SMB文件共享
Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是客户机/服务器型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。通过设置”NetBIOS over TCP/IP”使得Samba不但能与局域网络主机分享资源,还能与全世界的电脑分享资源。
CIFS协议
1.什么是CIFS协议
CIFS 使用客户/服务器模式。客户程序请求远在服务器上的服务器程序为它提供服务,服务器获得请求并返回响应。CIFS是公共的或开放的SMB协议版本,像SMB协议一样,CIFS在高层运行,而不像TCP/IP协议那样运行在底层。CIFS可以看做是应用程序协议如文件传输协议和超文本传输协议的一个实现。
2.CIFS的功能
1.访问服务器本地文件并读写这些文件
2.与其它用户一起共享一些文件块
实验前提:重置两个虚拟机,配置yum源,
主机名:
1.client.example(客户端)
2.server.example(服务端)
一、安装smb服务并访问
服务器端:
[root@server ~]# yum search samba #查找smb文件共享服务所需软件
Loaded plugins: langpacks
============================== N/S matched: samba ==============================
samba-client.x86_64 : Samba client programs
samba-common.x86_64 : Files used by both Samba servers and clients
samba-libs.i686 : Samba libraries
samba-libs.x86_64 : Samba libraries
samba-python.x86_64 : Samba Python libraries
samba-winbind.x86_64 : Samba winbind
samba-winbind-modules.i686 : Samba winbind modules
samba-winbind-modules.x86_64 : Samba winbind modules
samba.x86_64 : Server and Client software to interoperate with Windows machines
Name and summary matches only, use "search all" for everything.
[root@server ~]# yum install samba-client.x86_64 samba-common.x86_64 samba.x86_64 -y
Loaded plugins: langpacks
Usage: yum [options] COMMAND
List of Commands:
check Check for problems in the rpmdb
check-update Check for available package updates
[root@server ~]# systemctl start smb
[root@server ~]# systemctl enable smb
Ln-s'/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl disable firewalld
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@server ~]# netstat -antlupe | grep smb
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 68632 3222/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 68633 3222/smbd
tcp6 0 0 :::445 :::* LISTEN 0 68630 3222/smbd
tcp6 0 0 :::139 :::* LISTEN 0 68631 3222/smbd
客户端访问:
[root@client ~]# yum install samba-client.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
[root@client ~]# smbclient -L //172.25.254.126
Enter root's password: #无密码
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------片
二、添加本地用户进行访问
服务器端添加用户(只能添加本地真实存在的用户):
[root@server ~]# id student #查看是否有student用户。
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@server ~]# smbpasswd -a student #添加student到smb服务
New SMB password:
Retype new SMB password:
Added user student.
[root@server ~]# id westos #无westos用户
id: westos: no such user
[root@server ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Failed to add entry for user westos. #添加不成功
[root@server ~]# useradd westos #创建westos用户
[root@server ~]# smbpasswd -a westos
New SMB password:
Retype new SMB password:
Added user westos. #此时添加成功
[root@server ~]# pdbedit -L #查看smb服务允许用户
student:1000:Student User
westos:1001:
[root@server ~]# pdbedit -x student #删除student用户
[root@server ~]# pdbedit -L
westos:1001: #student用户被删除
[root@server ~]# smbpasswd -a student #重新添加student用户
New SMB password:
Retype new SMB password:
Added user student.
