- 论坛徽章:
- 0
|
本文为作者原创,转载请注明出处!
Samba(SMB是其缩写) 是一个网络服务器,用于Linux和Windows共享文件之用;Samba 即可以用于Windows和Linux之间的共享文件,也一样用于Linux和Linux之间的共享文件;不过对于Linux和Linux之间共享文件有更好的网络文件系统NFS,NFS也是需要架设服务器的;
大家知道在Windows 网络中的每台机器即可以是文件共享的服务器,也可以是客户机;Samba 也一样能行,比如一台Linux的机器,如果架了Samba Server 后,它能充当共享服务器,同时也能做为客户机来访问其它网络中的Windows共享文件系统,或其它Linux的Sabmba 服务器;
我们在Windows网络中,看到共享文件功能知道,我们直接就可以把共享文件夹当做本地硬盘来使用。在Linux的中,就是通过Samba向网络中的机器提供共享文件系统,也可以把网络中其它机器的共享挂载在本地机上使用;这在一定意义上说和FTP是不一样的。
Samba 用的netbios协议,如果您用Samba 不成功,很有可能是你的NETBIOS服务关闭了。
总体设计结构:
/linuxsir (注:Samba文件系统中共享目录名)
|
|───/shcto (管理部成员的家目录)
| |_______/sirmas01 (注:管理成员sirmas01的家目录sirmas01)
| |_______/sirmas02 (注:管理成员sirmas0202的家目录sirmas02)
|
|─── /software (注:软件共享目录,只有管理部成员或更高权限的管理员能管理)
|
|─── /公共文档 (注:所有用户都能查看的文档,只有管理部用户sirmas01和sirmas02有
写入权限,进行文档管理)
|─── /共享可写 (注:所有用户都能在此目录下写入文件,sir03或sir04用户可以进行管
理,或文件服务器管理员权限用户进行管理)
|─── /成员 (注:公司员工的家目录存放地,每个成员在此目录下都有自己的家目录
)
|────|_______/sir03 (注:sir03用户的家目录)
|────|_______/sir04 (注:sir04用户的家目录)
1.安装软件包
rpm -qa |grep samba (检查软件是否安装)
#rpm -ivh samba-common- 3.0.10-1.4E.6 (首先安装)
#rpm -ivh samba- 3.0.10-1.4E.6
#rpm -ivh samba-client- 3.0.10-1.4E.6 (客户端)
再次查看软件包是否安装完全
#rpm -qa|grep samba
2.服务器主要配置文件:
装好samba- 3.0.10-1.4E.6之后,会在/etc/samba/下形成以下几个文件 smb.conf smbpasswd smbusers lmhosts,如果没有其中的一个,我们可以touch创建。
3 共享权限设计实现的功能
领导(shcto)组对其他别的组有完全控制权限
各个部门有自己的空间具有完全控制权限且每个部门只能浏览本部门和公共可读可写空间。
所有部门有一个共用可读空间。
所有部门有一个可读可写空间。
各领导,助理有自己个人空间。
4 在服务器上创建相应的目录
mkdir -p /opt/shcto
cd /opt/
mkdir shcto
mkdir zhuli
mkdi Gasfication
mkdi Meoh
mkdi MTO
mkdi PE
mkdi PP
mkdi 'Air_separate'
mkdi 'Power_station'
mkdi Utility
mkdi HSE
mkdi Instrument
mkdi Eqipment
mkdi 'Deign_Depart'
mkdi 'Project_Control'
mkdi construction
mkdi Apartment_Building
mkdi Business_Depart
mkdi Human_Resources_Depart
mkdi Finacial_Depart
mkdi administration_office
mkdi party_work
mkdir shctoshare
mkdir shctorw
5 添加用户组,
groupadd shcto
groupadd zhuli
groupadd Gasfication
groupadd Meoh
groupadd MTO
groupadd PE
groupadd pp
groupadd Air_separate
groupadd Power_station
groupadd Utility
groupadd HSE
groupadd Instrument
groupadd Eqipment
groupadd Deign_Depart
groupadd Project_Control
groupadd Construction
groupadd Apartment_Building
groupadd Business_Depart
groupadd Human_Resources_Depart
groupadd Finacial_Depart
groupadd administration_office
groupadd party_work
6 添加系统用户:
adduser -g MTO -d /opt/MTO -s /sbin/nologin MTO
adduser -g shcto -d /opt/shcto -G 所有组 -s /bin/nologin shcto
其他用户添加以及一个组添加多个用户方法同上
说明:
Shcto -----用户名
X 表示设置了密码
501:505 用户ID号,组ID号
/opt/shcto 用户所能管辖的目录
/sbin/nologin 定义该用户为虚拟用户
7 添加samba用户,并设置密码
我们用的方法是先添加用户,但添加的这些用户都是虚拟用户,因为这些用户是不能通过SHELL登录系统的;另外值得注意的是系统用户密码和Samba用户的密码是不同的。如果您设置了系统用户能登入SHELL,可以设置用户的Samba密码和系统用户通过SHELL登录的密码不同。
我们通过smbpasswd 来添加Samba用户,并设置密码。原理是通过读取/etc/passwd文件中存在的用户名。
[root@localhost zhuli]# smbpasswd -a shcto
New SMB password: 注:在这里添加Samba用户linuxsir的密码;
Retype new SMB password: 注:再输入一次
其他samba用户同上一样的建立
8 设置相应目录家目录的权限
[root@ftpserver]# chmod 755 /opt/shcto
[root@ftpserver]# chown shcto:shcto /opt/shcto
[root@ftpserver]# cd /opt
[root@ftpserver]# chmod 775
[root@ftpserver]# chown zhuli:shcto zhuli
[root@ftpserver]#chown MTO:shcto MTO
.
