Samba
--------------------------Samba-------------------------------
----------------------------------------------------------------------------------------------------------------
-------简洁配置:
/*a*/共享Linux文件
'1'修改/etc/samba/smb.conf
security user; //user安全级别
[homes]
browseable = yes //如共享用户主目录,则:setsebool -P samba_enable_home_dirs on;
//否则,登录主目录后,不显示文件
[share]
path = /samba_share //新建的文件夹必须:chcon -t samba_share_t /samba_share;其中文件将自动继承selinux type
//否则无法登入该目录。
public no
;valide users = Jon Jenny Jacky //注释掉,则valide users 相当于 'all samba users'
read list = abc jacky +Samba //拥有只读权限的用户列表
write list = +Lung Jon // rw
'2'创建samba用户
smbpasswd -a jacky //jacky必须首先是系统用户
'3'重启service smb restart
'4'检测:
testparm
smbclient -L //192.168.0.1/share //不需要密码
'5'登录使用
smbclient //desktop20.example.com/share -U jacky
'6'挂载使用
mount.cifs -o user=jacky //192.168.0.20/share /mnt/smb
/*b*/共享Windows文件
mount.cifs -o user=winxp //winxp/share /mnt/smb
注:
在Server端开放目录中增删改后,不需要重启samba,Client端便可以同步查看更改。
=================================================================================================================
-------功能
1.Samba(SMB是其缩写) 是一个网络服务器,用于Linux和Windows共享文件之用;Samba 即可以用于Windows和Linux之间的共享文件,也一样用于Linux和Linux之间的共享文件;不过对于
Linux和Linux之间共享文件有更好的网络文件系统NFS,NFS也是需要架设服务器的
-------进程
1.smbd |smb //samba服务器守护进程,samba的内核。作用:让其它机器能知道此机器共享了什么
2.nmbd |nmb //samba守护进程,提供NetBIOS解析,使得samba服务器显示在Windows网络邻居中。
//而nmb是解析用的,解析了什么呢?就是把这台Linux机器所共享的工作组及在此工作组下的netbios name解析出来;
//如果不打开nmb服务器的话,只能通过IP来访问,比如在Windows的IE浏览器上打入下面的一条来访问;
(windows下以 反斜杠开头) \\192.168.1.5\共享目录 \\192.168.1.5\opt
-------文件
/etc/samba/smb.conf|smbpasswd|smbusers|lmhosts
2)编辑/etc/samba/smbusers
smbusers文件保存帐号映射关系,其有固定滴格式:
samba帐号 = 虚拟帐号(映射帐号)
smbclient //192.168.0.148/test -U root%root 《==》 smbclient //192.168.0.148/test -U admin%root
-------**************配置过程******************************
-------------配置security=share级别samba服务器
1.security = share
2.注释掉 # smb passwd file = ................
-------------配置security=user级别samba服务器:三部----
0--------启动smb & nmb
--------创建smaba用户
1.aaa:111 | bbb:222 //samba密码
1.------修改配置文件:smb.conf
sercurity = user;
guest account = aaa
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
[home]
browseable = yes;
2.------创建samba用户
2.1-----创建系统用户
useradd aaa;
passwd ***;
2.2-----创建smbpasswd 文件
-----添加大量用户
a.cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
b.smbpasswd -s jacky //创建非加密的密码,登录samba验证需要非加密的密码
-----诼个添加smb用户
a.smb passwd file = /etc/samba/smbpasswd //修改配置文件,添加此行;注释掉passwd backend = tdbsam
b.smbpasswd -a aaa //此时回自动创建smbpasswd文件。
2.3-----建 立samba口令
smbpasswd -a aaa
2.4-----重启samba
