H 53 Sun Sep 11 11:11:49 2016
.cache DH 0 Sun Sep 11 11:11:49 2016
.config DH 0 Tue Oct 18 12:38:09 2016
.bash_history H 361 Tue Oct 18 12:43:06 2016
.mysql_history H 268 Mon Oct 17 16:18:28 2016
pub D 0 Tue Oct 18 09:16:21 2016
upload D 0 Tue Oct 18 09:20:53 2016
xiu D 0 Tue Oct 18 09:36:02 2016
.local DH 0 Tue Oct 18 12:38:09 2016
f1 13 Tue Oct 18 13:09:36 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> put /etc/fstab # 上傳Cen 6 中的文件發(fā)現(xiàn)不能上傳���,這里最好使用當前路徑
NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/etc/fstab
smb: \> lcd /etc # 切換到要上傳文件的當前目錄中
smb: \> put fstab # 上傳文件,發(fā)現(xiàn)可以上傳這是因為系統(tǒng)文件中定義的writable=YES���,有寫權(quán)限,并且tao用戶對自己的家目錄也有寫權(quán)限
putting file fstab as \fstab (52.3 kb/s) (average 52.3 kb/s)
smb: \> ls
. D 0 Wed Oct 19 00:11:59 2016
.. D 0 Tue Oct 18 11:38:44 2016
.mozilla DH 0 Mon Jul 25 23:57:35 2016
.bash_logout H 18 Fri Nov 20 13:02:30 2015
.bash_profile H 193 Fri Nov 20 13:02:30 2015
.bashrc H 231 Fri Nov 20 13:02:30 2015
.zshrc H 658 Fri Nov 20 21:11:02 2015
.Xauthority H 53 Sun Sep 11 11:11:49 2016
.cache DH 0 Sun Sep 11 11:11:49 2016
.config DH 0 Tue Oct 18 12:38:09 2016
.bash_history H 361 Tue Oct 18 12:43:06 2016
.mysql_history H 268 Mon Oct 17 16:18:28 2016
pub D 0 Tue Oct 18 09:16:21 2016
upload D 0 Tue Oct 18 09:20:53 2016
xiu D 0 Tue Oct 18 09:36:02 2016
.local DH 0 Tue Oct 18 12:38:09 2016
f1 13 Tue Oct 18 13:09:36 2016
fstab #已上傳的文件 A 1017 Wed Oct 19 00:11:59 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> ^C 4.自定義共享服務(wù) [root@centos7 ~]# mkdir -pv /samba/tools # 創(chuàng)建共享的目錄
mkdir: created directory ‘/samba’
mkdir: created directory ‘/samba/tools’
[root@centos7 ~]# vim /etc/samba/smb.conf # 編輯主配置文件
[apps] # 自定義一個共享名
comment = tools # 注釋為tools工具
path = /samba/tools # 本地文件系統(tǒng)路徑
browseable = yes # 允許非屬主����,數(shù)組瀏覽
guest ok = yes # 允許來賓訪問�����,即匿名用戶
writable = yes # 允許寫操作(如:上傳和刪除等)
# 配置好之后保存退出����,并測試語法
[root@centos7 samba]# testparm # 語法測試
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[apps]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# 敲回車,打印出服務(wù)所有的生效配置
# Global parameters
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
security = USER
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[apps]
comment = tools
path = /samba/tools
read only = No # 非只讀���,代表可寫
guest ok = Yes
[root@centos7 samba]# systemctl restart smb 重啟服務(wù) 查看共享服務(wù)�����,并訪問 # 查看系統(tǒng)用戶下的共享服務(wù)
[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
apps Disk tools
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
tao Disk Home Directories
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL 訪問共享服務(wù) # 匿名用戶(來賓賬號)可以登錄���,但是不能上傳文件
[root@CentOS6 ~]# smbclient //192.168.1.17/apps
Enter root‘s password:
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> !pwd
/etc
smb: \> put fstab # 不能上傳
NT_STATUS_ACCESS_DENIED opening remote file \fstab
smb: \> ^C
# 系統(tǒng)賬號登錄��,訪問共享服務(wù)
[root@CentOS6 ~]# smbclient //192.168.1.15/apps -U tao # 指定共享服務(wù)目錄為apps
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> pwd
Current directory is \\192.168.1.15\apps\ # 在apps下
smb: \> ls
. D 0 Wed Oct 19 00:31:41 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
NT_STATUS_ACCESS_DENIED opening remote file \fstab # 不能上傳�,雖然服務(wù)有寫權(quán)限���,但是對目錄對文件系統(tǒng)沒有寫權(quán)限
smb: \> 要想使tao用戶可以上傳和刪除文件����,除了系統(tǒng)當中的定義的允許寫操作外�,目錄文件系統(tǒng)也要有寫權(quán)限才可以,僅對tao用戶定義如下: [root@centos7 ~]# setfacl -m u:tao:rwx /samba/tools # 設(shè)定tao用戶的rwx權(quán)限
[root@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading ‘/‘ from absolute path names
# file: samba/tools
# owner: root
# group: root
user::rwx
user:tao:rwx
group::r-x
mask::rwx
other::r-x 再次訪問上傳如下 [root@CentOS6 ~]# smbclient //192.168.1.15/apps -U tao
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 00:31:41 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (99.3 kb/s) (average 99.3 kb/s) #上傳成功
smb: \> ls
. D 0 Wed Oct 19 01:00:43 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 01:00:43 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> rm fstab # 刪除文件
