Samba文件共享&&多用户

1803 字
9 分钟
Samba文件共享&&多用户

Samba文件共享&&多用户#

[TOC]


这是一个关于 Samba (SMB/CIFS) ==文件共享==服务的配置实验

基础实验#

准备#

角色IP 地址需安装软件包
服务端 (Server)10.0.0.101samba, samba-common, samba-tools
客户端 (Client)10.0.0.102cifs-utils, samba-client

服务端配置#

Terminal window
[root@Server ~]# dnf -y install samba samba-common samba-tools
# 安装 Samba 服务
[root@Server ~]# mkdir /smb-share
# 创建共享目录
[root@Server ~]# echo "shared by SMB" >> /smb-share/README
# 创建测试文件
[root@Server ~]# id jiu
uid=1010(jiu) gid=1010(jiu) groups=1010(jiu)
[root@Server ~]# echo "oldboy123.com" | passwd --stdin jiu
[root@Server ~]# smbpasswd -a jiu
New SMB password:'passwd'
Retype new SMB password:'passwd'
Added user jiu.
# 将用户添加到 Samba 数据库 (设置 Samba 密码)
[root@Server ~]# vim /etc/samba/smb.conf
[samba-share]
comment = share file via SMB
path = /smb-share
valid users = jiu
browseable = yes
read only = yes
create mask = 0644
[root@Server ~]# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
# 检查配置语法
Press enter to see a dump of your service definitions
passwd
[root@Server ~]# systemctl enable --now smb
Created symlink '/etc/systemd/system/multi-user.target.wants/smb.service' '/usr/lib/systemd/system/smb.service'.
# 启动并开机自启 smb 服务

客户端配置#

Terminal window
[root@Client ~]# dnf -y install samba-client cifs-utils
[root@Client ~]# mkdir -p /mnt/smb-share
# 创建挂载点
[root@Client ~]# mount.cifs -o username=jiu,password=passwd //10.0.0.101/samba-share /mnt/smb-share
# 手动挂载
[root@Client ~]# cat /mnt/smb-share/README
shared by SMB
# 验证读取

进阶配置(实现写入权限)#

Terminal window
[root@Server ~]# chown jiu /smb-share/
# 将目录所有者改为 jiu,允许写入
[root@Server ~]# vim /etc/samba/smb.conf
[samba-share]
comment = share file via SMB
path = /smb-share
valid users = jiu
writeable = yes
# 修改为可写
write list = jiu
# 添加写入列表
create mask = 0644
[root@Server ~]# systemctl restart smb
# 重启服务
============================
'回到客户端,重新挂载并测试写入'
[root@Client ~]# umount /mnt/smb-share
# 先卸载旧挂载
[root@Client ~]# mount.cifs -o username=jiu,password=passwd //10.0.0.101/samba-share /mnt/smb-share
# 重新挂载
[root@Client ~]# touch /mnt/smb-share/test_file
[root@Client ~]# echo "test write" >> /mnt/smb-share/test_file
# 测试写入
[root@Client ~]# ls -l /mnt/smb-share/
total 8
-rwxr-xr-x 1 root root 14 Apr 16 19:12 README
-rwxr-xr-x 1 root root 11 Apr 16 19:25 test_file
[root@Client ~]# cat /mnt/smb-share/test_file
test write
# 查看结果

多用户配置#

服务端#

Terminal window
1)创建多用户账户
[root@Server ~]# systemctl restart smb
[root@Server ~]# useradd david
'读写'
[root@Server ~]# useradd elle
"只读"
[root@Server ~]# useradd frank
"读写"
2)给密码
[root@Server ~]# echo "oldboy123.com" | passwd --stdin david
[root@Server ~]# echo "oldboy123.com" | passwd --stdin elle
[root@Server ~]# echo "oldboy123.com" | passwd --stdin frank
3)添加都到Samba数据库
[root@Server ~]# smbpasswd -a david
New SMB password:
Retype new SMB password:
Added user david.
[root@Server ~]# smbpasswd -a elle
New SMB password:
Retype new SMB password:
Added user elle.
[root@Server ~]# smbpasswd -a frank
New SMB password:
Retype new SMB password:
Added user frank.
4)验证用户是否添加成功
[root@Server ~]# pdbedit -L
jiu:1010:
elle:1013:
david:1012:
frank:1014:
5)创建共享目录
[root@Server ~]# mkdir -p /remote/multi
6)设置目录权限
[root@Server ~]# chmod 755 /remote/multi
[root@Server ~]# setfacl -m u:frank:rwx /remote/multi/
[root@Server ~]# setfacl -m u:david:rwx /remote/multi/
# 设置ACL权限,david和frank有读写权限,elle只有读权限
7)配置Samba配置文件
[root@Server ~]# vim /etc/samba/smb.conf
'接着昨天的来'
[samba-share]
comment = share file via SMB
path = /smb-share
valid users = jiu
browseable = yes
read only = no
create mask = 0644
[multi-share]
comment = client with different credentials
path = /remote/multi
valid users = elle, david, frank
writeable = yes
write list = david, frank
hosts allow = 10.0.0.0/24
8)检查与启动
[root@Server ~]# testparm
[root@Server ~]# systemctl restart smb
# 重启服务
9)文件测试
[root@Server ~]# su david -c "touch /remote/multi/test "
[root@Server ~]# ll /remote/multi/
total 0
-rw-r--r-- 1 david david 0 Apr 19 10:12 test