[root@server ~]# pdbedit -L
student:1000:Student User
westos:1001:
客户端访问:
[root@client ~]# smbclient //172.25.254.126/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \* selinux禁止
smb: \> quit
客户端配置selinux:
[root@server ~]# getsebool -a | grep smb
smbd_anon_write --> off
[root@server ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@server ~]# setsebool -P samba_enable_home_dirs on
[root@server ~]#
客户端访问:
[root@client ~]# smbclient //172.25.254.226/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Fri Jun 1 21:49:35 2018
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28595 blocks available
smb: \> quit
三、共享文件的查看及客户端上传
客户端:
[root@client ~]# smbclient //172.25.254.226/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls #查看的是当前目录内容
anaconda-ks.cfg Documents Music Public Videos
Desktop Downloads Pictures Templates
smb: \> quit
[root@client ~]# cd /etc/ #进入/etc下
[root@client etc]# smbclient //172.25.254.226/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> !ls #显示的为/etc下文件
abrt hostname profile.d
adjtime hosts protocols
aliases hosts.allow pulse
aliases.db hosts.deny purple
alsa hp qemu-ga
alternatives idmapd.conf qemu-kvm
anacrontab init.d radvd.conf
asound.conf inittab rc0.d
favicon.png NetworkManager sudo-ldap.conf
fcoe networks sysconfig
festival nfsmount.conf sysctl.conf
filesystems nsswitch.conf sysctl.d
firewalld nsswitch.conf.bak systemd
fonts ntp system-release
fprintd.conf numad.conf system-release-cpe
fstab oddjob terminfo
fuse.conf oddjobd.conf tmpfiles.d
gconf oddjobd.conf.d trusted-key.key
gcrypt openldap tuned
gdbinit opt udev
gdbinit.d os-release udisks2
gdm ovirt-guest-agent.conf unbound
ghostscript PackageKit updatedb.conf
gnome-settings-daemon pam.d UPower
gnome-vfs-2.0 passwd usb_modeswitch.conf
gnupg passwd- usb_modeswitch.d
GREP_COLORS pbm2ppa.conf vconsole.conf
groff pinforc vimrc
smb: \> put passwd #上传,只可上传当前目录存在的文件
putting file passwd as \passwd (14.5 kb/s) (average 14.5 kb/s)
Student用户家目录:
[root@server student]# ls
Passwd
客户端:
[root@client etc]# cd /bin/
[root@client bin]# smbclient //172.25.254.226/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> put ls
putting file ls as \ls (38285.2 kb/s) (average 38286.5 kb/s)
Student用户家目录:
[root@server student]# ls
ls passwd
四、共享文件的挂载
临时挂载:
客户端:
[root@client bin]# smbclient -L//172.25.254.226/student -U student
Enter student's password:
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
student Disk Home Directories #硬盘可挂载使用
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@client bin]# mount //172.25.254.126/student/ /mnt/ -o username=student,password=123
[root@client bin]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3182068 7291832 31% /
devtmpfs 469332 0 469332 0% /dev
tmpfs 484920 140 484780 1% /dev/shm
tmpfs 484920 12800 472120 3% /run
tmpfs 484920 0 484920 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.126/student/ 10473900 3157292 7316608 31% /mnt
[root@client bin]# cd /mnt
[root@client mnt]# ls
ls passwd
[root@client mnt]# touch file
Student用户家目录:
[root@server student]# ls
file ls passwd
客户端:
[root@client mnt]# rm -fr passwd
Student用户家目录:
[root@server student]# ls
file ls
永久挂载
方法一:
[root@client mnt]# cd #退出设备
[root@client ~]# umount /mnt
[root@client ~]# vim /etc/fstab
[root@client ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
/dev/vg0/vo /home ext4 defaults 0 0
//172.25.254.126/student /mnt cifs defaults,username=student,password=123 0 0
[root@client ~]# mount -a
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3182088 7291812 31% /
devtmpfs 469332 0 469332 0% /dev
tmpfs 484920 140 484780 1% /dev/shm
tmpfs 484920 12800 472120 3% /run
tmpfs 484920 0 484920 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.126/student 10473900 3157288 7316612 31% /mnt
方法二:
[root@client ~]# vim /etc/fstab
[root@client ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Wed May 7 01:22:57 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 / xfs defaults 1 1
/dev/vg0/vo /home ext4 defaults 0 0
#//172.25.254.126/student /mnt cifs defaults,username=student,password=123 0 0 #注释掉
[root@client ~]# umount /mnt
[root@client ~]# vim /etc/rc.d/rc.local
# Source our master variables
. /etc/rht
mount //172.25.254.126/student/ /mnt/ -o username=student,password=123
#添加内容
[root@client ~]# chmod +x /etc/rc.d/rc.local
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3182068 7291832 31% /
devtmpfs 469332 0 469332 0% /dev
tmpfs 484920 140 484780 1% /dev/shm
tmpfs 484920 12800 472120 3% /run
tmpfs 484920 0 484920 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
[root@client ~]# reboot
Connection to 172.25.254.126 closed by remote host.
