
samba 文件共享

在说 samba 之前,先放一条 cmd 命令在上面,相信会用得到

C:\Users>net use * /del /y           


1. linux 中的用户与 samba 中的用户并没有什么关系,但 samba 中的用户必须是 linux 系统中已有的用户

2. windows 在连接 samba 时,同时只能连接一台 samba 服务器中的一条线路,但可以同时连接多台 samba 服务器,这个并不是 samba 的问题,而是 windows 本身的因素造成的







3.限制 ip ,避免账号密码的泄露

环境:CentOS Linux release 7.5.1804 (Core)

一:安装 server 端

# yum search samba  #查找smb文件共享服务所需软件
# yum install samba-client.x86_64 samba-common.x86_64 samba.x86_64 -y   (samba-swat.x86_64 可配置网页版)
# systemctl start smb       #启动 smb
# systemctl enable smb      #开机自启
# systemctl stop firewalld      #关闭防火墙
# systemctl disable firewalld   #防火墙开机禁启
# netstat -antlupe | grep smb   #查看端口           


iptables -I RH-Firewall-1-INPUT 5 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
iptables -I RH-Firewall-1-INPUT 5 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
iptables -I RH-Firewall-1-INPUT 5 -p udp -m udp --dport 137 -j ACCEPT
iptables -I RH-Firewall-1-INPUT 5 -p udp -m udp --dport 138-j ACCEPT
service iptables  restart           


# groupadd ceshi
# groupadd yunwei           


# useradd -g ceshi -s /sbin/nologin cs
# useradd -g ceshi -s /sbin/nologin cs2
# useradd -g yunwei -s /sbin/nologin yw
# useradd -g yunwei -s /sbin/nologin yw2
# useradd -g yunwei -s /sbin/nologin admin           


# id ysg                #查看是否有 ysg 系统用户。
# smbpasswd -a ysg      #添加 ysg 系统用户到 smb 服务用户
# pdbedit -L            #查看 smb 服务允许用户
# pdbedit -x ysg        #删除 ysg 用户           

系统中没有 ysg 用户时:

# id ysg                #无 ysg 用户
id: ysg: no such user
# smbpasswd -a ysg  
New SMB password:
Retype new SMB password:
Failed to add entry for user ysg.   #添加不成功
# useradd ysg           #创建westos用户
# smbpasswd -a ysg 
New SMB password:
Retype new SMB password:
Added user ysg.         #此时添加成功           
# mkdir -p /etc/samba/ ceshi yunwei
# mkdir -p /etc/samba/ ceshi ceshi
# mkdir -p /etc/samba/ ceshi share           
# hosts allow = the hosts allowed to connect. This option can also be used on a
# per-share basis.
# hosts deny = the hosts not allowed to connect. This option can also be used on
# a per-share basis.

        workgroup = SAMBA
        security = user

        passdb backend = tdbsam

        printing = cups
        printcap name = cups
        load printers = yes
        cups options = raw
        hosts allow =

#       comment = Home Directories
#       valid users = %S, %D%w%S
#       browseable = No
#       read only = No
#       inherit acls = Yes

        comment = this is share
        path = /etc/samba/share
        writable = yes
        admin users = @yunwei,@ceshi
        valid users = @yunwei,@ceshi
        create mask = 777
        directory mask = 777
        comment = this is yunwei
        path = /etc/samba/yunwei
        writable = yes
        admin users = admin,@yunwei
        valid users = admin,@yunwei
        create mask = 664
        directory mask = 775
        comment = this is ceshi
        path = /etc/samba/ceshi
        writable = yes
        admin users = admin,@ceshi
        valid users = admin,@ceshi
        create mask = 664
        directory mask = 775           
# getsebool  -a | grep smb
    smbd_anon_write --> off
# getsebool  -a | grep samba
    samba_create_home_dirs --> off
    samba_domain_controller --> off
    samba_enable_home_dirs --> off
    samba_export_all_ro --> off
    samba_export_all_rw --> off
    samba_portmapper --> off
    samba_run_unconfined --> off
    samba_share_fusefs --> off
    samba_share_nfs --> off
    sanlock_use_samba --> off
    use_samba_home_dirs --> off
    virt_sandbox_use_samba --> off
    virt_use_samba --> off
# setsebool -P samba_enable_home_dirs on
# setsebool -Psamba_export_all_rw on           
