使用Samba在Linux服务器上搭建共享文件服务
<p>最近我们的小团队需要在服务器上共分出一个共享文件夹用于大家存放公共的资源文档, 大家想啊,这肯定很简单呀,在Windows下面只要创建相关的windows account,共享某个文件夹,把读/写权限给我们创建的account的,就完成了共享,但在Linux下面就没有这么美好了,网上查阅资源资料多指向通过Samba完成共享任务,但一些blog只介绍了怎么做,但没有为什么这么 做,搭建工作且不太顺利,对Linux算不上熟悉,走了很多弯路,所以通过这篇blog深入理解其中的每一步。</p><h1>Samba的简介</h1>
<p>Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。这些是废话….. 来看点有意思的。作者Tridgwell申请使用SMBServer ( Server Message Block 的简写 ) 注册这个软件的商标, 因为SMB 是没有意义的文字而没有办法注册。然后他就翻字典,看到SAMBA一遍正好包含SMB几个字母 ,这这个词也是我们熟知的拉丁舞蹈的名称,然后就有了三八这个名字🙄。(自百科)</p>
<p> </p>
<p>搭建Samba共享目录, 如果需要使用用户名/密码的形式访问共享目录,我们需要先创建Linux的user,然后通过<code>smbpasswd</code>创建samba用户(用户名需要一致),原文在这里:</p>
<p>To provide authentication on a standalone host, you have to create the accounts locally on the operating system and additionally in the Samba database. By default, Samba uses the <code>tdbsam</code> back end and stores the database in the <code>/usr/local/samba/private/passdb.tdb</code> file. Optionally set a different location in the <code>smb.conf</code> file using the <code>passdb backend</code> parameter. See the <code>smb.conf 5</code> man page for details(from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server).</p>
<h1>搭建需要用户名验证的共享目录</h1>
<p>1. 创建共享目录的用户, 我们这里使用来组(group)来演示</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">groupadd smbgrp
useradd fielshare </span>-s /sbin/nologin -g smbgrp -p <password><span style="color: rgba(0, 0, 0, 1)">
#创建同名的smb用户, 这里的密码和local用户的密码是完全独立的,我们最后用的通过smbpasswd创建的用户
smbpasswd </span>-a fielshare</pre>
</div>
<p> </p>
<p>2. 创建需要共享的工作目录,设置好文件夹的权限</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 255, 1)">mkdir</span> -p /srv/samba/<span style="color: rgba(0, 0, 0, 1)">secure
</span><span style="color: rgba(0, 0, 255, 1)">chmod</span> -R <span style="color: rgba(128, 0, 128, 1)">0770</span> /srv/samba/<span style="color: rgba(0, 0, 0, 1)">secure
</span><span style="color: rgba(0, 0, 255, 1)">chown</span> -R root:smbgrp /srv/samba/secure</pre>
</div>
<p>搭建Samba共享目录, 如果需要使用用户名/密码的形式访问共享目录,我们需要先创建Linux的user,然后通过<code>smbpasswd</code>创建samba用户(用户名需要一致),原文在这里:</p>
<p> </p>
<p>3. 修改安全上文</p>
<div class="cnblogs_code">
<pre>chcon -t samba_share_t /srv/samba/secure</pre>
</div>
<p>这条命令是SELinux(详见Security-Enhanced Linux)下面的命令, 作用提把/srv/samba/securel切换到samba的上下文中。</p>
<p> </p>
<p>4. 修改配置文件smb.conf</p>
<p>修改配置文件之前 ,我们先做好备份工作,以防不测。</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 255, 1)">cp</span> /etc/samba/smb.conf /etc/samba/smb.conf.orig</pre>
</div>
<p> </p>
<p>在这里我们有以下事情需要做:</p>
<ol>
<li>在 section下修改workgroup为WORKGROUP (就是我的电脑=>属性=> 计算机名看到的工作级的名字)<br><img src="https://img2018.cnblogs.com/blog/204983/201905/204983-20190513235647848-2071803545.png" alt="">
<p> </p>
</li>
<li>设置 下的netbios name, 这个可以是任意,就是我们在我的芳邻下看到的计算机名称</li>
<li> 确定 下security设置为user</li>
<li>添加共享目录的配置</li>
</ol>
<div class="cnblogs_code" style="margin-left: 30px">
<pre><span style="color: rgba(0, 0, 0, 1)">#为暴露在我的芳邻里点进去看到的文件夹名称<br>
comment </span>=<span style="color: rgba(0, 0, 0, 1)"> Secure File Server Share<br> # 为需要共享的目录
path </span>=/srv/samba/<span style="color: rgba(0, 0, 0, 1)">secure<br> # 可访问的用户,多用户用空格隔开, 以@开头为用户组
valid users </span>=<span style="color: rgba(0, 0, 0, 1)"> @smbgrp<br> # 关闭匿名访问,设置为no
guest ok </span>=<span style="color: rgba(0, 0, 0, 1)"> no
writable </span>=<span style="color: rgba(0, 0, 0, 1)"> yes
browsable </span>= yes</pre>
</div>
<p> </p>
<p style="margin-left: 30px">整个smb.conf文件如下:</p>
<div class="cnblogs_code" style="margin-left: 30px">
<pre># See smb.conf.example <span style="color: rgba(0, 0, 255, 1)">for</span> a <span style="color: rgba(0, 0, 255, 1)">more</span> detailed config <span style="color: rgba(0, 0, 255, 1)">file</span><span style="color: rgba(0, 0, 0, 1)"> or
