使用Samba文件共用服務 Samba起源: 早期網路想要在不同主機之間共用文件大多要用FTP協議來傳輸,但FTP協議僅能做到傳輸文件卻不能直接修改對方主機的資料數據,這樣確實不太方便,於是便出現了NFS開源文件共用程式:NFS(NetworkFile System)是一個能夠將多台Linux的遠程 ...
使用Samba文件共用服務
Samba起源:
早期網路想要在不同主機之間共用文件大多要用FTP協議來傳輸,但FTP協議僅能做到傳輸文件卻不能直接修改對方主機的資料數據,這樣確實不太方便,於是便出現了NFS開源文件共用程式:NFS(NetworkFile System)是一個能夠將多台Linux的遠程主機數據掛載到本地目錄的服務,屬於輕量級的文件共用服務,不支持Linux與 Windows系統間的文件共用。
隨後在1991年時大學生Tridgwell為瞭解決Linux與Windows系統之間共用文件的問題,便開發出了SMB協議與Samba服務程式。
SMB(Server Messages Block)協議:實現區域網內文件或印表機等資源共用服務的協議。當時Tridgwell想要註冊SMBServer這個商標,但卻被因為SMB是沒有意義的字元被拒絕了,經過Tridgwell不斷翻看詞典,終於找到了一個拉丁舞蹈的名字——SAMBA,而這個熱情舞蹈的名字中又恰好包含了SMB(SAMBA),於是這便是Samba程式名字的由來。
Samba服務程式是一款基於SMB協議並由服務端和客戶端組成的開源文件共用軟體,實現了Linux與Windows系統間的文件共用
1 samba安裝
[root@qdlinux ~]# yum install samba cifs-utils -y2 啟動服務加入開機自啟動
[root@qdlinux ~]# systemctl start smb
[root@qdlinux ~]# systemctl enable smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
[root@qdlinux ~]# ss -lntup | grep smb
tcp LISTEN 0 50 *:139 *:* users:(("smbd",pid=1095,fd=38))
tcp LISTEN 0 50 *:445 *:* users:(("smbd",pid=1095,fd=37))
tcp LISTEN 0 50 :::139 :::* users:(("smbd",pid=1095,fd=36))
tcp LISTEN 0 50 :::445 :::* users:(("smbd",pid=1095,fd=35))
3 配置samba
[root@qdlinux ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@qdlinux ~]# cat /etc/samba/smb.conf.bak | grep -v "#" | grep -v ";" | grep -v "^$" > /etc/samba/smb.conf
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
4 修改配置文件如下
[root@qdlinux ~]# vim /etc/samba/smb.conf
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[share]
comment = This is share /data/samba/share
path = /data/samba/share
public = no
writable = yes
5 添加一個用戶用於訪問共用資源
[root@qdlinux ~]# useradd samba_user
[root@qdlinux ~]# usermod -s /sbin/nologin samba_user
[root@qdlinux ~]# pdbedit -L
[root@qdlinux ~]# pdbedit -a -u samba_user
new password:
retype new password:
Unix username: samba_user
NT username:
Account Flags: [U ]
User SID: S-1-5-21-351179206-2754336130-384069223-1000
Primary Group SID: S-1-5-21-351179206-2754336130-384069223-513
Full Name:
Home Directory: \\qdlinux\samba_user
HomeDir Drive:
Logon Script:
Profile Path: \\qdlinux\samba_user\profile
Domain: QDLINUX
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 14 Aug 2018 19:37:44 CST
Password can change: Tue, 14 Aug 2018 19:37:44 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@qdlinux ~]# chown -Rf samba_user.samba_user /data/samba/share/
6 重啟服務測試
[root@qdlinux ~]# systemctl restart smb
7 發現windows不能訪問所共用的內容,解決方法如下
[root@qdlinux ~]# iptables -F
[root@qdlinux ~]# firewall-cmd --permanent --add-service=samba
success
[root@qdlinux ~]# firewall-cmd --reload
success
[root@qdlinux ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@qdlinux ~]# setsebool -P samba_enable_home_dirs on
[root@qdlinux ~]# setsebool -P samba_export_all_rw on
匿名訪問成功
