1.介绍
Samba是一个开源文件共享服务,可以使linux与windows之间进行文件共享,可以根据不同人员调整共享设置以及权限管理。
2.安装
一个命令就OK了:yum install -y samba
[root@ansible01 ~]# yum install -y samba
已加载插件:langpacks, product-id, search-disabled-repos, subscription-manager
epel | 4.3 kB 00:00:00
rhel-7-server-rpms | 3.5 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:02
(2/2): epel/x86_64/primary_db | 8.7 MB 00:00:26
正在解决依赖关系
--> 正在检查事务
---> 软件包 samba.x86_64.0.4.10.16-25.el7_9 将被 安装
--> 正在处理依赖关系 libwbclient = 4.10.16-25.el7_9,它被软件包 samba-4.10.16-25.el7_9.x86_64 需要
--> 正在处理依赖关系 libwbclient = 4.10.16-25.el7_9,它被软件包 samba-4.10.16-25.el7_9.x86_64 需要
......
作为依赖被升级:libldb.x86_64 0:1.5.4-2.el7_9 libsmbclient.x86_64 0:4.10.16-25.el7_9 libwbclient.x86_64 0:4.10.16-25.el7_9 samba-client-libs.x86_64 0:4.10.16-25.el7_9 samba-common.noarch 0:4.10.16-25.el7_9 samba-common-libs.x86_64 0:4.10.16-25.el7_9 完毕!
[root@ansible01 ~]#
3.配置
我们的目的是创建3个用户:test1、test2、test3,三个共享文件夹:share1、share2、share3,权限为:
share1目录三个用户都可读可写
share2目录是三个用户都可读,但是仅test2可写
share3目录是仅test3可读可写
3.1 创建用户和目录
#1.创建3个用户test1,test2,test3,并禁止登录
[root@ansible01 ~]# for i in {test1,test2,test3};do useradd $i -s /sbin/nologin;done
#2.检查是否创建成功
[root@ansible01 ~]# cat /etc/passwd|grep test
test1:x:1001:1001::/home/test1:/sbin/nologin
test2:x:1002:1002::/home/test2:/sbin/nologin
test3:x:1003:1003::/home/test3:/sbin/nologin
#3.设置SMB用户认证密码
[root@ansible01 ~]# smbpasswd -a test1
New SMB password:
Retype new SMB password:
Added user test1.
[root@ansible01 ~]# smbpasswd -a test2
New SMB password:
Retype new SMB password:
Added user test2.
[root@ansible01 ~]# smbpasswd -a test3
New SMB password:
Retype new SMB password:
Added user test3.
#4.创建3个共享目录
[root@ansible01 ~]# mkdir /share{1..3}
#5.创建测试文件
[root@ansible01 ~]# touch /share1/file{11..19}
[root@ansible01 ~]# touch /share2/file{21..29}
[root@ansible01 ~]# touch /share3/file{31..39}
#6.设置共享文件权限
[root@ansible01 ~]# chmod o+w /share{1..3}
3.2 修改配置文件
[root@ansible01 ~]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.[global]workgroup = SAMBAsecurity = userpassdb backend = tdbsamprinting = cupsprintcap name = cupsload printers = yescups options = raw
[share1]
comment = this is share1
path = /share1
public = no
browseable = yes
writable = yes
[share2]
comment = this is share2
path = /share2
public = no
browseable = yes
writable = no
write list = test2
[share3]
comment = this is share3
path = /share3
public = no
browseable = yes
writable = no
write list = test3
valid users = test3
path:共享目录绝对路径
public:是否允许匿名访问,yes代表允许,no代表不允许
browseable:当前状态下的共享文件是否公开可见,为no时,A用户登录后无法看到file文件夹,为yes时用户登录可以看到文件夹
writable:登录用户能否读写,yes是可读写,no是仅读
write list:可写用户,一般是writable为no时添加
valid users:指定用户访问
3.3 服务启动
[root@ansible01 ~]# systemctl restart smb
[root@ansible01 ~]# systemctl status smb.service
● smb.service - Samba SMB DaemonLoaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)Active: active (running) since 三 2024-05-29 10:20:05 CST; 5s agoDocs: man:smbd(8)man:samba(7)man:smb.conf(5)Main PID: 16809 (smbd)Status: "smbd: ready to serve connections..."Tasks: 4CGroup: /system.slice/smb.service├─16809 /usr/sbin/smbd --foreground --no-process-group├─16811 /usr/sbin/smbd --foreground --no-process-group├─16812 /usr/sbin/smbd --foreground --no-process-group└─16813 /usr/sbin/smbd --foreground --no-process-group5月 29 10:20:05 ansible01 systemd[1]: Starting Samba SMB Daemon...
