Shulou(Shulou.com)06/02 Report--

File sharing service-Samba

=

Samba introduction

★ smb:Service Message Block; Service Information Block

★ cifs:Common Internet File System

★ samba: author: Andrew Tridgell

In fact, it is the implementation of smb function, and the main protocol implemented in the core is cifs protocol.

★ function:

File system sharing

NetBIOS protocol (for hostname resolution on Windows networks)

Printing service

Samba installation configuration

1) Program environment

★ samba installation

# yum install samba-y

★ main configuration file

/ etc/samba/smb.conf

★ main program:

/ usr/sbin/nmbd:

Network Naming Service, mainly to complete NetBIOS name resolution

/ usr/sbin/smbd:

SMB/CIFS Service; core main program to complete SMB/CIFS service

★ Unit File

/ usr/lib/systemd/system/nmb.service

/ usr/lib/systemd/system/smb.service

Port on which ★ listens:

UDP:137/udp, 138/udp

TCP:139/tcp, 445/tcp

★ client program:

Mount-t cifs = mount.cifs

Smbclient: interactive command line client tool

2) configuration of samba

/ etc/samba/smb.conf

★ main configuration file: / etc/samba/smb.conf

[root@centos7 ~] # cd / etc/samba [root@centos7 samba] # lslmhosts smb.conf [root@centos7 samba] # cp smb.conf { .bak} # first back up [root@centos7 samba] # lslmhosts smb.conf smb.conf.bak [root@centos7 samba] # grep-I-E "^ # [[: space:]] * (= | -) +" smb.conf # filter out configuration segment #-#-# global configuration segment # = Global Settings = = # -Network-Related Options-#-- Logging Options-- -Standalone Server Options-#-Domain Members Options-#-Domain Controller Options-#-Browser Control Options-#-- Name Resolution- -#-- Printing Options-#-- File System Options -# = = Share Definitions = # user-defined shared configuration segment

Two types of configuration segments for ★:

◎ global configuration

[global]

Workgroup = MYGROUP workgroup model is used to define workgroups

Server string = Samba Server Version% v define prompt information

Interfaces = lo eth0 192.168.12.2 pick 24 192.168.13.2 pick 24 indicate the address or network interface to listen on

Hosts allow = 127.00. 192.168.12. 192.168.13. Access control, equivalent to whitelist

Log file = / var/log/samba/log.%m each client will use its own dedicated log file

Max log size = 50 indicates the log file size. Default is KB.

Security = user defines the security level, and user provides the account number and password

Share (depricated) anonymous sharing

Server (depricated) implements centralized identity authentication

Domain

Passdb backend = the storage format of the tdbsam account password

Load printers = whether the printer driver is loaded when the yes samba service starts

Cups options = the service mode of the raw universal printer

◎ shared file system:

[shared_ID]

There are three categories:

[homes]: whether each samba user can access his or her home directory through samba service

[printers]: printing service

[shared_FS]: user-defined shared directory

Common instructions:

Comment: comment information

Path: local file system path

Browseable: whether browsable or visible to the user

Guest ok: whether to allow guest accounts (anonymous users) to access

Public: whether it is open to all guests

Writable: whether it is writable

Writable=YES and read only = no are the same.

Write list: a list of users or groups with write permission

User name

@ group name = + group name

2) samba user Management

★ command:

Smbpasswd, pdbedit

1) smbpasswd

Syntax:

Smbpasswd [OPTIONS] USERNAME (system user)

Options:

-a: add

-x: deletin

-d: disabled

-e: enable

2) pdbedit:

-L: lists all users in the samba service

-a: add a user as a samba user

-u USERNAME:

-x: deletin

-t: receive password from standard output

★ access service:

The ☉ smbclient interactive client program:

View shares on the target service

Smbclient-L SMB_SERVER [- U USERNAME]

Access to shared services

Smbclient / / SMB_ server [/ SHARE_NAME] [- U USERNAME]

☉ mount.cifs

Mount-t cifs / / SMB_SERVER/SHARED_ID / MOUNT_POINT-o username=USER,password=PASS (indicates user identity and password)

Note:

The user in the mount operation directly has a mapping relationship with the user specified in the-o option; the access mount runs as the user specified in the-o option and maps with the local user as ID

