Samba介绍★smb:Service Message Block;服务信息块 ★cifs:Common Internet File System,
★samba:作者:Andrew Tridgell; ★功能:
Samba安装配置1)程序环境
★samba安装 ★主配置文件 ★主程序: ★Unit File
★监听的端口: UDP:137/udp, 138/udp TCP:139/tcp, 445/tcp
★客户端程序:
2)samba的配置
/etc/samba/smb.conf ★主配置文件:/etc/samba/smb.conf 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| [iyunv@centos7 ~]# cd /etc/samba
[iyunv@centos7 samba]# ls
lmhosts smb.conf
[iyunv@centos7 samba]# cp smb.conf{,.bak} # 首先备份
[iyunv@centos7 samba]# ls
lmhosts smb.conf smb.conf.bak
[iyunv@centos7 samba]# grep -i -E "^#[[:space:]]*(=|-)+" smb.conf # 过滤出配置段
#---------------
#-------------- # 全局配置段
#======================= Global Settings =====================================
# ----------------------- Network-Related Options -------------------------
# --------------------------- Logging Options -----------------------------
# ----------------------- Standalone Server Options ------------------------
# ----------------------- Domain Members Options ------------------------
# ----------------------- Domain Controller Options ------------------------
# ----------------------- Browser Control Options ----------------------------
#----------------------------- Name Resolution -------------------------------
# --------------------------- Printing Options -----------------------------
# --------------------------- File System Options ---------------------------
#============================ Share Definitions ==============================
# 用户自定义的共享配置段
|
★两类配置段:
◎全局配置 [global] workgroup = MYGROUP 工作组模型 用来定义工作组 server string = Samba Server Version %v 定义提示信息 interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 指明要监听的地址或网络接口; hosts allow = 127. 192.168.12. 192.168.13. 访问控制,相当于白名单
share (depricated) 匿名共享 server (depricated) 实现集中式身份认证 domain
◎共享文件系统: [shared_ID] 有三类: 常用指令:
2)samba用户管理 ★命令: smbpasswd, pdbedit
1)smbpasswd 语法: smbpasswd [OPTIONS] USERNAME(系统用户) 选项: 2)pdbedit: -L:列出samba服务中的所有用户; -a:添加用户为samba用户;
-u USERNAME:
★访问服务: ☉smbclient交互式客户端程序: smbclient -L SMB_SERVER [-U USERNAME] smbclient //SMB_SERVER[/SHARE_NAME] [-U USERNAME] ☉mount.cifs 注意: 挂载操作中的用户,与-o选项中指定的用户直接产生映射关系;访问挂载,是以-o选项指定的用户身份运行,与本地用户以ID产生映射;
★自定义共享的方式: [shared_ID] comment = path = guest ok = read only = public = browseable = write list = ☉注意: 定义所有用户在服务级的写权限write = yes (read only = no)不建议与write list同时使用;
命令演示:
1.添加用户
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| [iyunv@centos7 ~]# pdbedit -a -u tao # 添加用户
new password:
retype new password:
Unix username: tao
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1194301372-4224252613-970535052-1000
Primary Group SID: S-1-5-21-1194301372-4224252613-970535052-513
Full Name:
Home Directory: \\centos7\tao
HomeDir Drive:
Logon Script:
Profile Path: \\centos7\tao\profile
Domain: CENTOS7
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 18 Oct 2016 23:24:50 CST
Password can change: Tue, 18 Oct 2016 23:24:50 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[iyunv@centos7 ~]# pdbedit -L # 列出samba用户
tao:1000:
[iyunv@centos7 ~]# pdbedit -a -u xiu # 再添加一个用户xiu
[iyunv@centos7 ~]# pdbedit -L
tao:1000:
xiu:1001:
|
启动samba服务,并查看端口号
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [iyunv@centos7 ~]# systemctl start nmb.service smb.service
[iyunv@centos7 ~]# ss -unl # 查看udp端口 137,138
State Recv-Q Send-Q Local Address:Port Peer Address:Port
UNCONN 0 0 *:68 *:*
UNCONN 0 0 192.168.1.255:137 *:*
UNCONN 0 0 192.168.1.15:137 *:*
UNCONN 0 0 *:137 *:*
UNCONN 0 0 192.168.1.255:138 *:*
UNCONN 0 0 192.168.1.15:138 *:*
UNCONN 0 0 *:138 *:*
UNCONN 0 0 127.0.0.1:323 *:*
UNCONN 0 0 *:34320 *:*
UNCONN 0 0 :::10025 :::*
UNCONN 0 0 ::1:323 :::*
[iyunv@centos7 ~]# ss -tnl # 查看tcp协议端口 139,445
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:6012 *:*
LISTEN 0 50 *:445 *:*
LISTEN 0 50 *:3306 *:*