客户端#

  • david ----- 读写
  • elle --- 只读
  • frank --- 读写
Terminal window
1)多用户挂载
[root@Client ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rl-root 47G 3.9G 43G 9% /
devtmpfs 939M 0 939M 0% /dev
tmpfs 965M 0 965M 0% /dev/shm
efivarfs 256K 56K 196K 22% /sys/firmware/efi/efivars
tmpfs 386M 7.1M 379M 2% /run
tmpfs 1.0M 0 1.0M 0% /run/credentials/systemd-journald.service
/dev/nvme0n1p2 960M 296M 665M 31% /boot
/dev/nvme0n1p1 599M 8.4M 591M 2% /boot/efi
tmpfs 1.0M 0 1.0M 0% /run/credentials/getty@tty1.service
tmpfs 193M 4.0K 193M 1% /run/user/0
[root@Client ~]# mkdir /mnt/multi
[root@Client ~]# smbclient -L //10.0.0.101 -U elle%passwd
'手动测试!'
.......
elle Disk Home Directories
SMB1 disabled -- no workgroup available
[root@Client ~]# smbclient -L //10.0.0.101 -U david%passwd
.......
david Disk Home Directories
SMB1 disabled -- no workgroup available
[root@Client ~]# smbclient -L //10.0.0.101 -U frank%passwd
.......
frank Disk Home Directories
SMB1 disabled -- no workgroup available
[root@Client ~]# mount.cifs -o username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/
# 普通挂载
[root@Client ~]# df -h | grep multi
//10.0.0.101/multi-share 47G 4.4G 43G 10% /mnt/multi
"普通挂载成功,再尝试multiuser挂载:"
[root@Client ~]# umount /mnt/multi
# 卸载普通挂载
[root@Client ~]# mount.cifs -v -o multiuser,sec=ntlmssp,username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/
Host "10.0.0.101" resolved to the following IP addresses: 10.0.0.101
mount.cifs kernel mount options: ip=10.0.0.101,unc=\\10.0.0.101\multi-share,multiuser,sec=ntlmssp,user=elle,pass=********
# 尝试multiuser挂载
[root@Client ~]# df -h | grep multi
//10.0.0.101/multi-share 47G 4.4G 43G 10% /mnt/multi
2)测试验证
[root@Client ~]# ls -lh /mnt/multi/
total 0
-rwxr-xr-x 1 root root 0 Apr 19 10:12 test
[root@Client ~]# touch /mnt/multi/heima
touch: cannot touch '/mnt/multi/heima': Permission denied
# 我们默认登录的就是elle,他只有读权限!
3)创建一个用户
[root@Client ~]# useradd jiu
[root@Client ~]# passwd jiu
New password:
Retype new password:
passwd: password updated successfully
4)远程登录
[root@Client ~]# ssh jiu@localhost
测试多用户环境下的权限
以不同用户身份执行操作
模拟多用户同时访问共享资源的场景
5)添加用户凭证
[jiu@Client ~]$ cifscreds add --username david 10.0.0.101
Password:
[jiu@Client ~]$ cifscreds update --username david 10.0.0.101
Password:
[jiu@Client ~]$ keyctl show
Session Keyring
568012152 --alswrv 1000 1000 keyring: _ses
634119942 --alswrv 1000 65534 \_ keyring: _uid.1000
825485613 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101
[jiu@Client ~]$ ls /mnt/multi/
test
[jiu@Client ~]$ cd /mnt/multi
[jiu@Client multi]$ touch cc
[jiu@Client multi]$ ll
total 0
-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:38 cc
-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:12 test
[jiu@Client multi]$ echo test > cc
[jiu@Client multi]$ cat cc
test
[jiu@Client multi]$ exit
logout
Connection to localhost closed.
6)卸载重新挂载
[root@Client ~]# umount /mnt/multi
[root@Client ~]# !mount
mount.cifs -v -o multiuser,sec=ntlmssp,username=elle,password=passwd //10.0.0.101/multi-share /mnt/multi/
Host "10.0.0.101" resolved to the following IP addresses: 10.0.0.101
mount.cifs kernel mount options: ip=10.0.0.101,unc=\\10.0.0.101\multi-share,multiuser,sec=ntlmssp,user=elle,pass=********
7)测试登录
[root@Client ~]# ls /mnt/multi/
cc test
'👆都是david创建的文件'
[root@Client ~]# !ssh
ssh jiu@localhost.
jiu@localhost's password: '
[jiu@Client ~]$ echo 1 >> /mnt/multi/cc
-bash: /mnt/multi/cc: Permission denied
'没有给用户凭证,没有权限'
[jiu@Client ~]$ ll /mnt/multi/cc
ls: cannot access '/mnt/multi/cc': Permission denied
# 仍然没有权限
[jiu@Client ~]$ keyctl clear @s
[jiu@Client ~]$ keyctl clear @u
# 清理所有过期密钥
[jiu@Client ~]$ cifscreds add --username frank 10.0.0.101
Password:
'另一个用户 frank'
[jiu@Client ~]$ keyctl show
Session Keyring
941728413 --alswrv 1000 1000 keyring: _ses
634119942 --alswrv 1000 65534 \_ keyring: _uid.1000
563941266 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101
[jiu@Client ~]$ echo 1 >> /mnt/multi/cc
-bash: /mnt/multi/cc: Permission denied
[jiu@Client ~]$ echo 1 >> /mnt/multi/test
-bash: /mnt/multi/test: Permission denied
'这两个文件都是david创建的'
# 而我现在的用户凭证是frank,自然是没有办法写入的!
# 即使这两个用户都用读写权限!
[jiu@Client ~]$ touch /mnt/multi/dd-frank
# 创建过独属于frank的文件
[jiu@Client ~]$ ls -lh /mnt/multi/
total 4.0K
-rwxr-xr-x 1 jiu jiu 5 Apr 19 10:40 cc
-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:57 dd-frank
-rwxr-xr-x 1 jiu jiu 0 Apr 19 10:12 test
[jiu@Client ~]$ echo frank > /mnt/multi/dd-frank
# 并写入测试内容

