| linux挂载共享 | NFS服务器端 | NFS客户端 | ||
| 1 | yum install samba | yum install cifs-utils | iptables -F | yum install nfs-utils |
| 2 | grep -v "#" smb.conf.bak | grep -v ";" | grep -v "^$" > smb.conf |
vim auth.smb username=zhxu |
service iptables save | ping 192.168.10.77 |
| 3 | pdbedit -a -u zhxu | chmod 600 auth.smb | mkdir /database | showmount -e 192.168.10.77 |
| 4 | mkdir /database | mkdir /database | echo "welcome hahaha" > /database/readme.txt | mkdir /database |
| 5 | getsebool -a | grep samba | echo "//192.168.10.77/home/database /root/database cifs credentials=/root/auth.smb 0 0" >> /etc/fstab #database为smb.conf中的唯一标识符 | chmod -Rf 777 /database/ | vim /etc/fstab 192.168.10.77:/database /database nfs defaults 0 0 |
| 6 | setsebool -P samba_export_all_rw=on | mount -a | vim /etc/exports /database 192.168.10.87(rw,sync,root_squash) #注意7(之间没有空格 | mount -a |
| 7 | [database] #唯一标识符 comment= this is my persional db path= /database public= no writable= yes |
export -a #共享的同步 | mount -t nfs 192.168.10.77:/db /database #挂载 |
|
| 8 | systemctl restart smb | systemctl restart nfs-server |
vim /etc/fstab 192.168.10.77:/db /database nfs defaults 0 0 |
|
| 9 | systemctl enable smb | systemctl enable nfs-server | ||
| 10 | iptables -F | |||
| 11 | service iptables save |
————————————————————————————————————————————————————————————————
12.1 samba文件共享服务
————————————————————————————————————————————————————————————————
[root@localhost ~]# yum install samba
[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# ll
total 16
-rw-r--r--. 1 root root 20 Apr 4 2014 lmhosts
-rw-r--r--. 1 root root 11630 Apr 4 2014 smb.conf
[root@localhost samba]# mv smb.conf smb.conf.bak
[root@localhost samba]# grep -v "#" smb.conf.bak | grep -v ";" | grep -v "^$" > smb.conf
[root@localhost samba]# cat smb.conf #查看samba主配置文件
[global]
workgroup = MYGROUP
server string = Microsoft Windows 2003
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
————————————————————————————————————————————————————————————————
12.1.1 配置共享资源
————————————————————————————————————————————————————————————————
#创建可访问共享资源的账户
[root@localhost samba]# pdbedit -a -u zhxu
new password:
retype new password:
Unix username: zhxu
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1575835277-705466844-2556200243-1000
Primary Group SID: S-1-5-21-1575835277-705466844-2556200243-513
Full Name: zhxu
Home Directory: \localhostzhxu
HomeDir Drive:
Logon Script:
Profile Path: \localhostzhxuprofile
Domain: LOCALHOST
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 23:06:39 CST
Kickoff time: Wed, 06 Feb 2036 23:06:39 CST
Password last set: Thu, 13 Dec 2018 11:31:36 CST
Password can change: Thu, 13 Dec 2018 11:31:36 CST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
[root@localhost samba]#
#创建用于共享资源的文件目录
在创建时,不仅要考虑到文件读写权限的问题,而且由于/home目录是系统中普通用户的家目录,因此还需要考虑应用于该目录的SELinux安全上下文所带来的限制。在前面对Samba服务程序配置文件中的注释信息进行过滤时,这些过滤的信息中就有关于SELinux安全上下文策略的说明,我们只需按照过滤信息中有关SELinux安全上下文策略中的说明中给的值进行修改即可。修改完毕后执行restorecon命令,让应用于目录的新SELinux安全上下文立即生效。
[root@localhost samba]# cd /home/
[root@localhost home]# ls -l
total 4
drwx------. 14 zhxu zhxu 4096 Dec 13 11:22 zhxu
[root@localhost home]# mkdir database
[root@localhost home]# chown -Rf zhxu:zhxu /home/database/
[root@localhost home]# ls -ldZ database/
drwxr-xr-x. zhxu zhxu unconfined_u:object_r:home_root_t:s0 /home/db/
[root@localhost home]# semanage fcontext -a -t samba_share_t /home/database
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
[root@localhost home]# restorecon
usage: restorecon [-iFnprRv0] [-e excludedir] pathname...
usage: restorecon [-iFnprRv0] [-e excludedir] -f filename
[root@localhost home]# restorecon -Rv /home/database/
restorecon reset /home/database context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:samba_share_t:s0
[root@localhost home]#
#设置SELinux服务与策略
使其允许通过Samba服务程序访问普通用户家目录。执行getsebool命令,筛选出所有与Samba服务程序相关的SELinux域策略,根据策略的名称(和经验)选择出正确的策略条目进行开启即可。
[root@localhost home]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@localhost home]# setsebool
Usage: setsebool [ -NPV ] boolean value | bool1=val1 bool2=val2...