LISTEN 0 50 *:139 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 127.0.0.1:631 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 127.0.0.1:6010 *:*
LISTEN 0 128 127.0.0.1:6011 *:*
LISTEN 0 128 ::1:6012 :::*
LISTEN 0 50 :::445 :::*
LISTEN 0 50 :::139 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 128 ::1:631 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 ::1:6010 :::*
LISTEN 0 128 ::1:6011 :::*
|
2.smbclient命令查看目标主机上的共享
这里以centos 6 主机作为客户端,访问作为samba服务器的centos 7
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
| # 匿名访问,不输入密码,如下:
[iyunv@CentOS6 ~]# smbclient -L 192.168.1.15
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL
# 已创建的系统用户来访问,如下:
[iyunv@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
tao Disk Home Directories
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL
|
3.smbclient命令访问目标主机上的共享服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
| [iyunv@CentOS6 ~]# smbclient //192.168.1.15/ -U tao
Enter tao's password:
[iyunv@CentOS6 ~]# smbclient //192.168.1.15/tao -U tao # 要添加访问共享的shaaname
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> help # 获取帮助
? allinfo altname archive blocksize
cancel case_sensitive cd chmod chown
close del dir du echo
exit get getfacl geteas hardlink
help history iosize lcd link
lock lowercase ls l mask
md mget mkdir more mput
newer open posix posix_encrypt posix_open
posix_mkdir posix_rmdir posix_unlink print prompt
put pwd q queue quit
readlink rd recurse reget rename
reput rm rmdir showacls setea
setmode stat symlink tar tarmode
timeout translate unlock volume vuid
wdel logon listconnect showconnect ..
!
smb: \> pwd # 显示的是samba服务器上系统用户tao的家目录
Current directory is \\192.168.1.15\tao\
smb: \> ls
. D 0 Tue Oct 18 13:09:36 2016
.. D 0 Tue Oct 18 11:38:44 2016
.mozilla DH 0 Mon Jul 25 23:57:35 2016
.bash_logout H 18 Fri Nov 20 13:02:30 2015
.bash_profile H 193 Fri Nov 20 13:02:30 2015
.bashrc H 231 Fri Nov 20 13:02:30 2015
.zshrc H 658 Fri Nov 20 21:11:02 2015
.Xauthority H 53 Sun Sep 11 11:11:49 2016
.cache DH 0 Sun Sep 11 11:11:49 2016
.config DH 0 Tue Oct 18 12:38:09 2016
.bash_history H 361 Tue Oct 18 12:43:06 2016
.mysql_history H 268 Mon Oct 17 16:18:28 2016
pub D 0 Tue Oct 18 09:16:21 2016
upload D 0 Tue Oct 18 09:20:53 2016
xiu D 0 Tue Oct 18 09:36:02 2016
.local DH 0 Tue Oct 18 12:38:09 2016
f1 13 Tue Oct 18 13:09:36 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> put /etc/fstab # 上传Cen 6 中的文件发现不能上传,这里最好使用当前路径
NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/etc/fstab
smb: \> lcd /etc # 切换到要上传文件的当前目录中
smb: \> put fstab # 上传文件,发现可以上传这是因为系统文件中定义的writable=YES,有写权限,并且tao用户对自己的家目录也有写权限
putting file fstab as \fstab (52.3 kb/s) (average 52.3 kb/s)
smb: \> ls
. D 0 Wed Oct 19 00:11:59 2016
.. D 0 Tue Oct 18 11:38:44 2016
.mozilla DH 0 Mon Jul 25 23:57:35 2016
.bash_logout H 18 Fri Nov 20 13:02:30 2015
.bash_profile H 193 Fri Nov 20 13:02:30 2015
.bashrc H 231 Fri Nov 20 13:02:30 2015
.zshrc H 658 Fri Nov 20 21:11:02 2015
.Xauthority H 53 Sun Sep 11 11:11:49 2016
.cache DH 0 Sun Sep 11 11:11:49 2016
.config DH 0 Tue Oct 18 12:38:09 2016
.bash_history H 361 Tue Oct 18 12:43:06 2016
.mysql_history H 268 Mon Oct 17 16:18:28 2016
pub D 0 Tue Oct 18 09:16:21 2016
upload D 0 Tue Oct 18 09:20:53 2016
xiu D 0 Tue Oct 18 09:36:02 2016
.local DH 0 Tue Oct 18 12:38:09 2016
f1 13 Tue Oct 18 13:09:36 2016
fstab #已上传的文件 A 1017 Wed Oct 19 00:11:59 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> ^C
|
4.自定义共享服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| [iyunv@centos7 ~]# mkdir -pv /samba/tools # 创建共享的目录
mkdir: created directory ‘/samba’
mkdir: created directory ‘/samba/tools’
[iyunv@centos7 ~]# vim /etc/samba/smb.conf # 编辑主配置文件
[apps] # 自定义一个共享名
comment = tools # 注释为tools工具
path = /samba/tools # 本地文件系统路径
browseable = yes # 允许非属主,数组浏览
