linux下samba服务器的搭建（案列模拟）

模拟案列：

ABC公司有4个部门：sales+design+develop+ops

现在要分别给这四个部门设立各自独立的共享文件夹和一个都能读写的share文件夹

考虑到误删或者恶意删除同部门其他员工的文件，需要用到sticky属性，sticky一般作用在目录上，一旦作用了，那么这么目录下的文件只能由文件创始人或者root删除。

开干！

Step1 创建目录结构

mkdir -p /ABC/{design,sales,develop,ops,share{design,sales,develop,ops}}

[root@localhost ABC]# tree /ABC/
/ABC/
|-- design
|-- develop
|-- ops
|-- sales
`-- share
    |-- design
    |-- develop
    |-- ops
    `-- sales

Step2 添加账户

我们为每个部门创建2个用户，编写脚本user.sh

#/bin/bash
#
DEPART=(sales design develop ops)
for g in ${DEPART[@]};do
    groupadd $g
    for i in $(seq 1 2);do
        useradd -M -s /sbin/nologin -g ${g} ${g}$i
    done
done

Step3 配置smb.conf

#======================= Global Settings =====================================

[global]
        workgroup = SAMBA
        server string = Samba Server
        netbios name = SAMBA
# --------------------------- Logging Options -----------------------------
        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50
# ----------------------- Standalone Server Options ------------------------
        security = user
        passdb backend = tdbsam
        load printers = yes
        cups options = raw
#============================ Share Definitions ==============================
;[homes]
;       comment = Home Directory
;        browseable = no
;        writeable = no
[sales]
        comment = sales share
        path = /ABC/sales
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[design]
        comment = design share
        path = /ABC/design
        browsable = yes
        guest ok = no
        writable = no
        write list = @design
[develop]
        comment = develop share
        path = /ABC/develop
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[ops]
        comment = ops share
        path = /ABC/ops
        browsable = yes
        guest ok = no
        writable = no
        write list = @sales
[share]
        comment = public share
        path = /ABC/share
        browsable = yes
        guest ok = no
        writable = yes

Step4.设定权限

chown :design /ABC/design

chown :sales /ABC/sales

chown :develop /ABC/develop

chown :ops /ABC/ops

chown :design /ABC/share/design

chown :sales /ABC/share/sales

chown :develop /ABC/share/develop

chown :ops /ABC/share/ops

chmod 1770 /ABC/{design,sales,ops,develop}

chmod 775 /ABC/share

chmod 1775 /ABC/share/{design,sales,ops,develop}

最后阶段：测试效果

以sales1用户为例，

相对根目录：sales1无法进入除了sales和share文件夹以外的其他目录。

相对sales目录：sales1可以新建，删除自己的文件。但无法删除sales2建立的文件（sticky起作用了）

相对share目录：sales1可以访问所有目录但只在sales目录内有写权限，同样由于设置了sticky权限，sales1无法删除sales2建立的文件。

至此，完成