[root@localhost home]# setsebool -P samba_export_all_rw=on
[root@localhost home]#
#在Samba服务程序的主配置文件中,写入共享信息
[global]
workgroup = MYGROUP
server string = Windows X
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
[database] #唯一标识符
comment= this is my persional db
path= /home/database
public= no
writable= yes
#重启smb服务,关闭iptables防火墙
[root@localhost home]# systemctl restart smb
[root@localhost home]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@localhost home]# systemctl status smb
smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled)
Active: active (running) since Thu 2018-12-13 12:06:36 CST; 13s ago
Main PID: 33327 (smbd)
Status: "smbd: ready to serve connections..."
CGroup: /system.slice/smb.service
├─33327 /usr/sbin/smbd
└─33328 /usr/sbin/smbd
Dec 13 12:06:36 localhost.localdomain smbd[33326]: [2018/12/13 12:06:36.402315, 0] ../source3/smbd/server.c:1278(main)
Dec 13 12:06:36 localhost.localdomain systemd[1]: smb.service: Supervising process 33327 which is not our child. We'll most likely n... exits.
Dec 13 12:06:36 localhost.localdomain smbd[33327]: [2018/12/13 12:06:36.668075, 0] ../lib/util/become_daemon.c:136(daemon_ready)
Dec 13 12:06:36 localhost.localdomain systemd[1]: Started Samba SMB Daemon.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost home]# iptables -F #清空防火墙策略
[root@localhost home]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
#验证
————————————————————————————————————————————————————————————————
12.1.2 linux挂在共享
————————————————————————————————————————————————————————————————
samba不仅能在windows和linux系统之间共享资源,还可以在linux和linux之间共享文件。
#Linux客户端,安装cifs-utils
[root@rhel7-87 ~]# yum install cifs-utils
#Linux客户端,添加认证文件并设置权限为600
[root@rhel7-87 ~]# vim auth.smb
[root@rhel7-87 ~]# ll
total 12
-rw-------. 1 root root 1203 Dec 13 2018 anaconda-ks.cfg
-rw-r--r--. 1 root root 44 Dec 13 14:43 auth.smb
-rw-r--r--. 1 root root 1254 Dec 13 14:25 initial-setup-ks.cfg
[root@rhel7-87 ~]# chmod 600 auth.smb
[root@rhel7-87 ~]# ll
total 12
-rw-------. 1 root root 1203 Dec 13 2018 anaconda-ks.cfg
-rw-------. 1 root root 44 Dec 13 14:43 auth.smb
-rw-r--r--. 1 root root 1254 Dec 13 14:25 initial-setup-ks.cfg
#Linux客户端上创建可以挂在samba服务器的路径,并设置永久挂载生效。
[root@rhel7-87 ~]# mkdir database
[root@rhel7-87 ~]# echo "//192.168.10.77/home/database /root/database cifs credentials=/root/auth.smb 0 0" >> /etc/fstab #database为smb.conf中的唯一标识符
[root@rhel7-87 ~]# mount -a
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.9G 14G 23% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 148K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /media/cdrom
//192.168.10.77/database 18G 3.0G 15G 17% /database
[root@localhost ~]#
[root@localhost ~]# ls -l /database/ #在linux客户端上查看samba服务器端的文件
total 1024
-rwxr--r--. 1 zhxu zhxu 34 Dec 13 21:10 test.txt
————————————————————————————————————————————————————————————————
12.2 NFS(网络文件系统)
需要共享文件的主机都是Linux系统,可以在客户端部署NFS服务来共享文件。NFS(网络文件系统)服务可以将远程Linux系统上的文件共享资源挂载到本地主机的目录上,从而使得本地主机(Linux客户端)基于TCP/IP协议,像使用本地主机上的资源那样读写远程Linux系统上的共享文件。
————————————————————————————————————————————————————————————————
服务器端
#清空NFS服务器上面iptables防火墙的默认策略,以免默认的防火墙策略禁止正常的NFS共享服务。
[root@rhel77 Desktop]# iptables -F