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \> 5.假設(shè)現(xiàn)在tao用戶和xiu用戶都有寫操作�,即可以向/samba/tools上傳文件,但是我只想允許讓tao有上傳權(quán)限,xiu用戶不可以傳�,該如何設(shè)置呢? 如下 [root@centos7 ~]# setfacl -m u:xiu:rwx /samba/tools
[root@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading ‘/‘ from absolute path names
# file: samba/tools
# owner: root
# group: root
user::rwx
user:tao:rwx
user:xiu:rwx # xiu用戶對文件也有rwx權(quán)限
group::r-x
mask::rwx
other::r-x
[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 系統(tǒng)用戶xiu登錄訪問
Enter xiu‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \> lcd /etc
smb: \> put issue # 上傳成功
putting file issue as \issue (4.2 kb/s) (average 4.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \> ^C 編輯配置文件/etc/samba/smb.conf 
重啟服務(wù)����,訪問如下: [root@centos7 samba]# systemctl restart smb # 重啟服務(wù)
[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # xiu用戶再次登錄
Enter xiu‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
NT_STATUS_ACCESS_DENIED opening remote file \fstab
[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U tao # tao用戶可以上傳文件
Enter tao‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab # 上傳成功
putting file fstab as \fstab (55.2 kb/s) (average 55.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 21:37:12 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available 6.定義屬組,是屬組中的用戶都有寫權(quán)限 [root@centos7 ~]# groupadd distro
[root@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x+ 2 root root 30 Oct 19 21:37 /samba/tools/
[root@centos7 ~]# chgrp distro /samba/tools/
[root@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x+ 2 root distro 30 Oct 19 21:37 /samba/tools/
[root@centos7 ~]# setfacl -b /samba/tools # 為了保證實驗�,清空目錄的acl權(quán)限
[root@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading ‘/‘ from absolute path names
# file: samba/tools
# owner: root
# group: distro
user::rwx
group::r-x
other::r-x
[root@centos7 ~]# chmod 775 /samba/tools/ # 設(shè)定目錄的屬組有寫權(quán)限
[root@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x 2 root distro 30 Oct 19 22:23 /samba/tools/
[root@centos7 ~]# usermod -a -G distro tao
[root@centos7 ~]# usermod -a -G distro xiu
[root@centos7 ~]# id tao
uid=1000(tao) gid=1000(tao) groups=1000(tao),2003(distro)
[root@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro) 編輯配置文件/etc/samba/smb.conf如下:  重啟服務(wù),訪問如下:
[root@centos7 samba]# systemctl restart smb
[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 使用xiu用戶登錄
Enter xiu‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:37:12 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> pwd
Current directory is \\192.168.1.17\appssmb: \> rm issue # 可以刪除
smb: \> ls
. D 0 Wed Oct 19 22:22:30 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put issue # 可以上傳
putting file issue as \issue (5.2 kb/s) (average 5.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 22:23:51 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
issue A 90 Wed Oct 19 22:23:51 2016
40940 blocks of size 1048576. 40072 blocks available
#==================================================================================
[root@centos7 ~]# gpasswd -d xiu distro # 把秀從組中移除
Removing user xiu from group distro
[root@centos7 ~]# groupmems -g distro -l # 查看組成員
tao
# 再次使用秀用戶登錄��,發(fā)現(xiàn)不能上傳����,如下
[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu
Enter xiu‘s password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 22:40:22 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
issue A 90 Wed Oct 19 22:40:22 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> pwd
Current directory is \\192.168.1.17\appssmb: \> rm issue # 不能刪除
NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file \issue
NT_STATUS_MEDIA_WRITE_PROTECTED listing \issue
smb: \> lcd /etc
smb: \> put issue # 不能上傳
NT_STATUS_ACCESS_DENIED opening remote file \issue 7.使用mount.cifs訪問 [root@centos7 ~]# usermod -a -G distro xiu # 把xiu用戶加入到distro組中���,即也有寫權(quán)限
[root@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
[root@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x 2 root distro 63 Oct 19 23:24 /samba/tools/