guest ok = yes # 允许来宾访问,即匿名用户
writable = yes # 允许写操作(如:上传和删除等)
# 配置好之后保存退出,并测试语法
[iyunv@centos7 samba]# testparm # 语法测试
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[apps]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# 敲回车,打印出服务所有的生效配置
# Global parameters
[global]
workgroup = MYGROUP
server string = Samba Server Version %v
security = USER
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No
[apps]
comment = tools
path = /samba/tools
read only = No # 非只读,代表可写
guest ok = Yes
[iyunv@centos7 samba]# systemctl restart smb 重启服务
|
查看共享服务,并访问
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| # 查看系统用户下的共享服务
[iyunv@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
apps Disk tools
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
tao Disk Home Directories
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
CENTOS7 Samba Server Version 4.2.3
Workgroup Master
--------- -------
MYGROUP CENTOS7
WORKGROUP PC-20160624QLWL
|
访问共享服务
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| # 匿名用户(来宾账号)可以登录,但是不能上传文件
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> !pwd
/etc
smb: \> put fstab # 不能上传
NT_STATUS_ACCESS_DENIED opening remote file \fstab
smb: \> ^C
# 系统账号登录,访问共享服务
[iyunv@CentOS6 ~]# smbclient //192.168.1.15/apps -U tao # 指定共享服务目录为apps
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> pwd
Current directory is \\192.168.1.15\apps\ # 在apps下
smb: \> ls
. D 0 Wed Oct 19 00:31:41 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
NT_STATUS_ACCESS_DENIED opening remote file \fstab # 不能上传,虽然服务有写权限,但是对目录对文件系统没有写权限
smb: \>
|
要想使tao用户可以上传和删除文件,除了系统当中的定义的允许写操作外,目录文件系统也要有写权限才可以,仅对tao用户定义如下:
1
2
3
4
5
6
7
8
9
10
11
| [iyunv@centos7 ~]# setfacl -m u:tao:rwx /samba/tools # 设定tao用户的rwx权限
[iyunv@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading '/' from absolute path names
# file: samba/tools
# owner: root
# group: root
user::rwx
user:tao:rwx
group::r-x
mask::rwx
other::r-x
|
再次访问上传如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| [iyunv@CentOS6 ~]# smbclient //192.168.1.15/apps -U tao
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 00:31:41 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
putting file fstab as \fstab (99.3 kb/s) (average 99.3 kb/s) #上传成功
smb: \> ls
. D 0 Wed Oct 19 01:00:43 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 01:00:43 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> rm fstab # 删除文件
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \>
|
5.假设现在tao用户和xiu用户都有写操作,即可以向/samba/tools上传文件,但是我只想允许让tao有上传权限,xiu用户不可以传,该如何设置呢? 如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| [iyunv@centos7 ~]# setfacl -m u:xiu:rwx /samba/tools
[iyunv@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading '/' from absolute path names
# file: samba/tools
# owner: root
# group: root
user::rwx
user:tao:rwx
user:xiu:rwx # xiu用户对文件也有rwx权限
group::r-x
mask::rwx
other::r-x
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 系统用户xiu登录访问
Enter xiu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:12:29 2016
.. D 0 Wed Oct 19 00:31:41 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \> lcd /etc
smb: \> put issue # 上传成功
putting file issue as \issue (4.2 kb/s) (average 4.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40071 blocks available
smb: \> ^C
|
编辑配置文件/etc/samba/smb.conf
重启服务,访问如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| [iyunv@centos7 samba]# systemctl restart smb # 重启服务
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # xiu用户再次登录
Enter xiu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab
NT_STATUS_ACCESS_DENIED opening remote file \fstab
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps -U tao # tao用户可以上传文件
Enter tao's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:28:02 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put fstab # 上传成功