service smb restart
2.5-----测试smb.conf文件正确性 / 查看资源共享情况
testparm / smbclient -L localhost.localdomain
-------------------------------samba测试用例及过程记录
--------准备工作
创建samba用户:aaa|111 bbb|222
添加共享文件:/tmp +wr -> aaa /tmp +r -> bbb ;分别命名为tmp/tmp1
/var/log +wr -> everyone log文件夹设置为所有人读写
--------security = share
此时,从Windows网络共享中登录samba服务器,无需输入密码;
能读写的文件(夹)的权限必须设置为对所有人: log文件夹,虽然已将权限设置为:对所有人读写。但操作系统对文件的权限并未开放,所以仍然不可访问。
--------security = user
此时,从Windows登录samba服务器,须输入密码
例如,aaa|111 登录,则在samba共享中可以看到的文件夹:aaa / bbb / homes / tmp / tmp1
aaa可以进入的文件夹:aaa / homes / tmp ; 不可进入tmp1
例如,bbb|222 登录,则在samba共享中可以看到的文件夹:aaa / bbb / homes / tmp / tmp1
aaa可以进入的文件夹:bbb / homes / tmp1 ; 不可进入tmp
------------------命令
0.smbstatus //SMB当前网络链接状态
0.testparm //修改完配置文件conf后,测试conf的正确性
1.ntsysv //图形化设置开机启动Samba
1.1 chkconfig samba on //终端通过命令直接设置开机启动进程
2.service smb start|stop|restart|status //启动
3.rpm -qa | grep samba //确认是否安装
4.setsebool -P samba_domain_controller on //在SELinux下可以useradd | groupadd
5.setsebool -P samba_enable_home_dirs on //共享home目录
6./etc/selinux/config中 将SELINUX=disabled ,然后重启 //关闭SELinux
7.encrypt passwords = yes //在smb.conf中添加两行
smb passwd file = /etc/samba/smbpasswd
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd //创建smbpasswd文件
8.------------------查看共享资源的结构树
[root@localhost init.d]# smbtree
Enter jacky's password:
WORKGROUP
session request to 192.168.0.1 failed (Called name not present)
session request to *SMBSERVER failed (Called name not present)
\\JACKY-PC
LINUX
\\FEDORA Samba Server Version 3.5.8-76.fc14
\\FEDORA\homes Home Directories
\\FEDORA\tmp tmp文件夹,可读写
\\FEDORA\tmp-1 read-only
\\FEDORA\log
\\FEDORA\student
\\FEDORA\bbb
\\FEDORA\IPC$ IPC Service (Samba Server Version 3.5.8-76.fc14)
BMHGROUP
\\RHEL Samba Server Version 3.0.33-3.28.el5
\\RHEL\IPC$ IPC Service (Samba Server Version 3.0.33-3.28.el5)
\\RHEL\homes Home Directories
\\RHEL\share Share Security
\\RHEL\user User Security
-------*******************启动方式
1./etc/init.d/smb start|stop|... //一般的情况下,在RPM包的系统,如果是用RPM包安装的Samba ,一般可以通过如下的方式来启动Samba服务器;
/etc/init.d/目录下:服务的可执行文件。
/etc/init.d/nmb start|stop|...
2.service smb /nmb start|stop...
--------查看服务器是否运行起来了,则用下面的命令;
[root@localhost ~]# pgrep smbd
[root@localhost ~]# pgrep nmbd
--------关掉Samba服务器,也可以用下面的办法,大多是通用的;要root权限来执行;
[root@localhost ~]# pkill smbd
[root@localhost ~]# pkill nmbd
--------查看Samba 服务器的端口及防火墙;
查看这个有何用呢?有时你的防火墙可能会把smbd服务器的端口封掉,所以我们应该smbd服务器所占用的端口;下面查看中,我们知道smbd所占用的端口是139和445 ;
[root@localhost ~]# netstat -tlnp |grep smb
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 10639/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 10639/smbd