Connection to 172.25.254.126 closed.
[kiosk@foundation26 ~]$ ssh root@172.25.254.126
root@172.25.254.126's password:
Last login: Fri Jun 1 21:20:58 2018 from 172.25.254.26
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3181136 7292764 31% /
devtmpfs 469332 0 469332 0% /dev
tmpfs 484920 80 484840 1% /dev/shm
tmpfs 484920 12752 472168 3% /run
tmpfs 484920 0 484920 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.226/student/ 10473900 3157288 7316612 31% /mnt
[root@client ~]#
五、修改用户域名
服务器端:
[root@client ~]# smbclient -L //172.25.254.226
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1] #默认域名
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@server ~]# rpm -qc samba-common #查看配置文件
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf
/etc/sysconfig/samba
[root@server ~]# vim /etc/samba/smb.conf
89 workgroup = yifan #将域名改为yifan
90 server string = Samba Server Version %v
[root@server ~]# systemctl restart smb #重启服务
客户端:
[root@client ~]# smbclient -L //172.25.254.226
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1] #修改成功
Server Comment
--------- -------
Workgroup Master
--------- -------
六、用户黑白名单
#白名单:
服务端:
[root@server ~]# vim /etc/samba/smb.conf
92 ; netbios name = MYSERVER
93
94 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
95 ; hosts allow = 127. 192.168.12. 192.168.13.
96
97 ; max protocol = SMB2
98 hosts allow =172.25.254.226 #用户白名单
[root@server ~]# systemctl restart smb
客户端ip(172.25.254.126):
[root@client ~]# smbclient -L //172.25.254.126
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------
客户端ip(172.25.254.26):
[kiosk@foundation26 ~]$ smbclient -L //172.25.254.126
Enter kiosk's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
#黑名单:
服务端:
[root@server ~]# vim /etc/samba/smb.conf
92 ; netbios name = MYSERVER
93
94 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
95 ; hosts allow = 127. 192.168.12. 192.168.13.
96
97 ; max protocol = SMB2
98 hosts deny =172.25.254.226 #用户黑名单
[root@server ~]# systemctl restart smb
客户端ip(172.25.254.126):
[root@client ~]$ smbclient -L //172.25.254.226
Enter kiosk's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
客户端ip(172.25.254.26):
[kiosk@foundation26 ~]# smbclient -L //172.25.254.226
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
七、服务器建立共享目录及设定其属性
服务器建立共享目录
[root@sever ~]# mkdir /westos #建立目录
[root@sever ~]# vim /etc/samba/smb.conf
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#提示修改安全上下文
[root@sever ~]# chcon -t samba_share_t /westos #修改安全安全上下文
或者
[root@sever ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'
[root@sever ~]# restorecon -RvvF /westos/ #刷新
restorecon reset /westos context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:default_t:s0
[root@sever ~]# chmod 777 /westos/ #给满权限,以被所有用户都可读写
[DIR] | 共享目录名称,可自己设定 |
comment=westos dir | 显示指定的共享目录 |
path=/westos | 所要共享的目录 |
browseable=no/yes | 是否显示目录 |
writable=no/yes | 所有用户对目录是否可写 |
write list = +/@staff | 对staff组可写 |
write list = staff | 对staff用户可写 |
admin users =staff | 此目录的超级用户 |
(1)browseable=no|yes是否显示目录,该修改不用重启服务
[root@server westos]# vim /etc/samba/smb.conf
321 [DIR]
322 comment=westos dir
323 path=/westos
324 browseable=no
327 [mnt]
328 comment=/mnt dir
329 path=/mnt
[root@client ~]# smbclient -L //172.25.254.126/DIR
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
mnt Disk /mnt dir
#此时仅显示/mnt目录,/DIR目录被隐藏。
[root@server westos]# vim /etc/samba/smb.conf
321 [DIR]
322 comment=westos dir
323 path=/westos
324 browseable=yes
327 [mnt]
328 comment=/mnt dir
329 path=/mnt
[root@client mnt]# smbclient -L //172.25.254.126/DIR
