使用Samba文件共享服务
Samba起源:
早期网络想要在不同主机之间共享文件大多要用FTP协议来传输,但FTP协议仅能做到传输文件却不能直接修改对方主机的资料数据,这样确实不太方便,于是便出现了NFS开源文件共享程序:NFS(NetworkFile System)是一个能够将多台Linux的远程主机数据挂载到本地目录的服务,属于轻量级的文件共享服务,不支持Linux与 Windows系统间的文件共享。
随后在1991年时大学生Tridgwell为了解决Linux与Windows系统之间共享文件的问题,便开发出了SMB协议与Samba服务程序。
SMB(Server Messages Block)协议:实现局域网内文件或打印机等资源共享服务的协议。当时Tridgwell想要注册SMBServer这个商标,但却被因为SMB是没有意义的字符被拒绝了,经过Tridgwell不断翻看词典,终于找到了一个拉丁舞蹈的名字——SAMBA,而这个热情舞蹈的名字中又恰好包含了SMB(SAMBA),于是这便是Samba程序名字的由来。
Samba服务程序是一款基于SMB协议并由服务端和客户端组成的开源文件共享软件,实现了Linux与Windows系统间的文件共享
1 samba安装
[root@qdlinux ~]# yum install samba cifs-utils -y
2 启动服务加入开机自启动
[root@qdlinux ~]# systemctl start smb
[root@qdlinux ~]# systemctl enable smb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
[root@qdlinux ~]# ss -lntup | grep smb
tcp LISTEN 0 50 *:139 *:* users:(("smbd",pid=1095,fd=38))
tcp LISTEN 0 50 *:445 *:* users:(("smbd",pid=1095,fd=37))
tcp LISTEN 0 50 :::139 :::* users:(("smbd",pid=1095,fd=36))
tcp LISTEN 0 50 :::445 :::* users:(("smbd",pid=1095,fd=35))
3 配置samba
[root@qdlinux ~]# mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[root@qdlinux ~]# cat /etc/samba/smb.conf.bak | grep -v "#" | grep -v ";" | grep -v "^$" > /etc/samba/smb.conf
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = root
create mask = 0664
directory mask = 0775
4 修改配置文件如下
[root@qdlinux ~]# vim /etc/samba/smb.conf
[root@qdlinux ~]# cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[share]
comment = This is share /data/samba/share
path = /data/samba/share
public = no
writable = yes
5 添加一个用户用于访问共享资源
[root@qdlinux ~]# useradd samba_user
[root@qdlinux ~]# usermod -s /sbin/nologin samba_user
[root@qdlinux ~]# pdbedit -L
[root@qdlinux ~]# pdbedit -a -u samba_user
new password:
retype new password:
Unix username: samba_user
NT username:
Account Flags: [U ]
User SID: S-1-5-21-351179206-2754336130-384069223-1000
Primary Group SID: S-1-5-21-351179206-2754336130-384069223-513
Full Name:
Home Directory: \qdlinuxsamba_user
HomeDir Drive:
Logon Script:
Profile Path: \qdlinuxsamba_userprofile
Domain: QDLINUX
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Tue, 14 Aug 2018 19:37:44 CST
Password can change: Tue, 14 Aug 2018 19:37:44 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@qdlinux ~]# chown -Rf samba_user.samba_user /data/samba/share/
6 重启服务测试
[root@qdlinux ~]# systemctl restart smb
7 发现windows不能访问所共享的内容,解决方法如下
[root@qdlinux ~]# iptables -F
[root@qdlinux ~]# firewall-cmd --permanent --add-service=samba
success
[root@qdlinux ~]# firewall-cmd --reload
success
[root@qdlinux ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_load_libgfapi --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
tmpreaper_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off
[root@qdlinux ~]# setsebool -P samba_enable_home_dirs on
[root@qdlinux ~]# setsebool -P samba_export_all_rw on
匿名访问成功