zoukankan      html  css  js  c++  java

  • linux下samba服务器的搭建(案列模拟)

    模拟案列:

    ABC公司有4个部门:sales+design+develop+ops

    现在要分别给这四个部门设立各自独立的共享文件夹和一个都能读写的share文件夹

    考虑到误删或者恶意删除同部门其他员工的文件,需要用到sticky属性,sticky一般作用在目录上,一旦作用了,那么这么目录下的文件只能由文件创始人或者root删除。

    开干!

    Step1 创建目录结构

    mkdir -p /ABC/{design,sales,develop,ops,share{design,sales,develop,ops}}
    
[root@localhost ABC]# tree     /ABC/
/ABC/
|-- design
|-- develop
|-- ops
|-- sales
`-- share
    |-- design
    |-- develop
    |-- ops
    `-- sales

    Step2 添加账户

    我们为每个部门创建2个用户,编写脚本user.sh

    #/bin/bash
#
DEPART=(sales design develop ops)
for g in ${DEPART[@]};do
    groupadd $g
    for i in $(seq 1 2);do
        useradd -M -s /sbin/nologin -g ${g} ${g}$i
    done
done

    Step3 配置smb.conf

    #======================= Global Settings =====================================

[global]
        workgroup = SAMBA
        server string = Samba Server
        netbios name = SAMBA
# --------------------------- Logging Options -----------------------------
        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50
# ----------------------- Standalone Server Options ------------------------
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
#============================ Share Definitions ==============================
;[homes]
;       comment = Home Directory
;        browseable = no
;        writeable = no
[sales]
        comment = sales share
        path = /ABC/sales
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[design]
        comment = design share
        path = /ABC/design
        browsable = yes
        guest ok = no
        writable = no
        write list = @design
[develop]
        comment = develop share
        path = /ABC/develop
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[ops]
        comment = ops share
        path = /ABC/ops
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[share]
        comment = public share
        path = /ABC/share
        browsable = yes
        guest ok = no
        writable = yes

    Step4.设定权限

    chown :design /ABC/design

    chown :sales /ABC/sales

    chown :develop /ABC/develop

    chown :ops /ABC/ops

    chown :design /ABC/share/design

    chown :sales /ABC/share/sales

    chown :develop /ABC/share/develop

    chown :ops /ABC/share/ops

    chmod 1770 /ABC/{design,sales,ops,develop}

    chmod 775 /ABC/share

    chmod 1775 /ABC/share/{design,sales,ops,develop}

    最后阶段:测试效果

    以sales1用户为例,

    相对根目录:sales1无法进入除了sales和share文件夹以外的其他目录。

    相对sales目录:sales1可以新建,删除自己的文件。但无法删除sales2建立的文件(sticky起作用了)

    相对share目录:sales1可以访问所有目录但只在sales目录内有写权限,同样由于设置了sticky权限,sales1无法删除sales2建立的文件。

    至此,完成
  • 相关阅读:
    C++结构体内重载、this指针和友元函数(初步了解)
    数据结构—造树计划—二叉搜索树
    PTA顺序的分数
    PTA兼容任务
    PTA航船
    UML-基于GRASP对象设计步骤
    UML-设计对象时涉及的制品有哪些?
    UML-什么是用例实现(场景实现)?
    UML-如何使用GRASP进行对象设计?
    日志总结
  • 原文地址:https://www.cnblogs.com/nickqian/p/4040052.html
Copyright © 2011-2022 走看看