如果您有防火墙,一定要把这两个端口打开。如果不知道怎么打开。可能你和我一样是新手,还是把防火墙规则清掉也行;
[root@localhost ~]# iptables -F //iptables 是建立在 netfilter 架构基础上的一个包过滤管理工具,最主要的作用是用来做防火墙或透明代理。
或
[root@localhost ~]# /sbin/iptables -F
****************查看共享文件*--------------
8.smbclient -L localhost //查看Linux & Windows资源共享情况
9.smbclient -L JACKY-PC / IP地址 //参看Windwos共享资源
10. smbclient -L FEDORA -U aaa //查看Linux的aaa用户的共享资源
----------匿名查看samba服务器,查看共享资源信息
====步骤:
11.[root@localhost dir]# smbclient -L RHEL
Enter root's password: //不输入密码:匿名登录RHEL主机上的Samba服务器,查看共享资源
Domain=[BMHGROUP] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]
Sharename Type Comment
--------- ---- -------
homes Disk Home Directories
share Disk Share Security
user Disk User Security
IPC$ IPC IPC Service (Samba Server Version 3.0.33-3.28.el5)
Domain=[BMHGROUP] OS=[Unix] Server=[Samba 3.0.33-3.28.el5]
Server Comment
--------- -------
RHEL Samba Server Version 3.0.33-3.28.el5
Workgroup Master
--------- -------
BMHGROUP
------------为samba服务器添加允许使用samba的用户------------------
1.useradd ddd //samba的用户必须先是系统的用户,所以首先创建系统用户
2.smbpasswd -a ddd //将ddd加入到samba服务器的用户,并按提示设置ddd的smbpasswd
3.vim smbpasswd //查看新添加的samba用户
/*********************smbpasswd***********************/
When run by root:
smbpasswd [options] [username]
otherwise:
smbpasswd [options]
options:
-L local mode (must be first option)
-h print this usage message
-s use stdin for password prompt
-c smb.conf file Use the given path to the smb.conf file
-D LEVEL debug level
-r MACHINE remote machine //登录远程samba服务器
-U USER remote username
extra options when run by root or in local mode: //只有root才可以执行的选项options
-a add user //添加smb用户
-d disable user //
-e enable user
-i interdomain trust account
-m machine trust account
-n set no password //将密码设为none(前提是必须已经 -a 创建该用户)
-W use stdin ldap admin password
-w PASSWORD ldap admin password
-x delete user //删除smb用户
-R ORDER name resolve order
***********************************登录samba服务器*********************
------------Linux访问自身linux的共享资源
------设置Linux共享文件权限
------case1:security=user 级别
1.smbclient //FEDORA/tmp -U aaa%111 //登录本机Linux的共享文件资源:FEDORA/tmp; 用户:aaa; 密码:111
2.smbclient //192.168.0.139/tmp -U aaa //等待提示输入aaa用户密码:111;即可进入tmp目录
------case2:security=share 级别
1.smbclient //FEDORA/tmp //此时无需 -U 指定用户
------------Linux访问Windows共享资源
------设置Windows共享文件的权限
具体步骤:1.选中共享文件,属性 -> 共享 -> 高级共享 -> 权限 -> 添加 -> 高级 -> 立即查找:来添加文件的用户,即从现有windows系统用户中选择作为该文件的使用者
2.如果1不行的话,则需要更改 属性 -> 安全 中相关设置。通常¨安全选项卡¨有Everyone用户即可。
------case1:security=user 级别
1.smbclient //JACKY-PC/Users -U jacky1%jackydalong //即可进入;
2.smbclient //JACKY-PC/Users -U jacky2 //等待提示输入jacky2用户密码:jacky2.
