Samba文件共享&&多用户
1803 字
9 分钟
Samba文件共享&&多用户
Samba文件共享&&多用户
[TOC]
这是一个关于 Samba (SMB/CIFS) ==文件共享==服务的配置实验
基础实验
准备
| 角色 | IP 地址 | 需安装软件包 |
|---|---|---|
| 服务端 (Server) | 10.0.0.101 | samba, samba-common, samba-tools |
| 客户端 (Client) | 10.0.0.102 | cifs-utils, samba-client |
服务端配置
[root@Server ~]# dnf -y install samba samba-common samba-tools# 安装 Samba 服务[root@Server ~]# mkdir /smb-share# 创建共享目录[root@Server ~]# echo "shared by SMB" >> /smb-share/README# 创建测试文件
[root@Server ~]# id jiuuid=1010(jiu) gid=1010(jiu) groups=1010(jiu)[root@Server ~]# echo "oldboy123.com" | passwd --stdin jiu[root@Server ~]# smbpasswd -a jiuNew SMB password:'passwd'Retype new SMB password:'passwd'Added user jiu.# 将用户添加到 Samba 数据库 (设置 Samba 密码)
[root@Server ~]# vim /etc/samba/smb.conf[samba-share] comment = share file via SMB path = /smb-share valid users = jiu browseable = yes read only = yes create mask = 0644
[root@Server ~]# testparmLoad smb config files from /etc/samba/smb.confLoaded services file OK.# 检查配置语法Press enter to see a dump of your service definitionspasswd
[root@Server ~]# systemctl enable --now smbCreated symlink '/etc/systemd/system/multi-user.target.wants/smb.service' → '/usr/lib/systemd/system/smb.service'.# 启动并开机自启 smb 服务客户端配置
[root@Client ~]# dnf -y install samba-client cifs-utils
[root@Client ~]# mkdir -p /mnt/smb-share# 创建挂载点[root@Client ~]# mount.cifs -o username=jiu,password=passwd //10.0.0.101/samba-share /mnt/smb-share# 手动挂载[root@Client ~]# cat /mnt/smb-share/READMEshared by SMB# 验证读取进阶配置(实现写入权限)
[root@Server ~]# chown jiu /smb-share/# 将目录所有者改为 jiu,允许写入
[root@Server ~]# vim /etc/samba/smb.conf[samba-share] comment = share file via SMB path = /smb-share valid users = jiu writeable = yes # 修改为可写 write list = jiu # 添加写入列表 create mask = 0644
[root@Server ~]# systemctl restart smb# 重启服务============================'回到客户端,重新挂载并测试写入'[root@Client ~]# umount /mnt/smb-share# 先卸载旧挂载[root@Client ~]# mount.cifs -o username=jiu,password=passwd //10.0.0.101/samba-share /mnt/smb-share# 重新挂载[root@Client ~]# touch /mnt/smb-share/test_file[root@Client ~]# echo "test write" >> /mnt/smb-share/test_file# 测试写入[root@Client ~]# ls -l /mnt/smb-share/total 8-rwxr-xr-x 1 root root 14 Apr 16 19:12 README-rwxr-xr-x 1 root root 11 Apr 16 19:25 test_file[root@Client ~]# cat /mnt/smb-share/test_filetest write# 查看结果多用户配置
服务端
1)创建多用户账户[root@Server ~]# systemctl restart smb[root@Server ~]# useradd david'读写'[root@Server ~]# useradd elle"只读"[root@Server ~]# useradd frank"读写"
2)给密码[root@Server ~]# echo "oldboy123.com" | passwd --stdin david[root@Server ~]# echo "oldboy123.com" | passwd --stdin elle[root@Server ~]# echo "oldboy123.com" | passwd --stdin frank
3)添加都到Samba数据库[root@Server ~]# smbpasswd -a davidNew SMB password:Retype new SMB password:Added user david.[root@Server ~]# smbpasswd -a elleNew SMB password:Retype new SMB password:Added user elle.[root@Server ~]# smbpasswd -a frankNew SMB password:Retype new SMB password:Added user frank.
