文件共享服务---Samba
发表于:2024-09-22 作者:千家信息网编辑
千家信息网最后更新 2024年09月22日,文件共享服务---Samba=============================================================================Samba介绍★s
千家信息网最后更新 2024年09月22日文件共享服务---Samba
文件共享服务---Samba
=============================================================================
Samba介绍
★smb:Service Message Block;服务信息块
★cifs:Common Internet File System,
★samba:作者:Andrew Tridgell;
实事上是smb功能的实现,核心当中所实现的主要协议是cifs协议
★功能:
文件系统共享;
NetBIOS协议(进行Windows网络上的主机名解析);
打印服务;
Samba安装配置
1)程序环境
★samba安装
# yum install samba -y
★主配置文件
/etc/samba/smb.conf
★主程序:
/usr/sbin/nmbd:
Network Naming Service,主要是完成NetBIOS名称解析;
/usr/sbin/smbd:
SMB/CIFS Service;核心主程序,完成SMB/CIFS服务
★Unit File
/usr/lib/systemd/system/nmb.service
/usr/lib/systemd/system/smb.service
★监听的端口:
UDP:137/udp, 138/udp
TCP:139/tcp, 445/tcp
★客户端程序:
mount -t cifs = mount.cifs
smbclient:交互式命令行客户端工具;
2)samba的配置
/etc/samba/smb.conf
★主配置文件:/etc/samba/smb.conf
[root@centos7 ~]# cd /etc/samba[root@centos7 samba]# lslmhosts smb.conf[root@centos7 samba]# cp smb.conf{,.bak} # 首先备份[root@centos7 samba]# lslmhosts smb.conf smb.conf.bak[root@centos7 samba]# grep -i -E "^#[[:space:]]*(=|-)+" smb.conf # 过滤出配置段#---------------#-------------- # 全局配置段#======================= Global Settings =====================================# ----------------------- Network-Related Options -------------------------# --------------------------- Logging Options -----------------------------# ----------------------- Standalone Server Options ------------------------# ----------------------- Domain Members Options ------------------------# ----------------------- Domain Controller Options ------------------------# ----------------------- Browser Control Options ----------------------------#----------------------------- Name Resolution -------------------------------# --------------------------- Printing Options -----------------------------# --------------------------- File System Options ---------------------------#============================ Share Definitions ============================== # 用户自定义的共享配置段★两类配置段:
◎全局配置
[global]
workgroup = MYGROUP 工作组模型 用来定义工作组
server string = Samba Server Version %v 定义提示信息
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 指明要监听的地址或网络接口;
hosts allow = 127. 192.168.12. 192.168.13. 访问控制,相当于白名单
log file = /var/log/samba/log.%m 每个客户端将使用自己专用的日志文件;
max log size = 50 指明日志文件大小,默认为KB
security = user 定义安全级别,user提供账号和密码
share (depricated) 匿名共享
server (depricated) 实现集中式身份认证
domain
passdb backend = tdbsam 账号密码的存储格式
load printers = yes samba 服务启动时是否装载打印机驱动
cups options = raw 通用的打印机的服务方式
◎共享文件系统:
[shared_ID]
有三类:
[homes]:每个samba用户是否能够通过samba服务访问其家目录;
[printers]:打印服务;
[shared_FS]:用户自定义的共享目录;
常用指令:
comment:注释信息;
path:本地文件系统路径;
browseable:是否可浏览,是否为用户可见;
guest ok:是否允许来宾账号(匿名用户)访问;
public:是否公开给所有来宾;
writable:是否可写;
writable=YES和read only = no是一样的
write list:拥有写权限的用户或组列表;
用户名
@组名 = +组名
2)samba用户管理
★命令:
smbpasswd, pdbedit
1)smbpasswd
语法:
smbpasswd [OPTIONS] USERNAME(系统用户)
选项:
-a:添加;
-x:删除;
-d:禁用;
-e:启用
2)pdbedit:
-L:列出samba服务中的所有用户;
-a:添加用户为samba用户;
-u USERNAME:
-x:删除
-t:从标准输出接收密码;
★访问服务:
☉smbclient交互式客户端程序:
查看目标服务上的共享
smbclient -L SMB_SERVER [-U USERNAME]
访问共享服务
smbclient //SMB_SERVER[/SHARE_NAME] [-U USERNAME]
☉mount.cifs
mount -t cifs //SMB_SERVER/SHARED_ID /MOUNT_POINT -o username=USER,password=PASS(指明用户身份和密码)
注意:
挂载操作中的用户,与-o选项中指定的用户直接产生映射关系;访问挂载,是以-o选项指定的用户身份运行,与本地用户以ID产生映射;