3.smbclient //JACKY-PC/Users -U Everyone //Everyone用户无需输入密码
4.smbclient //JACKY-PC/Users -U Administrator%jacywangdalong
5.smbclient //221.205.45.210/Users [-W WORKGROUP] -U jacky1 //可省略 -W
注意://JACKY-PC/Users 不得省略文件夹名
------------Windows访问Linux共享资源
----XP下
网上邻居中即可查看;
----Win7
网络共享中,记得打开¨网络发现¨
------------说明:登录到Samba服务器上,就可以用smbclient的一些指令,可以象用FTP指令一样上传和下载文件;
smbclient 命令说明
命令 说明
?或help [command] 提供关于帮助或某个命令的帮助
![shell command] 执行所用的SHELL命令,或让用户进入 SHELL提示符
cd [目录] 切换到服务器端的指定目录,如未指定,则 smbclient 返回当前本地目录
lcd [目录] 切换到客户端指定的目录;
dir 或ls 列出当前目录下的文件;
exit 或quit 退出smbclient
get file1 file2 从服务器上下载file1,并以文件名file2存在本地机上;如果不想改名,可以把file2省略
mget file1 file2 file3 filen 从服务器上下载多个文件;
md或mkdir 目录 在服务器上创建目录
rd或rmdir 目录 删除服务器上的目录
put file1 [file2] 向服务器上传一个文件file1,传到服务器上改名为file2;
mput file1 file2 filen 向服务器上传多个文件
------------Error:排除samba错误
1.tree connect failed: NT_STATUS_BAD_NETWORK_NAME //此时应该是 ¨//JACKY-PC/filename¨ 中filename名字拼错;
2.tree connect failed: NT_STATUS_ACCESS_DENIED //此时因该是 ¨-U jacky1¨ 中jacky1的密码输错;
//或者是Windows下的该共享文件的 属性->共享 | 安全 选项卡中为对jacky1授权。
*********************************在Linux中挂载Windows的 CIFS 文件系统***************************************
------------设置Windows共享文件夹权限:即为共享资源添加 用户(注:属性-》共享 中设置)
1-------设置权限用户或组:
用户:jacky & jacky2
用户组:Everyone & Administrators [Everyone组:使得任何Guest(来宾)用户能够无需密码 进行操作,including挂载,如user=abc]
/*(此处共享文件夹为 Users:Windows公用文件夹(Windows想共享的文件都可以放在 Users 的子文件夹中,such as,Pictures)
故以拥有对 Users文件夹 不同访问权限的Windows用户身份,挂载到Linux下时,在Users文件夹中显示的文件稍有不同;
即,---------jacky/jacky2/Administrator:属于Administrators组
如果以jacky用户挂载,则可以看到jacky文件夹;
jacky2 jacky2
Administrator Administrator
---------abc/jacky1:属于Everyone组
abc Guest
jacky1 Guest
)*/
------------命令格式(1 和 2等价格式)
1. mount.cifs -o user=jacky,pass=jackydalong //JACKY-PC/Users /mnt/winshare
[root@localhost mnt]# ls -h winshare/
Administrator Default desktop.ini jacky Public 注:jacky是Windows的管理员,所以有Administrator & jacky
2. mount -t cifs -o username=jacky1,password=fffff //JACKY-PC/Users /mnt/winshare
[root@localhost mnt]# ls winshare/
Default desktop.ini Guest Public 注:jacky1是Guest用户,属于Everyone组,故有Guest文件夹
3.mount.cifs -o user=jack //JACKY-PC/Users /mnt/winshare 注:Everyone组可以无需密码操作
******************************************************************************************************************
*************************/*******smb.conf中访问权限的思索*******/*************************
a.
security = share/user //这行只说明了登录samba服务器(RHEL)时,是匿名登录 / 用户验证 登录
\
(这两次登录互不影响) ====》这两行登录的用户都是由smbpasswd -a user添加的用户;
/
public = yes / no //该行说明:访问共享资源文件夹时,是否可以匿名访问 / 用户验证 登录
/**注:只有当security=share时,public=yes/no 才有意义;
因为,share表明登录RHEL是匿名用户,匿名用户只能访问public=yes的共享目录;
如想访问public=no的共享目录,则要求 匿名用户 经过身份验证 -> 变成 ‘非匿名’用户,才有权限访问。
例如,有 Jenny/ 和 Jon/ 两个public = no的共享资源,如 以某个samba用户 经过非匿名验证 进入Jenny/ 的同时即可 不用在经过验证进入 Jon/
(登录samba的整个过程中,最多只需“非匿名”验证 一次)
如果当security=user时,在登录RHEL时已经过 身份验证,已经拥有访问public=no共享目录的权限,可以直接进入所有共享资源目录
*/
b.冲突解决方案:
security = share
\
---> '这两者一起使用'
/
public = yes / no
security = user
\
---> '一起使用'
/
valid users = Jenny Jacky ('可选':如果省略,则所有smb用户都可访问该目录;不省略,则只有Jenny Jacky可以访问)
3.write/read list = @Lung +Bmh abc //这行说明 访问共享资源文件夹的 哪些用户拥有 读/写 权限(前提:Linux开放相关的权限)
smb.conf
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================
[global]
# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
# 1 // netbios,可以让RHEL出现在网络邻居中,很可能开始一段时间无法出现
# 2 // 但是可以通过\\RHEL(可能刚开始不起作用)或\\RHEL\public来访问
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = bmhgroup //工作组名称
server string = Samba Server Version %v //%v:samba version
username map = /etc/samba/smbusers //定以smbusers的别名:详情惨遭smbusers文件
netbios name = RHEL //定以samba服务器的名称
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 //nterfaces lets you configure Samba to use multiple interfaces
; hosts allow = 127. 192.168.12. 192.168.13.