# 使用mount -t cifs(mount.cifs)方式指明smb服務(wù)器,共享目錄��,以及使用登陸的系統(tǒng)用戶和密碼
[root@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /mnt -o username=xiu,password=134296
[root@CentOS6 ~]# mount # 查看掛載點
/dev/mapper/vg0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg0-usr on /usr type ext4 (rw)
/dev/mapper/vg0-var on /var type ext4 (rw)
/dev/sda5 on /home type ext4 (rw,usrquota,grpquota)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
//192.168.1.17/apps/ on /mnt type cifs (rw) # 已經(jīng)掛載上了
[root@CentOS6 ~]# cd /mnt/
[root@CentOS6 mnt]# ls
fstab issue
[root@CentOS6 mnt]# echo taotaoxiuxiu > test.txt # 可見客戶端的root用戶對掛載點/mnt有寫權(quán)限
[root@CentOS6 mnt]# su - tao # 切換到一個普通用戶
[tao@CentOS6 ~]$ cd /mnt/
[tao@CentOS6 mnt]$ ls
fstab issue test.txt
[tao@CentOS6 mnt]$ cat test.txt
taotaoxiuxiu
[tao@CentOS6 mnt]$ echo nulixiangqian >> test.txt
-bash: test.txt: Permission denied # 雖然在服務(wù)端系統(tǒng)用戶有寫權(quán)限(包括文件系統(tǒng))�����,但客戶單普通用戶對掛載點沒有寫權(quán)限 既然如此��,我們就在本地創(chuàng)建一個目錄/data/apps專門作為掛載點�,并賦予tao用戶rwx權(quán)限���,看能否寫進去���,如下: # 創(chuàng)建掛載點目錄
[root@CentOS6 ~]# mkdir -pv /data/apps
mkdir: created directory `/data‘
mkdir: created directory `/data/apps‘
#=============================================================================
# 使tao用戶對此目錄有rwx權(quán)限
[root@CentOS6 ~]# setfacl -m u:tao:rwx /data/apps/
[root@CentOS6 ~]# getfacl /data/apps
getfacl: Removing leading ‘/‘ from absolute path names
# file: data/apps
# owner: root
# group: root
user::rwx
user:tao:rwx
group::r-x
mask::rwx
other::r-x
#==============================================================================
# 掛載到/data/apps,切換到tao用戶��,看能否寫
[root@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /data/apps -o username=xiu,password=134296
[root@CentOS6 ~]# mount
/dev/mapper/vg0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg0-usr on /usr type ext4 (rw)
/dev/mapper/vg0-var on /var type ext4 (rw)
/dev/sda5 on /home type ext4 (rw,usrquota,grpquota)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
//192.168.1.17/apps/ on /data/apps type cifs (rw)
[root@CentOS6 ~]# cd /data/apps/
[root@CentOS6 apps]# ll
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt
[root@CentOS6 apps]# su - tao
[tao@CentOS6 ~]$ cd /data/apps/
[tao@CentOS6 apps]$ ls
fstab issue test.txt
[tao@CentOS6 apps]$ echo nulizaiyiqi >> test.txt
-bash: test.txt: Permission denied # 權(quán)限被拒絕 如上��,我們發(fā)現(xiàn)還是被拒絕����,這到底是為什么呢��?這是因為遠程和客戶端用的是id映射�����,和用戶名無關(guān)�,只和id號有關(guān) [root@CentOS6 ~]# ll /data/apps/ # 客戶端顯示的屬主
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt
[root@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
[root@centos7 ~]# ll /samba/tools/ # 服務(wù)端顯示的屬主
total 12
-rwxr--r-- 1 tao tao 1017 Oct 19 21:37 fstab
-rwxr--r-- 1 xiu xiu 90 Oct 19 22:40 issue
-rw-r--r-- 1 xiu xiu 13 Oct 19 23:33 test.txt
[root@CentOS6 ~]# useradd -u 1001 wang # 創(chuàng)建一個同服務(wù)端屬主id號相同的用戶
[root@CentOS6 ~]# su - wang
[wang@CentOS6 ~]$ cd /data/apps/
[wang@CentOS6 apps]$ ls
fstab issue test.txt
[wang@CentOS6 apps]$ echo nulizaiyiqi >> test.txt # 寫操作成功
[wang@CentOS6 apps]$ cat test.txt
taotaoxiuxiu
nulizaiyiqi
[wang@CentOS6 apps]$ ll
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 wang 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 wang 2002 25 Oct 20 2016 test.txt 3)smbstatus命令: ★顯示samba服務(wù)的相關(guān)共享的訪問狀態(tài)信息�; -b:顯示簡要格式信息; -v:顯示詳細格式信息��;
演示 [root@centos7 ~]# smbstatus
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 # 掛載訪問
Service pid machine Connected at
-------------------------------------------------------
IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 # 客戶端方式訪問
No locked files 簡要顯示 -b�,和詳細顯示-v [root@centos7 ~]# smbstatus -b
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1
[root@centos7 ~]# smbstatus -v
using configfile = /etc/samba/smb.conf
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1
Opened /var/lib/samba/connections.tdb
Service pid machine Connected at
-------------------------------------------------------
IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
No locked files 文件共享服務(wù)---Samba
|