4)验证用户是否添加成功[root@Server ~]# pdbedit -Ljiu:1010:elle:1013:david:1012:frank:1014:
5)创建共享目录[root@Server ~]# mkdir -p /remote/multi
6)设置目录权限[root@Server ~]# chmod 755 /remote/multi[root@Server ~]# setfacl -m u:frank:rwx /remote/multi/[root@Server ~]# setfacl -m u:david:rwx /remote/multi/# 设置ACL权限,david和frank有读写权限,elle只有读权限
7)配置Samba配置文件[root@Server ~]# vim /etc/samba/smb.conf'接着昨天的来'[samba-share] comment = share file via SMB path = /smb-share valid users = jiu browseable = yes read only = no create mask = 0644
[multi-share] comment = client with different credentials path = /remote/multi valid users = elle, david, frank writeable = yes write list = david, frank hosts allow = 10.0.0.0/24
8)检查与启动[root@Server ~]# testparm[root@Server ~]# systemctl restart smb# 重启服务
9)文件测试[root@Server ~]# su david -c "touch /remote/multi/test "[root@Server ~]# ll /remote/multi/total 0-rw-r--r-- 1 david david 0 Apr 19 10:12 test客户端
- david ----- 读写
- elle --- 只读
- frank --- 读写
1)多用户挂载[root@Client ~]# df -hFilesystem Size Used Avail Use% Mounted on/dev/mapper/rl-root 47G 3.9G 43G 9% /devtmpfs 939M 0 939M 0% /devtmpfs 965M 0 965M 0% /dev/shmefivarfs 256K 56K 196K 22% /sys/firmware/efi/efivarstmpfs 386M 7.1M 379M 2% /runtmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service/dev/nvme0n1p2 960M 296M 665M 31% /boot/dev/nvme0n1p1 599M 8.4M 591M 2% /boot/efitmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.servicetmpfs 193M 4.0K 193M 1% /run/user/0[root@Client ~]# mkdir /mnt/multi[root@Client ~]# smbclient -L //10.0.0.101 -U elle%passwd'手动测试!'....... elle Disk Home DirectoriesSMB1 disabled -- no workgroup available[root@Client ~]# smbclient -L //10.0.0.101 -U david%passwd....... david Disk Home DirectoriesSMB1 disabled -- no workgroup available[root@Client ~]# smbclient -L //10.0.0.101 -U frank%passwd....... frank Disk Home DirectoriesSMB1 disabled -- no workgroup available[root@Client ~]# mount.cifs -o username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/# 普通挂载[root@Client ~]# df -h | grep multi//10.0.0.101/multi-share 47G 4.4G 43G 10% /mnt/multi"普通挂载成功,再尝试multiuser挂载:"[root@Client ~]# umount /mnt/multi# 卸载普通挂载[root@Client ~]# mount.cifs -v -o multiuser,sec=ntlmssp,username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/Host "10.0.0.101" resolved to the following IP addresses: 10.0.0.101mount.cifs kernel mount options: ip=10.0.0.101,unc=\\10.0.0.101\multi-share,multiuser,sec=ntlmssp,user=elle,pass=********# 尝试multiuser挂载[root@Client ~]# df -h | grep multi//10.0.0.101/multi-share 47G 4.4G 43G 10% /mnt/multi
2)测试验证[root@Client ~]# ls -lh /mnt/multi/total 0-rwxr-xr-x 1 root root 0 Apr 19 10:12 test[root@Client ~]# touch /mnt/multi/heimatouch: cannot touch '/mnt/multi/heima': Permission denied# 我们默认登录的就是elle,他只有读权限!
3)创建一个用户[root@Client ~]# useradd jiu[root@Client ~]# passwd jiuNew password:Retype new password:passwd: password updated successfully
4)远程登录[root@Client ~]# ssh jiu@localhost 测试多用户环境下的权限 以不同用户身份执行操作 模拟多用户同时访问共享资源的场景
5)添加用户凭证[jiu@Client ~]$ cifscreds add --username david 10.0.0.101Password:[jiu@Client ~]$ cifscreds update --username david 10.0.0.101Password:[jiu@Client ~]$ keyctl showSession Keyring 568012152 --alswrv 1000 1000 keyring: _ses 634119942 --alswrv 1000 65534 \_ keyring: _uid.1000 825485613 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101[jiu@Client ~]$ ls /mnt/multi/test[jiu@Client ~]$ cd /mnt/multi[jiu@Client multi]$ touch cc[jiu@Client multi]$ lltotal 0-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:38 cc-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:12 test[jiu@Client multi]$ echo test > cc[jiu@Client multi]$ cat cctest[jiu@Client multi]$ exitlogoutConnection to localhost closed.