; hosts deny = 221.205.99.44 169.254.192.123 //# hosts deny这行使我加的,但不起作用
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
# logs split per machine
; log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
; max log size = 50
# ----------------------- Standalone Server Options ------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
security = user //security级别:
; passdb backend = tdbsam
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; passdb backend = tdbsam
; realm = MY_REALM
; password server = <NT-Server-Name>
# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; local master = no
; os level = 33
; preferred master = yes
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
; load printers = yes
cups options = raw
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; encrypt passwords = yes
; guest ok = no
; guest account = nobody
; store dos attributes = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
; browseable = no
writable = yes
valid users = %S //注释掉下一行,则用户通过自身密码验证和系统权限验证就可以访问其他用户的目录
//如果只限制用户访问自己家的资源 开启即可
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; guest ok = no
; writable = No
printable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
# A publicly accessible directory, but read only, except for people in
# the "staff" group
#
#
# /*public 只有在security=share时,起作用;因为此时登录RHEL都是匿名登录,所以匿名用户
# 在访问共享文件夹时,将根据public来决定是否 需要验证;
# 如果 security = user时,此时登录RHEL的用户都是smb用户,已经过验证,所以
# 不会再次验证。
# public = yes :等价于guest ok = yes,允许匿名访问. //即使security=user时,用户登录该共享目录时,也不许要输入密码
# public = no :匿名登录RHEL的用户只能看见public,但无权访问*/
# //writable = no:限制匿名用户不可以写;
# //write list= +staff @teacher Jenny:列出了可以写的组(staff/teacher)和用户(Jenny)
# //Lung组:Jenny&Jon; Bmh组:jacky
[share]
//该目录支持匿名访问(即无需密码验证),只有Lung组用户有写权限
comment = Share Security
; browseable = yes //browseable = no:则进入RHEL后,看不到public目录;默认是yes
path = /mnt
public = yes
writable = no
; printable = no
write list = +Lung
[Jenny]
comment = User Security
; browseable = yes
path = /tmp/smbJenny
public = yes
#valid users 和 security = share 冲突;
valid users = Jenny //valid users= Jenny:使得只有Jenny可以访问该目录。
//其他用户,如Jon不能登录
writable = no
; printable = no
write list = +Bmh Jenny //+Bmh:组用户
[Jon]
comment = User Security
; browseable = yes
path = /tmp/smbJon
public = yes
#因为下行注释掉,所以凡是smb用户都可以通过身份验证进入,例如Jenny
; valid users = Jon
#writable = no;否则writelist之外的也有 写权限
writable = no
write list = Jon @Bmh //@Bmh:组用户
[Lung]
comment = User Security
; browseable = yes
path = /tmp/smbLung
public = yes
//只有Jenny Jon可以访问,jacky无权访问
valid users = Jenny Jon
writable = no
write list = +Lung
b.冲突解决方案:
security = share
\
---> '这两者一起使用'
/
public = yes / no
security = user
\
---> '一起使用'
/
valid users = Jenny Jacky ('可选':如果省略,则所有smb用户都可访问该目录;不省略,则只有Jenny Jacky可以访问)
我在IBM工作,可以为大家内部推荐IBM各种职位
IBM全球职位尽在以下链接(请在浏览器中打开,QQ/微信 会阻止):
http://ibmreferrals.com/
很乐意为感兴趣的小伙伴分享:我的面试经验^_^
如需咨询,请邮件发送以下邮箱,有问必回
1026096425@qq.com