自动挂载#

Terminal window
[root@Client ~]# yum install -y autofs
# 安装服务
[root@Client ~]# ls -ld /etc/auto.master.d/
drwxr-xr-x 2 root root 6 May 12 2025 /etc/auto.master.d/
cat > /etc/auto.master << EOF
/misc /etc/auto.misc
/share /etc/auto.samba --timeout=60
+auto.master
EOF
# 重新创建配置文件
cat > /etc/auto.samba << EOF
smb1 -fstype=cifs,username=jiu,password=passwd ://10.0.0.101/samba-share
multi -fstype=cifs,multiuser,sec=ntlmssp,credentials=/etc/samba.pass ://10.0.0.101/multi-share
EOF
[root@Client ~]# vim /etc/samba.pass
# 创建凭证文件
username=elle
password=passwd
[root@Client ~]# chmod 400 /etc/samba.pass
# 设置正确的权限
[root@Client ~]# umount /mnt/multi
[root@Client ~]# df -h | grep /mnt
# 卸载挂载点!
[root@Client ~]# systemctl restart autofs
# 重启 autofs 服务
# 测试挂载
[root@Client ~]# ls /share
multi smb1
[root@Client ~]# ls /share/smb1
README test_file
[root@Client ~]# ls /share/multi
cc dd-frank test
[root@Client ~]# df -h | grep share
//10.0.0.101/multi-share 47G 4.4G 43G 10% /share/multi
//10.0.0.101/samba-share 47G 4.4G 43G 10% /share/smb1
'都挂载上去了!'
[root@Client ~]# ssh jiu@localhost
jiu@localhost's password: '
[jiu@Client ~]$ ll /share/multi/
ls: cannot access '/share/multi/': Permission denied
[jiu@Client ~]$ keyctl clear @s
[jiu@Client ~]$ keyctl clear @u
[jiu@Client ~]$ keyctl show
Session Keyring
476072777 --alswrv 1000 1000 keyring: _ses
[jiu@Client ~]$ cifscreds add --username david 10.0.0.101
Password:
[jiu@Client ~]$ keyctl show
Session Keyring
476072777 --alswrv 1000 1000 keyring: _ses
6440152 ----sw-v 1000 1000 \_ logon: cifs:a:10.0.0.101
[jiu@Client ~]$ ll /share/multi/
total 8
-rw-r--r-- 1 root root 5 Apr 19 10:40 cc
-rw-r--r-- 1 root root 6 Apr 19 11:00 dd-frank
-rw-r--r-- 1 root root 0 Apr 19 10:12 test
[jiu@Client ~]$ touch /share/multi/dd
[jiu@Client ~]$ ll /share/multi/dd
-rw-r--r-- 1 root root 0 Apr 19 11:50 /share/multi/dd

文章分享

如果这篇文章对你有帮助,欢迎分享给更多人!

Samba文件共享&&多用户
https://www.kpyun.fun/posts/services/storage/storage02/
作者
久棹
发布于
2026-03-18
许可协议
CC BY-NC-SA 4.0
Profile Image of the Author
久棹
只要胆子大,天天寒暑假!
公告
欢迎来到久棹的技术小站!本站专注 Linux 运维学习笔记分享,如有问题欢迎交流探讨 🎉
分类
标签
站点统计
文章
98
分类
11
标签
203
总字数
244,453
运行时长
0
最后活动
0 天前
站点信息
构建平台
Local
博客版本
Firefly v6.13.5
文章许可
CC BY-NC-SA 4.0

文章目录