putting file fstab as \fstab (55.2 kb/s) (average 55.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 21:37:12 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available
|
6.定义属组,是属组中的用户都有写权限
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| [iyunv@centos7 ~]# groupadd distro
[iyunv@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x+ 2 root root 30 Oct 19 21:37 /samba/tools/
[iyunv@centos7 ~]# chgrp distro /samba/tools/
[iyunv@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x+ 2 root distro 30 Oct 19 21:37 /samba/tools/
[iyunv@centos7 ~]# setfacl -b /samba/tools # 为了保证实验,清空目录的acl权限
[iyunv@centos7 ~]# getfacl /samba/tools
getfacl: Removing leading '/' from absolute path names
# file: samba/tools
# owner: root
# group: distro
user::rwx
group::r-x
other::r-x
[iyunv@centos7 ~]# chmod 775 /samba/tools/ # 设定目录的属组有写权限
[iyunv@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x 2 root distro 30 Oct 19 22:23 /samba/tools/
[iyunv@centos7 ~]# usermod -a -G distro tao
[iyunv@centos7 ~]# usermod -a -G distro xiu
[iyunv@centos7 ~]# id tao
uid=1000(tao) gid=1000(tao) groups=1000(tao),2003(distro)
[iyunv@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
|
编辑配置文件/etc/samba/smb.conf如下:
重启服务,访问如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| [iyunv@centos7 samba]# systemctl restart smb
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 使用xiu用户登录
Enter xiu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 21:37:12 2016
.. D 0 Wed Oct 19 00:31:41 2016
issue A 90 Wed Oct 19 21:28:02 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> pwd
Current directory is \\192.168.1.17\apps\
smb: \> rm issue # 可以删除
smb: \> ls
. D 0 Wed Oct 19 22:22:30 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> lcd /etc
smb: \> put issue # 可以上传
putting file issue as \issue (5.2 kb/s) (average 5.2 kb/s)
smb: \> ls
. D 0 Wed Oct 19 22:23:51 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
issue A 90 Wed Oct 19 22:23:51 2016
40940 blocks of size 1048576. 40072 blocks available
#==================================================================================
[iyunv@centos7 ~]# gpasswd -d xiu distro # 把秀从组中移除
Removing user xiu from group distro
[iyunv@centos7 ~]# groupmems -g distro -l # 查看组成员
tao
# 再次使用秀用户登录,发现不能上传,如下
[iyunv@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu
Enter xiu's password:
Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Wed Oct 19 22:40:22 2016
.. D 0 Wed Oct 19 00:31:41 2016
fstab A 1017 Wed Oct 19 21:37:12 2016
issue A 90 Wed Oct 19 22:40:22 2016
40940 blocks of size 1048576. 40072 blocks available
smb: \> pwd
Current directory is \\192.168.1.17\apps\
smb: \> rm issue # 不能删除
NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file \issue
NT_STATUS_MEDIA_WRITE_PROTECTED listing \issue
smb: \> lcd /etc
smb: \> put issue # 不能上传
NT_STATUS_ACCESS_DENIED opening remote file \issue
|
7.使用mount.cifs访问
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| [iyunv@centos7 ~]# usermod -a -G distro xiu # 把xiu用户加入到distro组中,即也有写权限
[iyunv@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
[iyunv@centos7 ~]# ll -d /samba/tools/
drwxrwxr-x 2 root distro 63 Oct 19 23:24 /samba/tools/
# 使用mount -t cifs(mount.cifs)方式指明smb服务器,共享目录,以及使用登陆的系统用户和密码
[iyunv@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /mnt -o username=xiu,password=134296
[iyunv@CentOS6 ~]# mount # 查看挂载点
/dev/mapper/vg0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg0-usr on /usr type ext4 (rw)
/dev/mapper/vg0-var on /var type ext4 (rw)
/dev/sda5 on /home type ext4 (rw,usrquota,grpquota)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
//192.168.1.17/apps/ on /mnt type cifs (rw) # 已经挂载上了
[iyunv@CentOS6 ~]# cd /mnt/
[iyunv@CentOS6 mnt]# ls
fstab issue
[iyunv@CentOS6 mnt]# echo taotaoxiuxiu > test.txt # 可见客户端的root用户对挂载点/mnt有写权限