★自定义共享的方式:
[shared_ID]
comment =
path =
guest ok =
read only =
public =
browseable =
write list =
☉注意:
定义所有用户在服务级的写权限write = yes (read only = no)不建议与write list同时使用;
命令演示:
1.添加用户
[root@centos7 ~]# pdbedit -a -u tao # 添加用户new password:retype new password:Unix username: taoNT username: Account Flags: [U ]User SID: S-1-5-21-1194301372-4224252613-970535052-1000Primary Group SID: S-1-5-21-1194301372-4224252613-970535052-513Full Name: Home Directory: \\centos7\taoHomeDir Drive: Logon Script: Profile Path: \\centos7\tao\profileDomain: CENTOS7Account desc: Workstations: Munged dial: Logon time: 0Logoff time: Wed, 06 Feb 2036 23:06:39 CSTKickoff time: Wed, 06 Feb 2036 23:06:39 CSTPassword last set: Tue, 18 Oct 2016 23:24:50 CSTPassword can change: Tue, 18 Oct 2016 23:24:50 CSTPassword must change: neverLast bad password : 0Bad password count : 0Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF[root@centos7 ~]# pdbedit -L # 列出samba用户tao:1000:[root@centos7 ~]# pdbedit -a -u xiu # 再添加一个用户xiu[root@centos7 ~]# pdbedit -L tao:1000:xiu:1001:
启动samba服务,并查看端口号
[root@centos7 ~]# systemctl start nmb.service smb.service[root@centos7 ~]# ss -unl # 查看udp端口 137,138State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:68 *:* UNCONN 0 0 192.168.1.255:137 *:* UNCONN 0 0 192.168.1.15:137 *:* UNCONN 0 0 *:137 *:* UNCONN 0 0 192.168.1.255:138 *:* UNCONN 0 0 192.168.1.15:138 *:* UNCONN 0 0 *:138 *:* UNCONN 0 0 127.0.0.1:323 *:* UNCONN 0 0 *:34320 *:* UNCONN 0 0 :::10025 :::* UNCONN 0 0 ::1:323 :::* [root@centos7 ~]# ss -tnl # 查看tcp协议端口 139,445State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1:6012 *:* LISTEN 0 50 *:445 *:* LISTEN 0 50 *:3306 *:* LISTEN 0 50 *:139 *:* LISTEN 0 128 *:22 *:* LISTEN 0 128 127.0.0.1:631 *:* LISTEN 0 100 127.0.0.1:25 *:* LISTEN 0 128 127.0.0.1:6010 *:* LISTEN 0 128 127.0.0.1:6011 *:* LISTEN 0 128 ::1:6012 :::* LISTEN 0 50 :::445 :::* LISTEN 0 50 :::139 :::* LISTEN 0 128 :::22 :::* LISTEN 0 128 ::1:631 :::* LISTEN 0 100 ::1:25 :::* LISTEN 0 128 ::1:6010 :::* LISTEN 0 128 ::1:6011 :::*
2.smbclient命令查看目标主机上的共享
这里以centos 6 主机作为客户端,访问作为samba服务器的centos 7
# 匿名访问,不输入密码,如下:[root@CentOS6 ~]# smbclient -L 192.168.1.15 Enter root's password: Anonymous login successfulDomain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.2.3)Anonymous login successfulDomain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL # 已创建的系统用户账号来访问,如下:[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U taoEnter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba Server Version 4.2.3) tao Disk Home DirectoriesDomain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL
3.smbclient命令访问目标主机上的共享服务
[root@CentOS6 ~]# smbclient //192.168.1.15/ -U tao Enter tao's password: [root@CentOS6 ~]# smbclient //192.168.1.15/tao -U tao # 要添加允许访问的共享的目录文件Enter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> help # 获取帮助? allinfo altname archive blocksize cancel case_sensitive cd chmod chown close del dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect .. ! smb: \> pwd # 显示的是samba服务器上系统用户tao的共享目录,配置中家目录是允许共享的Current directory is \\192.168.1.15\tao\smb: \> ls . D 0 Tue Oct 18 13:09:36 2016 .. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash_logout H 18 Fri Nov 20 13:02:30 2015 .bash_profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash_history H 361 Tue Oct 18 12:43:06 2016 .mysql_history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 f1 13 Tue Oct 18 13:09:36 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> put /etc/fstab # 上传Cen 6 中的文件发现不能上传,这里最要使用当前路径NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \/etc/fstabsmb: \> lcd /etc # 切换到要上传文件的当前目录中smb: \> put fstab # 上传文件,发现可以上传,这是因为系统文件中定义的writable=YES,有写权限,并且tao用户对自己的家目录也有写权限putting file fstab as \fstab (52.3 kb/s) (average 52.3 kb/s)smb: \> ls . D 0 Wed Oct 19 00:11:59 2016 .. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash_logout H 18 Fri Nov 20 13:02:30 2015 .bash_profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash_history H 361 Tue Oct 18 12:43:06 2016 .mysql_history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 f1 13 Tue Oct 18 13:09:36 2016 fstab #已上传的文件 A 1017 Wed Oct 19 00:11:59 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> ^C
4.自定义共享服务
[root@centos7 ~]# mkdir -pv /samba/tools # 创建共享的目录mkdir: created directory '/samba'mkdir: created directory '/samba/tools'[root@centos7 ~]# vim /etc/samba/smb.conf # 编辑主配置文件 [apps] # 自定义一个共享名 comment = tools # 注释为tools工具 path = /samba/tools # 本地文件系统路径 browseable = yes # 允许非属主,数组浏览 guest ok = yes # 允许来宾访问,即匿名用户 writable = yes # 允许写操作(如:上传和删除等) # 配置好之后保存退出,并测试语法[root@centos7 samba]# testparm # 语法测试Load smb config files from /etc/samba/smb.confrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)Processing section "[homes]"Processing section "[printers]"Processing section "[apps]"Loaded services file OK.Server role: ROLE_STANDALONEPress enter to see a dump of your service definitions # 敲回车,打印出服务所有的生效配置# Global parameters[global] workgroup = MYGROUP server string = Samba Server Version %v security = USER log file = /var/log/samba/log.%m max log size = 50 idmap config * : backend = tdb cups options = raw[homes] comment = Home Directories read only = No browseable = No[printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No[apps] comment = tools path = /samba/tools read only = No # 非只读,代表可写 guest ok = Yes[root@centos7 samba]# systemctl restart smb 重启服务
查看共享服务,并访问
# 查看系统用户下的共享服务[root@CentOS6 ~]# smbclient -L 192.168.1.15 -U tao Enter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Sharename Type Comment --------- ---- ------- apps Disk tools IPC$ IPC IPC Service (Samba Server Version 4.2.3) tao Disk Home DirectoriesDomain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3] Server Comment --------- ------- CENTOS7 Samba Server Version 4.2.3 Workgroup Master --------- ------- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL
访问共享服务
# 匿名用户(来宾账号)可以登录,但是不能上传文件[root@CentOS6 ~]# smbclient //192.168.1.17/apps Enter root's password: Anonymous login successfulDomain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> !pwd/etcsmb: \> put fstab # 不能上传NT_STATUS_ACCESS_DENIED opening remote file \fstabsmb: \> ^C# 系统账号登录,访问共享服务[root@CentOS6 ~]# smbclient //192.168.1.15/apps -U tao # 指定共享服务目录为appsEnter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> pwdCurrent directory is \\192.168.1.15\apps\ # 在apps下smb: \> ls . D 0 Wed Oct 19 00:31:41 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> put fstabNT_STATUS_ACCESS_DENIED opening remote file \fstab # 不能上传,虽然服务有写权限,但是对目录对文件系统没有写权限smb: \>
要想使tao用户可以上传和删除文件,除了系统当中的定义的允许写操作外,目录文件系统也要有写权限才可以,仅对tao用户定义如下:
[root@centos7 ~]# setfacl -m u:tao:rwx /samba/tools # 设定tao用户的rwx权限[root@centos7 ~]# getfacl /samba/toolsgetfacl: Removing leading '/' from absolute path names# file: samba/tools# owner: root# group: rootuser::rwxuser:tao:rwxgroup::r-xmask::rwxother::r-x
再次访问上传如下
[root@CentOS6 ~]# smbclient //192.168.1.15/apps -U taoEnter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 00:31:41 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> put fstabputting file fstab as \fstab (99.3 kb/s) (average 99.3 kb/s) #上传成功smb: \> ls . D 0 Wed Oct 19 01:00:43 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 01:00:43 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> rm fstab # 删除文件smb: \> ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks availablesmb: \>
5.假设现在tao用户和xiu用户都有写操作,即可以向/samba/tools上传文件,但是我只想允许让tao有上传权限,xiu用户不可以传,该如何设置呢? 如下
[root@centos7 ~]# setfacl -m u:xiu:rwx /samba/tools[root@centos7 ~]# getfacl /samba/toolsgetfacl: Removing leading '/' from absolute path names# file: samba/tools# owner: root# group: rootuser::rwxuser:tao:rwxuser:xiu:rwx # xiu用户对文件也有rwx权限group::r-xmask::rwxother::r-x[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 系统用户xiu登录访问Enter xiu's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 21:12:29 2016 .. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks availablesmb: \> lcd /etcsmb: \> put issue # 上传成功putting file issue as \issue (4.2 kb/s) (average 4.2 kb/s)smb: \> ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40071 blocks availablesmb: \> ^C
编辑配置文件/etc/samba/smb.conf
重启服务,访问如下:
[root@centos7 samba]# systemctl restart smb # 重启服务[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # xiu用户再次登录Enter xiu's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> put fstab NT_STATUS_ACCESS_DENIED opening remote file \fstab[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U tao # tao用户可以上传文件Enter tao's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 21:28:02 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> put fstab # 上传成功putting file fstab as \fstab (55.2 kb/s) (average 55.2 kb/s)smb: \> ls . D 0 Wed Oct 19 21:37:12 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks available
6.定义属组,是属组中的用户都有写权限
[root@centos7 ~]# groupadd distro[root@centos7 ~]# ll -d /samba/tools/drwxrwxr-x+ 2 root root 30 Oct 19 21:37 /samba/tools/[root@centos7 ~]# chgrp distro /samba/tools/[root@centos7 ~]# ll -d /samba/tools/drwxrwxr-x+ 2 root distro 30 Oct 19 21:37 /samba/tools/[root@centos7 ~]# setfacl -b /samba/tools # 为了保证实验,清空目录的acl权限[root@centos7 ~]# getfacl /samba/toolsgetfacl: Removing leading '/' from absolute path names# file: samba/tools# owner: root# group: distrouser::rwxgroup::r-xother::r-x[root@centos7 ~]# chmod 775 /samba/tools/ # 设定目录的属组有写权限[root@centos7 ~]# ll -d /samba/tools/drwxrwxr-x 2 root distro 30 Oct 19 22:23 /samba/tools/[root@centos7 ~]# usermod -a -G distro tao[root@centos7 ~]# usermod -a -G distro xiu[root@centos7 ~]# id taouid=1000(tao) gid=1000(tao) groups=1000(tao),2003(distro)[root@centos7 ~]# id xiuuid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)
编辑配置文件/etc/samba/smb.conf如下:
重启服务,访问如下:
[root@centos7 samba]# systemctl restart smb[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiu # 使用xiu用户登录Enter xiu's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 21:37:12 2016 .. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> pwdCurrent directory is \\192.168.1.17\apps\smb: \> rm issue # 可以删除smb: \> ls . D 0 Wed Oct 19 22:22:30 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> lcd /etcsmb: \> put issue # 可以上传putting file issue as \issue (5.2 kb/s) (average 5.2 kb/s)smb: \> ls . D 0 Wed Oct 19 22:23:51 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:23:51 2016 40940 blocks of size 1048576. 40072 blocks available#================================================================================== [root@centos7 ~]# gpasswd -d xiu distro # 把秀从组中移除Removing user xiu from group distro[root@centos7 ~]# groupmems -g distro -l # 查看组成员tao # 再次使用秀用户登录,发现不能上传,如下[root@CentOS6 ~]# smbclient //192.168.1.17/apps -U xiuEnter xiu's password: Domain=[MYGROUP] OS=[Windows 6.1] Server=[Samba 4.2.3]smb: \> ls . D 0 Wed Oct 19 22:40:22 2016 .. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:40:22 2016 40940 blocks of size 1048576. 40072 blocks availablesmb: \> pwdCurrent directory is \\192.168.1.17\apps\smb: \> rm issue # 不能删除NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file \issueNT_STATUS_MEDIA_WRITE_PROTECTED listing \issuesmb: \> lcd /etcsmb: \> put issue # 不能上传NT_STATUS_ACCESS_DENIED opening remote file \issue
7.使用mount.cifs访问
[root@centos7 ~]# usermod -a -G distro xiu # 把xiu用户加入到distro组中,即也有写权限[root@centos7 ~]# id xiuuid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)[root@centos7 ~]# ll -d /samba/tools/drwxrwxr-x 2 root distro 63 Oct 19 23:24 /samba/tools/# 使用mount -t cifs(mount.cifs)方式指明smb服务器,共享目录,以及使用登陆的系统用户和密码[root@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /mnt -o username=xiu,password=134296[root@CentOS6 ~]# mount # 查看挂载点/dev/mapper/vg0-root on / type ext4 (rw)proc on /proc type proc (rw)sysfs on /sys type sysfs (rw)devpts on /dev/pts type devpts (rw,gid=5,mode=620)tmpfs on /dev/shm type tmpfs (rw)/dev/sda1 on /boot type ext4 (rw)/dev/mapper/vg0-usr on /usr type ext4 (rw)/dev/mapper/vg0-var on /var type ext4 (rw)/dev/sda5 on /home type ext4 (rw,usrquota,grpquota) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)//192.168.1.17/apps/ on /mnt type cifs (rw) # 已经挂载上了[root@CentOS6 ~]# cd /mnt/[root@CentOS6 mnt]# lsfstab issue [root@CentOS6 mnt]# echo taotaoxiuxiu > test.txt # 可见客户端的root用户对挂载点/mnt有写权限[root@CentOS6 mnt]# su - tao # 切换到一个普通用户[tao@CentOS6 ~]$ cd /mnt/[tao@CentOS6 mnt]$ lsfstab issue test.txt[tao@CentOS6 mnt]$ cat test.txt taotaoxiuxiu[tao@CentOS6 mnt]$ echo nulixiangqian >> test.txt -bash: test.txt: Permission denied # 虽然在服务端系统用户有写权限(包括文件系统),但客户单普通用户对挂载点没有写权限
既然如此,我们就在本地创建一个目录/data/apps专门作为挂载点,并赋予tao用户rwx权限,看能否写进去,如下:
# 创建挂载点目录[root@CentOS6 ~]# mkdir -pv /data/appsmkdir: created directory `/data'mkdir: created directory `/data/apps'#=============================================================================# 使tao用户对此目录有rwx权限[root@CentOS6 ~]# setfacl -m u:tao:rwx /data/apps/[root@CentOS6 ~]# getfacl /data/appsgetfacl: Removing leading '/' from absolute path names# file: data/apps# owner: root# group: rootuser::rwxuser:tao:rwxgroup::r-xmask::rwxother::r-x#==============================================================================# 挂载到/data/apps,切换到tao用户,看能否写[root@CentOS6 ~]# mount -t cifs //192.168.1.17/apps/ /data/apps -o username=xiu,password=134296[root@CentOS6 ~]# mount/dev/mapper/vg0-root on / type ext4 (rw)proc on /proc type proc (rw)sysfs on /sys type sysfs (rw)devpts on /dev/pts type devpts (rw,gid=5,mode=620)tmpfs on /dev/shm type tmpfs (rw)/dev/sda1 on /boot type ext4 (rw)/dev/mapper/vg0-usr on /usr type ext4 (rw)/dev/mapper/vg0-var on /var type ext4 (rw)/dev/sda5 on /home type ext4 (rw,usrquota,grpquota)none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)//192.168.1.17/apps/ on /data/apps type cifs (rw)[root@CentOS6 ~]# cd /data/apps/[root@CentOS6 apps]# lltotal 12-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt[root@CentOS6 apps]# su - tao[tao@CentOS6 ~]$ cd /data/apps/[tao@CentOS6 apps]$ lsfstab issue test.txt[tao@CentOS6 apps]$ echo nulizaiyiqi >> test.txt -bash: test.txt: Permission denied # 权限被拒绝
如上,我们发现还是被拒绝,这到底是为什么呢?这是因为远程和客户端用的是id映射,和用户名无关,只和id号有关
[root@CentOS6 ~]# ll /data/apps/ # 客户端显示的属主total 12-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt[root@centos7 ~]# id xiuuid=1001(xiu) gid=2002(xiu) groups=2002(xiu),2003(distro)[root@centos7 ~]# ll /samba/tools/ # 服务端显示的属主total 12-rwxr--r-- 1 tao tao 1017 Oct 19 21:37 fstab-rwxr--r-- 1 xiu xiu 90 Oct 19 22:40 issue-rw-r--r-- 1 xiu xiu 13 Oct 19 23:33 test.txt[root@CentOS6 ~]# useradd -u 1001 wang # 创建一个同服务端属主id号相同的用户[root@CentOS6 ~]# su - wang[wang@CentOS6 ~]$ cd /data/apps/[wang@CentOS6 apps]$ lsfstab issue test.txt[wang@CentOS6 apps]$ echo nulizaiyiqi >> test.txt # 写操作成功[wang@CentOS6 apps]$ cat test.txttaotaoxiuxiunulizaiyiqi[wang@CentOS6 apps]$ lltotal 12-rwxr--r-- 1 1000 1000 1017 Oct 19 2016 fstab-rwxr--r-- 1 wang 2002 90 Oct 19 2016 issue-rw-r--r-- 1 wang 2002 25 Oct 20 2016 test.txt
总结:
1.用户要想对共享的文件有写权限,受限于两个方面的因素:一是,共享文件服务器(ftp,samba)是否允许匿名用户或者系统账号有写权限;另一个方面用户对共享文件的文件系统是否有写权限;只有二者同时满足,用户才有写权限,才可以在共享文件目录中上传删除文件;
2.对于smaba服务中,使用mount.cifs 挂载操作中的用户,-o选项中指定的用户直接产生映射关系;访问挂载,是以-o选项指定的用户身份运行,与本地用户以ID产生映射,即必须使本地用户的id号和-o选项指定用户的id号相同才可以执行写操作(上面的第一点也要满足)。
3)smbstatus命令:
★显示samba服务的相关共享的访问状态信息;
-b:显示简要格式信息;
-v:显示详细格式信息;
演示
[root@centos7 ~]# smbstatusSamba version 4.2.3PID Username Group Machine Protocol Version ------------------------------------------------------------------------------2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 # 挂载访问 Service pid machine Connected at-------------------------------------------------------IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 # 客户端方式访问No locked files
简要显示 -b,和详细显示-v
[root@centos7 ~]# smbstatus -b Samba version 4.2.3PID Username Group Machine Protocol Version ------------------------------------------------------------------------------2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 [root@centos7 ~]# smbstatus -vusing configfile = /etc/samba/smb.confSamba version 4.2.3PID Username Group Machine Protocol Version ------------------------------------------------------------------------------2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 Opened /var/lib/samba/connections.tdbService pid machine Connected at-------------------------------------------------------IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016No locked files
用户
服务
文件
权限
系统
目录
配置
客户
客户端
账号
信息
命令
密码
登录
成功
主机
方式
服务器
身份
来宾
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
软件开发环境及语言分类
贵州同城生鲜配送软件开发
软件开发 技术难点
清华大学毕业生网络安全犯罪
web服务器 cgi
拓扑技术在数据库技术中
甘肃戴尔服务器虚拟化建设云空间
软件开发设计合同要交印花税
数据库表关键字是
网络安全与信息化杂志
以政治必修一谈网络安全
安徽安卓软件开发收费报价表
企业声誉数据库
双骏互联网科技有限公司
吃鸡游戏要不要换服务器
数据库活动满减表设计
互联网加科技让农业
聚合服务器
斑马网络技术有限公司 座机
ocr 软件开发
草皮贴图软件开发
傲文网络技术有限公司
网页打不开无法解析服务器地址
浙江台州五金erp软件开发
2018供需科目网络安全
应用服务器API举例
广东游戏软件开发公司排名
战地一服务器
计算机网络技术英语重要吗
贵州戴尔服务器总代理