# read the smb.conf manpage.
# Run </span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">testparm</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)"> to verify the config is correct after
# you modified it.
workgroup </span>=<span style="color: rgba(0, 0, 0, 1)"> WORKGROUP
netbios name </span>=<span style="color: rgba(0, 0, 0, 1)"> centos
security </span>=<span style="color: rgba(0, 0, 0, 1)"> user
passdb backend </span>=<span style="color: rgba(0, 0, 0, 1)"> tdbsam
printing </span>=<span style="color: rgba(0, 0, 0, 1)"> cups
printcap name </span>=<span style="color: rgba(0, 0, 0, 1)"> cups
load printers </span>=<span style="color: rgba(0, 0, 0, 1)"> no
cups options </span>=<span style="color: rgba(0, 0, 0, 1)"> raw
comment </span>=<span style="color: rgba(0, 0, 0, 1)"> All Printers
path </span>= /var/<span style="color: rgba(0, 0, 0, 1)">tmp
printable </span>=<span style="color: rgba(0, 0, 0, 1)"> Yes
create mask </span>= <span style="color: rgba(128, 0, 128, 1)">0600</span><span style="color: rgba(0, 0, 0, 1)">
browseable </span>=<span style="color: rgba(0, 0, 0, 1)"> No
comment </span>=<span style="color: rgba(0, 0, 0, 1)"> Printer Drivers
path </span>= /var/lib/samba/<span style="color: rgba(0, 0, 0, 1)">drivers
</span><span style="color: rgba(0, 0, 255, 1)">write</span> list =<span style="color: rgba(0, 0, 0, 1)"> @printadmin root
force group </span>=<span style="color: rgba(0, 0, 0, 1)"> @printadmin
create mask </span>= <span style="color: rgba(128, 0, 128, 1)">0664</span><span style="color: rgba(0, 0, 0, 1)">
directory mask </span>= <span style="color: rgba(128, 0, 128, 1)">0775</span><span style="color: rgba(0, 0, 0, 1)">
comment </span>= secure <span style="color: rgba(0, 0, 255, 1)">file</span><span style="color: rgba(0, 0, 0, 1)"> share
path </span>= /srv/samba/<span style="color: rgba(0, 0, 0, 1)">secure
valid users </span>=<span style="color: rgba(0, 0, 0, 1)"> @smbgrp
guest ok </span>=<span style="color: rgba(0, 0, 0, 1)"> no
writable </span>=<span style="color: rgba(0, 0, 0, 1)"> yes
browsable </span>=<span style="color: rgba(0, 0, 0, 1)"> yes
browseable </span>= yes</pre>
</div>
<p> </p>
<p> 注意smb.conf默认会有节点,如果不是不想得一个和用户名同名的文件夹,请删除它。 </p>
<p> 完成编辑, 保存配置文件,</p>
<p style="margin-left: 30px"><img src="https://img2018.cnblogs.com/blog/204983/201905/204983-20190514000821832-502797145.png" alt=""></p>
<p> </p>
<p> 执行testparm后会得到下面相似的结果,就是说配置文件没有问题</p>
<div class="cnblogs_code" style="margin-left: 30px">
<pre><span style="color: rgba(0, 0, 0, 1)"># testparm
Load smb config files from </span>/etc/samba/<span style="color: rgba(0, 0, 0, 1)">smb.conf
rlimit_max: increasing rlimit_max (</span><span style="color: rgba(128, 0, 128, 1)">1024</span>) to minimum Windows limit (<span style="color: rgba(128, 0, 128, 1)">16384</span><span style="color: rgba(0, 0, 0, 1)">)