[root@rhel77 Desktop]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@rhel77 Desktop]#
#在NFS服务器上建立用于NFS文件共享的目录,并设置足够的权限确保其他人也有写入权限。
[root@rhel77 ~]# mkdir /database
[root@rhel77 ~]# cd /database/
[root@rhel77 database]# echo "welcome hahaha" > readme.txt
[root@rhel77 database]# chmod -Rf 777 /database/
[root@rhel77 database]# ls -ld /database/
drwxrwxrwx. 2 root root 23 Dec 13 21:44 /database/
[root@rhel77 database]#
#NFS服务程序的配置文件为/etc/exports,默认情况下里面没有任何内容。我们可以按照“共享目录的路径 允许访问的NFS客户端(共享权限参数)”的格式,定义要共享的目录与相应的权限。
[root@rhel77 database]# vim /etc/exports
/database 192.168.10.87(rw,sync,root_squash) #注意7(之间没有空格
[root@rhel77 database]# export -a #共享的同步
[root@rhel77 database]# systemctl restart nfs-server
[root@rhel77 database]# systemctl enable nfs-server
ln -s '/usr/lib/systemd/system/nfs-server.service' '/etc/systemd/system/nfs.target.wants/nfs-server.service'
[root@rhel77 database]#
客户端
#安装NFS
[root@87 ~]# yum install nfs-utils
#ping 服务器端
[root@87 ~]# ping 192.168.10.77
PING 192.168.10.77 (192.168.10.77) 56(84) bytes of data.
64 bytes from 192.168.10.77: icmp_seq=1 ttl=64 time=0.734 ms
64 bytes from 192.168.10.77: icmp_seq=2 ttl=64 time=0.508 ms
^C
--- 192.168.10.77 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1004ms
rtt min/avg/max/mdev = 0.508/0.621/0.734/0.113 ms
[root@87 ~]#
#先使用showmount命令(以及必要的参数,见表12-8)查询NFS服务器的远程共享信息,其输出格式为“共享的目录名称 允许使用客户端地址”。
[root@87 ~]# showmount -e 192.168.10.77
Export list for 192.168.10.77:
/database 192.168.10.87
[root@87 ~]#
[root@87 ~]# mkdir /database
[root@87 ~]# vim /etc/fstab
192.168.10.77:/database /database nfs defaults 0 0
[root@87 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.9G 14G 23% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 148K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/zhxu/RHEL-7.0 Server.x86_64
[root@87 ~]# mount -a
[root@87 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 18G 3.9G 14G 23% /
devtmpfs 985M 0 985M 0% /dev
tmpfs 994M 148K 994M 1% /dev/shm
tmpfs 994M 8.9M 986M 1% /run
tmpfs 994M 0 994M 0% /sys/fs/cgroup
/dev/sda1 497M 119M 379M 24% /boot
/dev/sr0 3.5G 3.5G 0 100% /run/media/zhxu/RHEL-7.0 Server.x86_64
192.168.10.77:/database 18G 2.9G 15G 17% /database
[root@87 ~]#
#在NFS客户端创建一个挂载目录。使用mount命令并结合-t参数,指定要挂载的文件系统的类型,并在命令后面写上服务器的IP地址、服务器上的共享目录以及要挂载到本地系统(即客户端)的目录。
[root@87 ~]# cd /database/
[root@87 database]# ls -l
total 4
-rwxrwxrwx. 1 root root 15 Dec 13 21:44 readme.txt
[root@87 ~]# mount -t nfs 192.168.10.77:/db /database #挂载
#挂载成功后就应该能够顺利地看到在执行前面的操作时写入的文件内容了。如果希望NFS文件共享服务能一直有效,则需要将其写入到fstab文件中:
[root@87 ~]# cat /database/readme.txt
hello, samba
[root@87 ~]# vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Dec 13 14:01:28 2018
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 1 1
UUID=261a5050-2663-4d33-bc7c-b215a1aa7081 /boot xfs defaults 1 2
/dev/mapper/rhel-swap swap swap defaults 0 0
//192.168.10.77/data /database cifs credentials=/root/auth.smb 0 0
192.168.10.77:/db /database nfs defaults 0 0
————————————————————————————————————————————————————————————————
12.3 autofs 自动挂载服务
我们将挂载信息填入/etc/fstab文件后,系统在每次开机时都自动将其挂载,而autofs服务程序则是在用户需要使用该文件系统时才去动态挂载,从而节约了网络资源和服务器的硬件资源。
————————————————————————————————————————————————————————————————