学习笔记之samba服务器架设

来源：互联网发布：在线播放app源码编辑：程序博客网时间：2024/05/16 18:13

Samba
    特点：支持跨平台的文件共享
          增加了一些访问控制，权限

samba-client.i386
samba-common.i386
samba.i386

    配置目录： /etc/samba
    配置文件： smb.conf

[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        # logs split per machine
        # max 50KB per log file, then rotate
        security = user <-- share,server,ads,domain
        passdb backend = tdbsam
        # the login script name depends on the machine name
        # the login script name depends on the unix user used
        # disables profiles support by specifing an empty path
        load printers = yes
        cups options = raw
        #obtain list of printers automatically on SystemV
[homes]
        comment = Home Directories
        browseable = no <--匿名扫描或者别的帐号扫描是不能看到该资源
        writable = yes <--可写
[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

一、安装

[root@www ~]# yum install samba* -y
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package samba-client.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba-common.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba-swat.i386 0:3.0.33-3.14.el5 set to be updated
---> Package samba.i386 0:3.0.33-3.14.el5 set to be updated
--> Processing Dependency: perl(Convert::ASN1) for package: samba
--> Running transaction check
---> Package perl-Convert-ASN1.noarch 0:0.20-1.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package               Arch       Version              Repository          Size
================================================================================
Installing:
samba                 i386       3.0.33-3.14.el5      rhel-debuginfo      16 M
samba-swat            i386       3.0.33-3.14.el5      rhel-debuginfo     8.2 M
Updating:
samba-client          i386       3.0.33-3.14.el5      rhel-debuginfo     5.7 M
samba-common          i386       3.0.33-3.14.el5      rhel-debuginfo     8.7 M
Installing for dependencies:
perl-Convert-ASN1     noarch     0.20-1.1             rhel-debuginfo      41 k

Transaction Summary
================================================================================
Install      3 Package(s)
Update       2 Package(s)
Remove       0 Package(s)

Total download size: 39 M
Downloading Packages:
(1/5): perl-Convert-ASN1-0.20-1.1.noarch.rpm             | 41 kB     00:00
(2/5): samba-client-3.0.33-3.14.el5.i386.rpm             | 5.7 MB     00:01
(3/5): samba-swat-3.0.33-3.14.el5.i386.rpm               | 8.2 MB     00:01
(4/5): samba-common-3.0.33-3.14.el5.i386.rpm             | 8.7 MB     00:02
(5/5): samba-3.0.33-3.14.el5.i386.rpm                    | 16 MB     00:03
--------------------------------------------------------------------------------
Total                                           3.8 MB/s | 39 MB     00:10
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating       : samba-common                                      [1/7]
Updating       : samba-client                                      [2/7]
Installing     : perl-Convert-ASN1                                 [3/7]
Installing     : samba                                             [4/7]
Installing     : samba-swat                                        [5/7]
Cleanup        : samba-client                                      [6/7]
Cleanup        : samba-common                                      [7/7]

Installed: samba.i386 0:3.0.33-3.14.el5 samba-swat.i386 0:3.0.33-3.14.el5
Dependency Installed: perl-Convert-ASN1.noarch 0:0.20-1.1
Updated: samba-client.i386 0:3.0.33-3.14.el5 samba-common.i386 0:3.0.33-3.14.el5
Complete!
You have new mail in /var/spool/mail/root

二、配置共享文件

Samba服务器使用的帐号的是系统必须存在的帐号，但帐号的密码是samba独立

[root@www ~]# useradd wych
You have new mail in /var/spool/mail/root
[root@www ~]# passwd wych
Changing password for user wych.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@www ~]# servce smb restart
-bash: servce: command not found
[root@www ~]# service smb restart
Shutting down SMB services:                                [FAILED]
Shutting down NMB services:                                [FAILED]
Starting SMB services:                                     [ OK ]
Starting NMB services:                                     [ OK ]
[root@www ~]# service smb restart
[root@www ~]# useradd wych
You have new mail in /var/spool/mail/root
[root@www ~]# passwd wych
Changing password for user wych.
New UNIX password:
BAD PASSWORD: it is WAY too short
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@www ~]# smbpasswd wych
New SMB password:
Retype new SMB password:
Failed to find entry for user wych.
Failed to modify password entry for user wych
You have new mail in /var/spool/mail/root

例子1：

Samba服务器使用的帐号的是系统必须存在的帐号，但帐号的密码是samba独立
[root@squid conf]# smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.
[root@squid conf]# smbpasswd -a bean
New SMB password:
Retype new SMB password:
Added user bean.

Service smb restart

匿名扫描
smbclient -L //10.1.1.21
使用某个帐号列出资源
# smbclient -L //10.1.1.21 -U tom
访问资源
smbclient //10.1.1.21/bean -U bean

例子2:增加自定义共享

[uplooking]
        comment = Just for test
        path = /www
        browseable = yes
        guest ok = no
        writable = no

# smbclient //10.1.1.21/uplooking
Password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.33-3.7.el5]
tree connect failed: NT_STATUS_ACCESS_DENIED

# smbclient //10.1.1.21/uplooking -U tom

在user模式下，把资源让匿名可以访问，资源可写
        public = yes 《－－ guest ok =yes
        read only = no <--- writeable = yes

在windows下访问的格式
//10.1.1.21/uplooking
关闭已经建立好的资源访问
net use * /del /y
在user模式下，就算是访问匿名资源也必须提供帐号，所以说，不能访问

更改成share模式之后：
security = share

例子3：关于可写资源文件的权限问题

使用两个独立帐号分别上传文件，发现可以相互删除，原因：只要拥有者对文件有写的权限，其他帐号就可以对它进行删除。

怎么去解决？让别人不能随便删除其他的文件。

对资源目录设定stick bit
chmod o+t /www

第2种办法：
    让文件上传之后，自动去掉拥有者写权限
        create mask = 0444 <--对于这样的权限，拥有者也不能删除自己的文件
        directory mask = 0755

例子4: 访问控制，必须把级别改成user

控制资源参数
    write list = tom <--如果存在read only = no 那么write list失效
    valid users = tom,bean <--- invalid users =

控制访问来源

        hosts deny = 10.1.1.
        hosts allow = 10.1.1.20 《－－只允许10.1.1.20访问，别的都拒绝
总结：当deny和allow重叠的时候，allow说了算。

    实现拒绝所有人访问，但是10.1.1.0/24可以访问,但是10.1.1.20不允访问
    hosts deny = all
    hosts allow = 10.1.1. EXCEPT 10.1.1.20

    如果使用域名来实现，那么必须DNS支持正向和方向解析
    hosts allow = .upl.com

例子5：在user模式下，实现tom可以上传下载，bean只能下载，其他用户不能登录，拒绝匿名访问。

    valid users = tom,bean
    guest ok = no
    write list = tom
    read list = bean <---可选