Processing section </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)"></span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Processing section </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)"></span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Processing section </span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)"></span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
Loaded services </span><span style="color: rgba(0, 0, 255, 1)">file</span><span style="color: rgba(0, 0, 0, 1)"> OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
load printers </span>=<span style="color: rgba(0, 0, 0, 1)"> No
netbios name </span>=<span style="color: rgba(0, 0, 0, 1)"> CENTOS-SHARE
printcap name </span>=<span style="color: rgba(0, 0, 0, 1)"> cups
security </span>=<span style="color: rgba(0, 0, 0, 1)"> USER
idmap config </span>* : backend =<span style="color: rgba(0, 0, 0, 1)"> tdb
cups options </span>=<span style="color: rgba(0, 0, 0, 1)"> raw
browseable </span>=<span style="color: rgba(0, 0, 0, 1)"> No
comment </span>=<span style="color: rgba(0, 0, 0, 1)"> All Printers
create mask </span>= <span style="color: rgba(128, 0, 128, 1)">0600</span><span style="color: rgba(0, 0, 0, 1)">
path </span>= /var/<span style="color: rgba(0, 0, 0, 1)">tmp
printable </span>=<span style="color: rgba(0, 0, 0, 1)"> Yes
comment </span>=<span style="color: rgba(0, 0, 0, 1)"> Printer Drivers
create mask </span>= <span style="color: rgba(128, 0, 128, 1)">0664</span><span style="color: rgba(0, 0, 0, 1)">
directory mask </span>= <span style="color: rgba(128, 0, 128, 1)">0775</span><span style="color: rgba(0, 0, 0, 1)">
force group </span>=<span style="color: rgba(0, 0, 0, 1)"> @printadmin
path </span>= /var/lib/samba/<span style="color: rgba(0, 0, 0, 1)">drivers
</span><span style="color: rgba(0, 0, 255, 1)">write</span> list =<span style="color: rgba(0, 0, 0, 1)"> @printadmin root
comment </span>= secure <span style="color: rgba(0, 0, 255, 1)">file</span><span style="color: rgba(0, 0, 0, 1)"> share
path </span>= /home/<span style="color: rgba(0, 0, 0, 1)">share
read only </span>=<span style="color: rgba(0, 0, 0, 1)"> No
valid users </span>=<span style="color: rgba(0, 0, 0, 1)"> @smbgrp
#</span></pre>
</div>
<p> </p>
<p> </p>
<p>5. 重启samba服务, 打开我的电脑进行测试</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">systemctl restart smb.service
systemctl restart nmb.service</span></pre>
</div>
<p> </p>
<p>由于测试机和Linux主机不在同一个网络,我的芳邻里面找不到我配置的芳邻 CENTOS-SHARE, 这里我通过IP直接访问</p>
<p> </p>
<p>6. 别忘了添加防火墙,不然你是看不到你的芳邻的</p>
<div class="cnblogs_code">
<pre>firewall-cmd --permanent --zone=public --add-service=<span style="color: rgba(0, 0, 0, 1)">samba
firewall</span>-cmd --reload</pre>
</div>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/204983/201905/204983-20190514003518734-1191606525.png" alt=""></p>
<p> </p>
<p> </p>
<p> <img src="https://img2018.cnblogs.com/blog/204983/201905/204983-20190514003449083-1530129598.png" alt=""></p>
<p> </p>
<h1>总结</h1>
<p>这里只演示了使用了用户名的验证模式来共享文件夹,主要是针对Windows的,对这一块不熟悉的同学可以自行尝试匿名共享。在设置过程中,我接触到以前没有接触到东西SELinux,这一块还是有很多的东西的。对于SAMBA的使用介绍网上有不少文章的,写这遍博客的目的也算是多个视角来告诉大家如何使用。 </p><br><br>
来源:https://www.cnblogs.com/rhino/p/share-folder-with-samba.html
頁:
[1]