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
DIR Disk westos dir
mnt Disk /mnt dir
#此时仅显示/mnt目录、/DIR目录。
此时不显示DIR
此时显示
(2)writable = yes|no ##允许所有用户写
[root@sever ~]# vim /etc/samba/smb.conf
[DIR]
comment=westos dir
path=/westos
browseable=no
writable=yes
[root@client etc]# smbclient //172.25.254.126/DIR -U student
Enter student's password:
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
smb: \> put passwd
putting file passwd as \passwd (703.1 kb/s) (average 703.1 kb/s)
smb: \> ls
. D 0 Wed Jun 6 17:36:23 2018
.. D 0 Wed Jun 6 17:33:36 2018
passwd A 2160 Wed Jun 6 17:36:23 2018
40913 blocks of size 262144. 26839 blocks available
smb: \> rm passwd
smb: \> ls
. D 0 Wed Jun 6 17:36:39 2018
.. D 0 Wed Jun 6 17:33:36 2018
40913 blocks of size 262144. 26839 blocks available
[root@sever ~]# vim /etc/samba/smb.conf
[DIR]
comment=westos dir
path=/westos
browseable=no
writable=no
[root@client etc]# smbclient //172.25.254.126/DIR -U student
Enter student's password:
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Wed Jun 6 17:36:39 2018
.. D 0 Wed Jun 6 17:33:36 2018
40913 blocks of size 262144. 26839 blocks available
smb: \> put passwd
NT_STATUS_ACCESS_DENIED opening remote file \passwd
smb: \> quit
可上传
不可上传
(3)write list = student #对student用户可写,注意此writable = yes一定要注释掉。
[root@server ~]# vim /etc/samba/smb.conf
325 # writable = yes
326 write list = student
[root@server ~]# systemctl restart smb
[root@client ~]# mount //172.25.254.126/DIR /mnt -o username=westos,password=123
[root@client ~]# cd /mnt/
[root@client mnt]# touch 789
touch: cannot touch ‘789’: Permission denied
[root@client mnt]# cd
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.126/DIR /mnt -o username=student,password=123
[root@client ~]# cd /mnt/
[root@client mnt]# touch 256
[root@client mnt]# cd
[root@client ~]# umount /mnt/
(4)write list = @/+student 对student组用户可写
[root@server ~]# vim /etc/samba/smb.conf
325 # writable = yes
326 write list = @student
[root@server ~]# systemctl restart smb
[root@sever ~]# id student
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@sever ~]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server ~]# systemctl restart smb
[root@client ~]# mount //172.25.254.126/DIR /mnt -o username=westos,password=123
[root@client ~]# cd /mnt/
[root@client mnt]# touch 789
touch: cannot touch ‘789’: Permission denied
[root@sever ~]# usermod -G student westos
[root@client ~]# mount //172.25.254.126/DIR /mnt -o username=westos,password=123
[root@client ~]# cd /mnt/
[root@client mnt]# touch word
八、匿名用户允许访问
[root@client ~]# smbclient //172.25.254.126/DIR
Enter root's password:
Anonymous login successful
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED #访问被拒绝。
[root@server ~]# vim /etc/samba/smb.conf
321 [DIR]
322 comment=westos dir
323 path=/westos
324 browseable=no
325 ; writable=yes
326 write list =+student
327 guest ok = yes 允许guest用户访问
123 security = user
124 passdb backend = tdbsam
125 map to guest = bad user 将匿名用户映射为guest用户
[root@sever ~]# systemctl restart smb.service
[root@client ~]# smbclient //172.25.254.126/DIR
Enter root's password:
Domain=[YIFAN] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Wed Jun 6 18:07:35 2018
.. D 0 Wed Jun 6 17:33:36 2018
file N 0 Wed Jun 6 17:55:23 2018
hello N 0 Wed Jun 6 17:56:12 2018
123 N 0 Wed Jun 6 17:56:55 2018
456 N 0 Wed Jun 6 17:57:26 2018
256 N 0 Wed Jun 6 17:58:49 2018
word N 0 Wed Jun 6 18:07:35 2018
40913 blocks of size 262144. 26839 blocks available
smb: \> quit访问被拒
修改配置文件
访问成功
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