6)卸载重新挂载[root@Client ~]# umount /mnt/multi[root@Client ~]# !mountmount.cifs -v -o multiuser,sec=ntlmssp,username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/Host "10.0.0.101" resolved to the following IP addresses: 10.0.0.101mount.cifs kernel mount options: ip=10.0.0.101,unc=\\10.0.0.101\multi-share,multiuser,sec=ntlmssp,user=elle,pass=********
7)测试登录[root@Client ~]# ls /mnt/multi/cc test'👆都是david创建的文件'[root@Client ~]# !sshssh jiu@localhost.jiu@localhost's password: '[jiu@Client ~]$ echo 1 >> /mnt/multi/cc-bash: /mnt/multi/cc: Permission denied'没有给用户凭证,没有权限'[jiu@Client ~]$ ll /mnt/multi/ccls: cannot access '/mnt/multi/cc': Permission denied# 仍然没有权限[jiu@Client ~]$ keyctl clear @s[jiu@Client ~]$ keyctl clear @u# 清理所有过期密钥[jiu@Client ~]$ cifscreds add --username frank 10.0.0.101Password:'另一个用户 frank'[jiu@Client ~]$ keyctl showSession Keyring 941728413 --alswrv 1000 1000 keyring: _ses 634119942 --alswrv 1000 65534 \_ keyring: _uid.1000 563941266 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101[jiu@Client ~]$ echo 1 >> /mnt/multi/cc-bash: /mnt/multi/cc: Permission denied[jiu@Client ~]$ echo 1 >> /mnt/multi/test-bash: /mnt/multi/test: Permission denied'这两个文件都是david创建的'# 而我现在的用户凭证是frank,自然是没有办法写入的!# 即使这两个用户都用读写权限![jiu@Client ~]$ touch /mnt/multi/dd-frank# 创建过独属于frank的文件[jiu@Client ~]$ ls -lh /mnt/multi/total 4.0K-rwxr-xr-x 1 jiu jiu 5 Apr 19 10:40 cc-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:57 dd-frank-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:12 test[jiu@Client ~]$ echo frank > /mnt/multi/dd-frank# 并写入测试内容自动挂载
[root@Client ~]# yum install -y autofs# 安装服务[root@Client ~]# ls -ld /etc/auto.master.d/drwxr-xr-x 2 root root 6 May 12 2025 /etc/auto.master.d/cat > /etc/auto.master << EOF/misc /etc/auto.misc/share /etc/auto.samba --timeout=60+auto.masterEOF# 重新创建配置文件cat > /etc/auto.samba << EOFsmb1 -fstype=cifs,username=jiu,password=passwd ://10.0.0.101/samba-sharemulti -fstype=cifs,multiuser,sec=ntlmssp,credentials=/etc/samba.pass ://10.0.0.101/multi-shareEOF[root@Client ~]# vim /etc/samba.pass# 创建凭证文件username=ellepassword=passwd[root@Client ~]# chmod 400 /etc/samba.pass# 设置正确的权限[root@Client ~]# umount /mnt/multi[root@Client ~]# df -h | grep /mnt# 卸载挂载点![root@Client ~]# systemctl restart autofs# 重启 autofs 服务
# 测试挂载[root@Client ~]# ls /sharemulti smb1[root@Client ~]# ls /share/smb1README test_file[root@Client ~]# ls /share/multicc dd-frank test[root@Client ~]# df -h | grep share//10.0.0.101/multi-share 47G 4.4G 43G 10% /share/multi//10.0.0.101/samba-share 47G 4.4G 43G 10% /share/smb1'都挂载上去了!'
[root@Client ~]# ssh jiu@localhostjiu@localhost's password: '[jiu@Client ~]$ ll /share/multi/ls: cannot access '/share/multi/': Permission denied[jiu@Client ~]$ keyctl clear @s[jiu@Client ~]$ keyctl clear @u[jiu@Client ~]$ keyctl showSession Keyring 476072777 --alswrv 1000 1000 keyring: _ses[jiu@Client ~]$ cifscreds add --username david 10.0.0.101Password:[jiu@Client ~]$ keyctl showSession Keyring 476072777 --alswrv 1000 1000 keyring: _ses 6440152 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101[jiu@Client ~]$ ll /share/multi/total 8-rw-r--r-- 1 root root 5 Apr 19 10:40 cc-rw-r--r-- 1 root root 6 Apr 19 11:00 dd-frank-rw-r--r-- 1 root root 0 Apr 19 10:12 test[jiu@Client ~]$ touch /share/multi/dd[jiu@Client ~]$ ll /share/multi/dd-rw-r--r-- 1 root root 0 Apr 19 11:50 /share/multi/dd文章分享
如果这篇文章对你有帮助,欢迎分享给更多人!
Samba文件共享&&多用户
https://www.kpyun.fun/posts/services/storage/storage02/相关文章智能推荐
1
lsync实时同步
Linux扩展基础使用lsyncd+inotify+rsync实现秒级实时同步,解决NFS单点故障实现业务快速切换恢复
2
存储池&&PG及配置管理
存储技术深入Ceph存储池与PG归置组管理,掌握副本池与纠删码池原理、CRUSH规则配置及PG自动伸缩机制
3
OSD运维管理&&非并置部署
存储技术Ceph OSD运维管理实战,掌握托管与非托管OSD、设备擦除替换、主机驱逐及非并置部署等核心运维操作
4
Ceph集群开篇
存储技术Ceph分布式存储集群入门,详解RADOS架构、MON/MGR/OSD核心组件及RBD/CephFS/RadosGW三种存储接口的部署与管理
5
存储基础概念
存储技术从DAS/NAS/SAN三种存储架构到块/文件/对象存储类型,深入理解存储基础概念与软件RAID实践
随机文章随机推荐




