Shulou(Shulou.com)06/02 Report--

Recently, our small team needs to divide a shared folder on the server for everyone to store public resource documents. You think, this must be very simple. Under Windows, as long as you create a relevant windows account, share a folder, and give read / write permissions to the account we created, you will complete the sharing, but it is not so beautiful under Linux. Online access to resources mostly points to the completion of sharing tasks through Samba. But some blog only describes how to do it, but there is no reason to do so, the construction work is not very smooth, not familiar with Linux, take a lot of detours, so through this blog in-depth understanding of each step.

A brief introduction to Samba

Samba is a free software that implements SMB protocol on Linux and UNIX systems, which is composed of server and client programs. This is nonsense. .. Let's see something interesting. The author Tridgwell applied to use SMBServer (short for Server Message Block) to register the trademark of the software, because SMB is a meaningless word and there is no way to register. Then he looked up the dictionary and saw that SAMBA contained exactly a few letters of SMB, which is also the name of the Latin dance that we are familiar with, and then came the name 🙄. (from encyclopedia)

Set up a Samba shared directory. If you need to access the shared directory in the form of username / password, we need to first create a user of Linux, and then create a samba user through smbpasswd (the user name needs to be consistent). The original text is here:

To provide authentication ona standalone host, you have to create the accounts locally on the operating system and additionally in the Samba database. By default, Samba uses the tdbsam back end and stores the database in the / usr/local/samba/private/passdb.tdb file. Optionally set a different location in the smb.conf file using the passdb backend parameter. See the smb.conf 5 man page for details (from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server).

Set up a shared directory that requires user name verification

1. For users who create a shared directory, we use group here to demonstrate

Groupadd smbgrpuseradd fielshare-s / sbin/nologin-g smbgrp-p # create a smb user with the same name. Here the password and the password of the local user are completely independent. We finally use the user smbpasswd-a fielshare created through smbpasswd.

2. Create a working directory that needs to be shared, and set the permissions of the folder

Mkdir-p / srv/samba/securechmod-R 0770 / srv/samba/securechown-R root:smbgrp / srv/samba/secure

Set up a Samba shared directory. If you need to access the shared directory in the form of username / password, we need to first create a user of Linux, and then create a samba user through smbpasswd (the user name needs to be consistent). The original text is here:

3. Modify the security above

Chcon-t samba_share_t / srv/samba/secure

This command is the command under SELinux (see Security-Enhanced Linux for details), which switches / srv/samba/securel to the context of samba.

4. Modify the configuration file smb.conf

Before we modify the configuration file, let's make a backup in case of an accident.

Cp / etc/samba/smb.conf / etc/samba/smb.conf.orig

We have the following things to do here:

1. Change workgroup to WORKGROUP under [global] section (that is, the name of the work level seen by my computer = > property = > computer name)

two。 Set the netbios name under [global], which can be any, which is the computer name we see under my neighbor.

3. Make sure that security is set to user under [global].

4. Add configuration for a shared directory

# to expose the folder name [share] comment = Secure File Server Share # to the shared directory path = / srv/samba/secure # accessible users, separate multiple users with a space, turn off anonymous access for the user group valid users = @ smbgrp #, and set it to no guest ok = no writable = yes browsable = yes

The entire smb.conf file is as follows:

# See smb.conf.example for a more detailed config file or# read the smb.conf manpage.# Run 'testparm' to verify the config is correct after# you modified it. [global] workgroup = WORKGROUP netbios name = centos security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = no cups options = raw [printers] comment = All Printers path = / var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = / var/lib/samba/drivers write list = @ printadmin root force group = @ printadmin create mask = 0664 directory mask = 0775 [share] comment = secure file share path = / srv/samba/secure valid users = @ smbgrp guest ok = no writable = yes browsable = yes browseable = yes

Note that smb.conf has a [home] node by default. If you don't want a folder with the same name as the user name, delete it.

Finish editing and save the configuration file

After executing testparm, you will get a similar result, that is, there is no problem with the configuration file.

[root@localhost software] # testparmLoad smb config files from / etc/samba/smb.confrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[printers]" Processing section "[print$]" Processing section "[share]" Loaded services file OK.Server role: ROLE_STANDALONEPress enter to see a dump of your service definitions# Global parameters [global] load printers = No netbios name = CENTOS-SHARE printcap name = cups security = USER idmap config *: backend = tdb cups options = raw [printers] browseable = No comment = All Printers create mask = 0600 path = / var/tmp printable = Yes [print$] comment = Printer Drivers create mask = 0664 directory mask = 0775 force group = @ printadmin path = / var/lib/samba/drivers write list = @ printadmin root [share] comment = secure file share path = / home/share read only = No valid users = @ smbgrp [root @ localhost software] #

5. Restart the samba service and open my computer for testing

Systemctl restart smb.servicesystemctl restart nmb.service

Since the test machine and the Linux host are not on the same network, my neighbor CENTOS-SHARE can not be found in my neighbor. Here I visit directly through IP

6. Don't forget to add a firewall, or you won't see your neighbors.

Firewall-cmd-permanent-zone=public-add-service=sambafirewall-cmd-reload

Summary

Here only demonstrates the use of user name authentication mode to share folders, mainly for Windows, students who are not familiar with this area can try to share anonymously. In the process of setting up, I came into contact with something SELinux that I had not touched before, and there are still a lot of things in this area. There are many articles about the use of SAMBA on the Internet, and the purpose of writing this blog is to tell you how to use it from multiple perspectives.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.