samba的企业应用案例

Samba 企业应用案例需求:
1. 所有员工都能够在公司内流动办公,但不管在哪电脑上工作,都要把自己文件存在 Samba 文件服器上.
2. 各部门办公人员拥有各自的主目录,用于存放私有文档(工作相关),其他人禁止访问.
3. 所有的用户都不允许使用服务器的 SHELL(安全考虑).
4. 制造部、财务部、管理部,都有各自的文件目录.
5. 各部门目录下提供“对外”、“公共文档”、“受控文档”三个子目录.
对外: <1>允许公司所有工作人员访问,但不能修改文件.
<2>本部门文员负责维护数据
公共文档:<1>本部门员工可以访问,领导层可以访问,但不能修改.
<2> 本部门文员负责维护数据
受控文档:<1>本部门主管、公司领导可以访问、其他员工禁止.
<2>本部门主管负责维护数据
注:财务部受控文档只允许总经理、财务部总监、主管访问;管理部受控文档只允许总经理、主管访问
6. 公共区域:<1>所有员工均可访问
<2>网络部负责维护
7. 交换区域:<1>所有员工均可读可写,禁止删除其它员工文件.
2>网络部负责维护
创建相关的目录:

mdkir /home/samba/zhizao caiwu guanli public swapmkdir /home/samba/zhizao/guest public privatemkdir /home/samba/caiwu/guest public privatemkdir /home/samba/guanli/guest public private

创建相关的用户和组:

groupadd zhizao caiwu guanli lingdao networkuseradd ­s /bin/false wy zg zj jlusermod ­G zhizao,caiwu,guanli wyusermod ­G zhizao,caiwu,guanli zgusermod ­G caiwu zjusermod ­G lingdao jl

设置文件系统权限:

chmod 1777 /home/samba/swapchmod 755 /home/samba/zhizao caiwu guanlichmod 775 /home/samba/publicchgrp network /home/samba/publicchmod 755 /home/samba/zhizao/guestchown wy.zhizao /home/samba/zhizao/guestchmod 750 /home/samba/zhizao/public privatechown zg.lingdao /home/samba/zhizao/privatesetfacl ­m g:lingdao:rx /home/samba/zhizao/publicchmod 755 /home/samba/caiwu/guestchown wy.caiwu /home/samba/caiwu/guest/guestchmod 750 /home/samba/caiwu/publicchown wy.caiwu /home/samba/caiwu/publicsetfacl ­m g:lingdao:rx /home/samba/caiwu/publicchmod 700 /home/samba/caiwu/privatechown zg /home/samba/caiwu/privatesetfacl ­m u:zj:rx /home/samba/caiwu/privatesetfacl ­m u:jl:rx /home/samba/caiwu/privatechmod 755 /home/samba/guanli/guestchown wy.guanli /home/samba/guanli/guestchmod 750 /home/samba/guanli/publicchown wy.guanli /home/samba/guanli/publicsetfacl ­m g:lingdao:rx /home/samba/guanli/publicchmod 700 /home/samba/guanli/privatechown zg /home/samba/guanli/privatesetfacl ­m u:jl:rx /home/samba/guanli/private

配置 samba 服务:

[homes]   comment = Home Directories   browseable = no   writable = yes[制造部]path = /home/samba/zhizaowritable = yesbrowseable = yes[对外]path = /home/samba/zhizao/guestadmin users = wybrowseable = no[公共文档]path = /home/samba/zhizao/publicvalid users = @zhizao @lingdaoadmin users = wybrowseable = no[受控文档]path = /home/samba/zhizao/privatevalid users = zg @lingdaoadmin users = zgbrowseable = no[财务部]path = /home/samba/caiwuwritable = yesbrowseable = yes[对外]path = /home/samba/caiwu/guestadmin users = wybrowseable = no[公共文档]path = /home/samba/caiwu/publicvalid users = @caiwu @lingdaoadmin users = wybrowseable = no[受控文档]path = /home/samba/caiwu/privatevalid users = zg zj jladmin users = zgbrowseable = no[管理部]path = /home/samba/guanliwritable = yesbrowseable = yes[对外]path = /home/samba/guanli/guestadmin users = wybrowseable = no[公共文档]path = /home/samba/guanli/publicvalid users = @guanli @lingdaoadmin users = wybrowseable = no[受控文档]path = /home/samba/guanli/privatevalid users = zg jladmin users = zgbrowseable = no[公共区域]path = /home/samba/publicpublic = yesadmin users = @network[交换区域]path = /home/samba/swapwriteable = yespublic = yesadmin users = @network