.
.
.
.
[root@ftpserver]# chown shcto:shcto shctoshare
[root@ftpserver]# chmod 755 shctoshare
[root@ftpserver]# chown shcto:shcto shctorw
启用ACL:
POSIX ACL 的功能在 Linux kernel 2.6 上被正式支持,之后又被 back-port 到 2.4 kernel 上。大家常用的档案系统,如:ext3,xfs,jfs,和 ReiserFS,都能使用 ACL。我们只需编辑/etc/fstab让ACL启动即可。
相关的 kernel option:
• CONFIG_FS_POSIX_ACL
• CONFIG_EXT3_FS_POSIX_ACL
• CONFIG_EXT2_FS_POSIX_ACL
setfacl -m group:Administration_Office:rwx Administration_Office
setfacl -m group:Air_Sep:rwx Air_Sep
setfacl -m group:Apartment_Building:rwx Apartment_Building
setfacl -m group:Assistant:rwx Assistant
setfacl -m group:Business_Depart:rwx Business_Depart
setfacl -m group:Construction:rwx Construction
setfacl -m group:Deign_Depart:rwx Deign_Depart
setfacl -m group:Eqipment:rwx Eqipment
setfacl -m group:Finacial_Depart:rwx Finacial_Depart
setfacl -m group:Gasfication:rwx Gasfication
setfacl -m group:HSE:rwx HSE
setfacl -m group:Human_Resources_Depart:rwx Human_Resources_Depart
setfacl -m group:Instrument:rwx Instrument
setfacl -m group:MEOH:rwx MEOH
setfacl -m group:MTO:rwx MTO
setfacl -m group:Party_Work:rwx Party_Work
setfacl -m group:PE:rwx PE
setfacl -m group:Powder_Station:rwx Powder_Station
setfacl -m group:PP:rwx PP
setfacl -m group:Project_Control:rwx Project_Control
setfacl -m group:Utility:rwx Utility
9 配置SAMBA服务器
为每个组建立配置文件:
说明:红框表示用户组名。
(1)编辑主配置文件
Vi /etc/samba/smb.conf
[global]
workgroup = shcto
#定义主机所在网络上所属的NT域名或者工作组名称
netbios name = ftpserver
#定义Windows系统“网上邻居”中所见的机器名
server string = Linux Samba file Server
#对主机的说明信息,缺省是:Samba Server
security = user
#定义访问权限。访问权限由低到高有三种:share、user和server。其中share安全级别最低,user模式要求连接时输入用户名和口令
guest account = nobody
#不启用guest
;browseable = no
#不启用浏览功能
Config file = /etc/samba/smb.conf.%.G
#定义每个组都有一个配置文件,用于安全设置
[shcto]
comment = shctoadmin
#windows显示的共享名
path = /opt/shcto/
#共享文件路径
create mask = 0664
#定义用户在共享目录中创建文件权限,0664表示目录属主可读可写,目录属组可读可写,其他用户仅读权限
directory mask = 0664
#定义用户在共享目录中创建文件夹权限,0664表示目录属主可读可写,目录属组可读可写,其他用户仅读权限
writeable = yes
#启用写功能
valid users = @shcto
#定义对共享目录可控制的用户列表
browseable = no
[Administration_Office]
comment = Administration_Office
path = /opt/Administration_Office
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Administration_Office,@shcto
; browseable = yes
guest OK = no
[Air_Sep]
comment = Air_Sep
path = /opt/Air_Sep
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Air_Sep,@shcto
browseable = yes
guest OK = no
[Powder_Station]
comment = Powder_Station
path = /opt/Powder_Station
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @powder_station,@shcto
browseable = yes
guest OK = no
[PP]
comment = PP
path = /opt/PP
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @PP,@shcto
; browseable = yes
[Apartment_Building]
comment = Apartment_Building
path = /opt/Apartment_Building
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Apartment_Building,@shcto
; browseable = yes
[Project_Control]
comment = Project_Control
path = /opt/Project_Control
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Project_Control,@shcto
; browseable = yes
[Assistant]
comment = Assistant
path = /opt/Assistant
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Assistant,@shcto
; browseable = yes
[Utility]
comment = Utility
path = /opt/Utility
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Utility,@shcto
; browseable = yes
[Business_Depart]
comment = Business_Depart
path = /opt/Business_Depart
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Business_Depart,@shcto