5月 29 10:20:05 ansible01 smbd[16809]: [2024/05/29 10:20:05.830974, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
5月 29 10:20:05 ansible01 smbd[16809]: daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
5月 29 10:20:05 ansible01 systemd[1]: Started Samba SMB Daemon.
4.测试
4.1 linux测试
#1.安装samba客户端
[root@k8s-master ~]# yum install samba-client cifs-utils -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile* base: mirrors.aliyun.com* extras: mirrors.aliyun.com* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
epel | 4.3 kB 00:00:00
extras | 2.9 kB 00:00:00
kubernetes | 1.4 kB 00:00:00
updates | 2.9 kB 00:00:00
Package samba-client-4.10.16-25.el7_9.x86_64 already installed and latest version
Package cifs-utils-6.2-10.el7.x86_64 already installed and latest version
Nothing to do
#2.查看服务器共享目录状态
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test1
Enter SAMBA\test1's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test2
Enter SAMBA\test2's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
[root@k8s-master ~]# smbclient -L \\11.0.1.18 -U test3
Enter SAMBA\test3's password: Sharename Type Comment--------- ---- -------share1 Disk this is share1share2 Disk this is share2share3 Disk this is share3IPC$ IPC IPC Service (Samba 4.10.16)
Reconnecting with SMB1 for workgroup listing.Server Comment--------- -------Workgroup Master--------- -------
我们分别挂载后在测试下:
mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share1" /mnt
#1.test1对share1目录的权限
[root@k8s-master ~]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share1" /mnt
[root@k8s-master ~]# cd /mnt/
[root@k8s-master mnt]# ls
file11 file12 file13 file14 file15 file16 file17 file18 file19
[root@k8s-master mnt]# ls -la
total 0
drwxr-xr-x 2 root root 0 May 29 10:06 .
dr-xr-xr-x. 18 root root 256 May 27 13:43 ..
-rwxr-xr-x 1 root root 0 May 29 10:06 file11
-rwxr-xr-x 1 root root 0 May 29 10:06 file12
-rwxr-xr-x 1 root root 0 May 29 10:06 file13
-rwxr-xr-x 1 root root 0 May 29 10:06 file14
-rwxr-xr-x 1 root root 0 May 29 10:06 file15
-rwxr-xr-x 1 root root 0 May 29 10:06 file16
-rwxr-xr-x 1 root root 0 May 29 10:06 file17
-rwxr-xr-x 1 root root 0 May 29 10:06 file18
-rwxr-xr-x 1 root root 0 May 29 10:06 file19
[root@k8s-master mnt]# echo "hello world" >file12
#2.test1对share2目录的权限
[root@k8s-master /]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share2" /mnt
[root@k8s-master /]# cd /mnt/
[root@k8s-master mnt]# ls
file21 file22 file23 file24 file25 file26 file27 file28 file29
[root@k8s-master mnt]# ls -la
total 0
drwxr-xr-x 2 root root 0 May 29 10:06 .
dr-xr-xr-x. 18 root root 256 May 27 13:43 ..
-rwxr-xr-x 1 root root 0 May 29 10:06 file21
-rwxr-xr-x 1 root root 0 May 29 10:06 file22
-rwxr-xr-x 1 root root 0 May 29 10:06 file23
-rwxr-xr-x 1 root root 0 May 29 10:06 file24
-rwxr-xr-x 1 root root 0 May 29 10:06 file25
-rwxr-xr-x 1 root root 0 May 29 10:06 file26
-rwxr-xr-x 1 root root 0 May 29 10:06 file27
-rwxr-xr-x 1 root root 0 May 29 10:06 file28
-rwxr-xr-x 1 root root 0 May 29 10:06 file29
[root@k8s-master mnt]# vim file21
[root@k8s-master mnt]# echo "hello world" >file21
-bash: file21: Permission denied
#3.test1对share3目录的权限
[root@k8s-master ~]# mount -t cifs -o username=test1,password=123456 "\\\11.0.1.18\share3" /mnt
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
我们只使用test1对share1、share2、share3进行了测试。
4.2 windows测试
我们直接在我的电脑中舒服\\11.0.1.18回车输入smb账号密码后即可
可以分别进去后看能否读写即可
注:
使用Windows客户端测试,每测试完一个用户需要在命令行中运行下面命令,删除缓存。
net use * /del
修改smb默认端口:
vim /etc/samba/smb.conf#在[global]下添加
smb ports = 555