[iyunv@CentOS6 mnt]# su - tao # 切换到一个普通用户
[tao@CentOS6 ~]$ cd /mnt/
[tao@CentOS6 mnt]$ ls
fstab issue test.txt
[tao@CentOS6 mnt]$ cat test.txt
taotaoxiuxiu
[tao@CentOS6 mnt]$ echo nulixiangqian >> test.txt
-bash: test.txt: Permission denied # 虽然在服务端系统用户有写权限(包括文件系统),但客户单普通用户对挂载点没有写权限
|
既然如此,我们就在本地创建一个目录/data/apps专门作为挂载点,并赋予tao用户rwx权限,看能否写进去,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
| # 创建挂载点目录
[iyunv@CentOS6 ~]# mkdir -pv /data/apps
mkdir: created directory `/data'
mkdir: created directory `/data/apps'
#=============================================================================
# 使tao用户对此目录有rwx权限
[iyunv@CentOS6 ~]# setfacl -m u:tao:rwx /data/apps/
[iyunv@CentOS6 ~]# getfacl /data/apps
getfacl: Removing leading '/' from absolute path names
# file: data/apps
# owner: root
# group: root
user::rwx
user:tao:rwx
group::r-x
mask::rwx
other::r-x
#==============================================================================
# 挂载到/data/apps,切换到tao用户,看能否写
[iyunv@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /data/apps -o username=xiu,password=134296
[iyunv@CentOS6 ~]# mount
/dev/mapper/vg0-root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/sda1 on /boot type ext4 (rw)
/dev/mapper/vg0-usr on /usr type ext4 (rw)
/dev/mapper/vg0-var on /var type ext4 (rw)
/dev/sda5 on /home type ext4 (rw,usrquota,grpquota)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
//192.168.1.17/apps/ on /data/apps type cifs (rw)
[iyunv@CentOS6 ~]# cd /data/apps/
[iyunv@CentOS6 apps]# ll
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt
[iyunv@CentOS6 apps]# su - tao
[tao@CentOS6 ~]$ cd /data/apps/
[tao@CentOS6 apps]$ ls
fstab issue test.txt
[tao@CentOS6 apps]$ echo nulizaiyiqi >> test.txt
-bash: test.txt: Permission denied # 权限被拒绝
|
如上,我们发现还是被拒绝,这到底是为什么呢?这是因为远程和客户端用的是id映射,和用户名无关,只和id号有关
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| [iyunv@CentOS6 ~]# ll /data/apps/ # 客户端显示的属主
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt
[iyunv@centos7 ~]# id xiu
uid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
[iyunv@centos7 ~]# ll /samba/tools/ # 服务端显示的属主
total 12
-rwxr--r-- 1 tao tao 1017 Oct 19 21:37 fstab
-rwxr--r-- 1 xiu xiu 90 Oct 19 22:40 issue
-rw-r--r-- 1 xiu xiu 13 Oct 19 23:33 test.txt
[iyunv@CentOS6 ~]# useradd -u 1001 wang # 创建一个同服务端属主id号相同的用户
[iyunv@CentOS6 ~]# su - wang
[wang@CentOS6 ~]$ cd /data/apps/
[wang@CentOS6 apps]$ ls
fstab issue test.txt
[wang@CentOS6 apps]$ echo nulizaiyiqi >> test.txt # 写操作成功
[wang@CentOS6 apps]$ cat test.txt
taotaoxiuxiu
nulizaiyiqi
[wang@CentOS6 apps]$ ll
total 12
-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab
-rwxr--r-- 1 wang 2002 90 Oct 19 2016 issue
-rw-r--r-- 1 wang 2002 25 Oct 20 2016 test.txt
|
3)smbstatus命令: ★显示samba服务的相关共享的访问状态信息;
演示
1
2
3
4
5
6
7
8
9
10
11
12
13
| [iyunv@centos7 ~]# smbstatus
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 # 挂载访问
Service pid machine Connected at
-------------------------------------------------------
IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 # 客户端方式访问
No locked files
|
简要显示 -b,和详细显示-v
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| [iyunv@centos7 ~]# smbstatus -b
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1
[iyunv@centos7 ~]# smbstatus -v
using configfile = /etc/samba/smb.conf
Samba version 4.2.3
PID Username Group Machine Protocol Version
------------------------------------------------------------------------------
2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1
Opened /var/lib/samba/connections.tdb
Service pid machine Connected at
-------------------------------------------------------
IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016
No locked files
|
| 
QQ群⑧:
窥视卡
雷达卡
发表于 2016-10-20 08:42:51
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