; browseable = yes
[Construction]
comment = Construction
path = /opt/Construction
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Construction,@shcto
; browseable = yes
[Eqipment]
comment = Eqipment
path = /opt/Eqipment
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Eqipment,@shcto
; browseable = yes
[Finacial_Depart]
comment = Finacial_Depart
path = /opt/Finacial_Depart
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Finacial_Depart,@shcto
; browseable = yes
[Gasfication]
comment = Gasfication
path = /opt/Gasfication
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Gasfication,@shcto
; browseable = yes
[HSE]
comment = HSE
path = /opt/HSE
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @HSE,@shcto
; browseable = yes
[Human_Resources_Depart]
comment = Human_Resources_Depart
path = /opt/Human_Resources_Depart
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Human_Resources_Depart,@shcto
; browseable = yes
[Instrument]
comment = Instrument
path = /opt/Instrument
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Instrument,@shcto
; browseable = yes
[MEOH]
comment = MEOH
path = /opt/MEOH
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @MEOH,@shcto
; browseable = yes
[MTO]
comment = MTO
path = /opt/MTO
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @MTO,@shcto
; browseable = yes
[Party_Work]
comment = Party_Work
path = /opt/Party_Work
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Party_Work,@shcto
; browseable = yes
[PE]
comment = PE
path = /opt/PE
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @PE,@shcto
; browseable = yes
[Deign_Depart]
comment = Deign_Depart
path = /opt/Deign_Depart
create mask = 0664
directory mask = 0775
writeable = yes
valid users = @Deign_Depart,@shcto
; browseable = yes
[shctoshare]
path = /opt/shcto/shctoshare
writeable = yes
browseable = yes
guest ok = yes
[shctorw]
path = /opt/shcto/shctorw
writeable = yes
browseable = yes
guest ok = yes
[ZJL]
comment = ZJL
path = /opt/ZJL
create mask = 0664
directory mask = 0775
writeable = yes
valid user = ZJL
browseable = yes
[YG]
comment = YG
path = /opt/YG
create mask = 0664
directory mask = 0775
writeable = yes
valid users = YG
browseable = yes
[HHZ]
comment = HHZ
path = /opt/HHZ
create mask = 0664
directory mask = 0775
writeable = yes
valid users = HHZ
; browseable = yes
[WXS]
comment = WXS
path = /opt/WXS
create mask = 0664
directory mask = 0775
writeable = yes
valid users = WXS
; browseable = yes
[JJW]
comment = JJW
path = /opt/JJW
create mask = 0664
directory mask = 0775
writeable = yes
valid users = JJW
; browseable = yes
[TYS]
comment = TYS
path = /opt/TYS
create mask = 0664
directory mask = 0775
writeable = yes
valid users = TYS
; browseable = yes
[MDY]
comment = MDY
path = /opt/MDY
create mask = 0664
directory mask = 0775
writeable = yes
valid users = MDY
; browseable = yes
[LJH]
comment = LJH
path = /opt/LJH
create mask = 0664
directory mask = 0775
writeable = yes
valid users = LJH
; browseable = yes
在安全上做进一步配置,为每个部门组建立配置文件:
说明: 上图为administration_office部门的配置文件,
本部门目录设置为:browseable = yes ,其他部门目录设置为:browseable = no来满足我们的需求。
10.启动服务
Service smb start --------启动服务
Service smb stop --------停止服务
Service smb restart ---------重新启动服务
如图:
11.在Windows中访问Linux Samba服务器共享文件的办法
在网上领居,查看工作组就能看得到,或者在浏览器上输入如下的
\\ftp.shcto.com
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/56782/showart_441583.html |
|
免费注册
发表于 2007-12-13 13:50