How ★ customizes sharing:

[shared_ID]

Comment =

Path =

Guest ok =

Read only =

Public =

Browseable =

Write list =

☉ Note:

Defining write permissions for all users at the service level write = yes (read only = no) is not recommended for use with write list

Command demonstration:

1. Add user

[root@centos7] # pdbedit-a-u tao # add user new password:retype new password:Unix username: taoNT username: Account Flags: [U] User SID: Smur1-5-21-1194301372-4224252613-970535052-1000Primary Group SID: Smur1-5-21-1194301372-4224252613-970535052-513Full Name: Home Directory:\\ centos7\ taoHomeDir Drive: Logon Script: Profile Path:\\ centos7\ tao\ profileDomain: CENTOS7Account desc: Workstations: Munged dial: Logon time: 0Logoff time: Wed 06 Feb 2036 23:06:39 CSTKickoff time: Wed, 06 Feb 2036 23:06:39 CSTPassword last set: Tue, 18 Oct 2016 23:24:50 CSTPassword can change: Tue 18 Oct 2016 23:24:50 CSTPassword must change: neverLast bad password: 0Bad password count: 0Logon hours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF [root@centos7 ~] # pdbedit-L # list samba user tao:1000: [root@centos7 ~] # pdbedit-a-u xiu # add another user xiu [root@centos7 ~] # pdbedit-L tao:1000:xiu:1001:

Start the samba service and check the port number

[root@centos7 ~] # systemctl start nmb.service smb.service [root@centos7 ~] # ss-unl # View udp port 137138State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *: 68 *: * UNCONN 0 0 192.168.1.255VR 137 *: * UNCONN 0 0 192.168.1.15 137 *: * UNCONN 0 0 *: 137 *: * UNCONN 0 0 192.168.1.255 purl 138 *: * UNCONN 0 0 192.168.1.15 UNCONN 138 *: * UNCONN 0 0 *: 138*: * UNCONN 0 0127.0.0.1 purl 323 *: * UNCONN 0 0 *: 34320 *: * UNCONN 0 0 : 10025:: * UNCONN 00:: 1Partition 323 : * [root@centos7 ~] # ss-tnl # View tcp protocol port 139445State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 127.0.0.1 6012 *: * LISTEN 0 50 *: 445 *: * LISTEN 0 50 *: 3306 *: * LISTEN 0 50 *: 139 *: * LISTEN 0128 *: 22 *: * LISTEN 0 128 127.0.1 VR 631 *: * LISTEN 0 100 127.0.0.1 25 *: * LISTEN 0 128 127.0.0 .1VR 6010 *: * LISTEN 0 128 127.0.1RV 6011 *: * LISTEN 0 128:: 1 6012: * LISTEN 0 50 : 445: * LISTEN 0 50: 139 : * LISTEN 0 128:: 22:: * LISTEN 0 128 :: 1 LISTEN 631: * 100:: 1:25 : * LISTEN 0 128:: 1 6010:: * LISTEN 0 128 :: 1Plus 6011: *

2.smbclient command to view shares on the target host

Here, the centos 6 host is used as the client to access centos 7 as the samba server

# Anonymous access without entering password As follows: [root@CentOS6 ~] # smbclient-L 192.168.1.15 Enter root's password: Anonymous login successfulDomain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Sharename Type Comment-IPC$ IPC IPC Service (Samba Server Version 4.2.3) Anonymous login successfulDomain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Server Comment-- CENTOS7 Samba Server Version 4.2.3 Workgroup Master-- MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL # created system user account to access As follows: [root@CentOS6 ~] # smbclient-L 192.168.1.15-U taoEnter tao's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Sharename Type Comment-IPC$ IPC IPC Service (Samba Server Version 4.2.3) Tao Disk Home DirectoriesDomain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Server Comment-- CENTOS7 Samba Server Version 4.2.3 Workgroup Master-- -MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL

The 3.smbclient command accesses shared services on the target host

[root@CentOS6 ~] # smbclient / / 192.168.1.15 /-U tao Enter tao's password: [root@CentOS6 ~] # smbclient / / 192.168.1.15/tao-U tao # to add a shared directory file Enter tao's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > help # for help? Allinfo altname archive blocksize cancel case_sensitive cd chmod chown close del dir du echo exit get getfacl geteas hardlink help history iosize lcd link Lock lowercase ls l mask md mget mkdir more mput newer open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink print prompt put pwd q Queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode stat symlink tar tarmode timeout translate unlock volume vuid wdel Logon listconnect showconnect.. ! Smb:\ > pwd # shows the shared directory of the system user tao on the samba server. The home directory in the configuration is Current directory is\\ 192.168.1.15\ tao\ smb:\ > ls. D 0 Tue Oct 18 13:09:36 2016.. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash _ logout H 18 Fri Nov 20 13:02:30 2015 .bash _ profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash _ history H 361 Tue Oct 18 12:43:06 2016 .mysql _ history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 f1 13 Tue Oct 18 13:09:36 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > put / etc/fstab # upload files in Cen 6 found that they cannot be uploaded. The most important thing here is to use the current path NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file\ / etc/fstabsmb:\ > lcd / etc # to change to the current directory where the files are to be uploaded, smb:\ > put fstab # to upload files, and find that they can be uploaded. This is because the writable=YES defined in the system file has write permission. And tao users also have write access to their home directory putting file fstab as\ fstab (52.3 kb/s) (average 52.3 kb/s) smb:\ > ls. D 0 Wed Oct 19 00:11:59 2016.. D 0 Tue Oct 18 11:38:44 2016 .mozilla DH 0 Mon Jul 25 23:57:35 2016 .bash _ logout H 18 Fri Nov 20 13:02:30 2015 .bash _ profile H 193 Fri Nov 20 13:02:30 2015 .bashrc H 231 Fri Nov 20 13:02:30 2015 .zshrc H 658 Fri Nov 20 21:11:02 2015 .Xauthority H 53 Sun Sep 11 11:11:49 2016 .cache DH 0 Sun Sep 11 11:11:49 2016 .config DH 0 Tue Oct 18 12:38:09 2016 .bash _ history H 361 Tue Oct 18 12:43:06 2016 .mysql _ history H 268 Mon Oct 17 16:18:28 2016 pub D 0 Tue Oct 18 09:16:21 2016 upload D 0 Tue Oct 18 09:20:53 2016 xiu D 0 Tue Oct 18 09:36:02 2016 .local DH 0 Tue Oct 18 12:38:09 2016 F1 13 Tue Oct 18 13:09:36 2016 fstab # uploaded file A 1017 Wed Oct 19 00:11:59 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > ^ C

4. Custom shared services

[root@centos7 ~] # mkdir-pv / samba/tools # create a shared directory mkdir: created directory'/ samba'mkdir: created directory'/ samba/tools' [root@centos7 ~] # vim / etc/samba/smb.conf # Edit the main configuration file [apps] # customize a share name comment = tools # comment as tools tool path = / samba/tools # Local File system Path browseable = yes # allows non-owner Array browsing guest ok = yes # allows guest access, that is, anonymous user writable = yes # allows write operations (such as upload and delete, etc.) # Save exit after configuration And test grammar [root@centos7 samba] # testparm # Grammar Test Load smb config files from / etc/samba/smb.confrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[apps]" Loaded services file OK.Server role: ROLE_STANDALONEPress enter to see a dump of your service definitions # hit enter Print out all valid configurations for the service # Global parameters [global] workgroup = MYGROUP server string = Samba Server Version% v security = USER log file = / var/log/samba/log.%m max log size = 50 idmap config *: backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers Path = / var/spool/samba printable = Yes print ok = Yes browseable = No [apps] comment = tools path = / samba/tools read only = No # not read-only Represents writable guest ok = Yes [root@centos7 samba] # systemctl restart smb restart service

View shared services and visit

# View shared services under system users [root@CentOS6 ~] # smbclient-L 192.168.1.15-U tao Enter tao's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Sharename Type Comment-apps Disk tools IPC$ IPC IPC Service (Samba Server Version 4.2.3) tao Disk Home DirectoriesDomain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] Server Comment-- CENTOS7 Samba Server Version 4.2.3 Workgroup Master-MYGROUP CENTOS7 WORKGROUP PC-20160624QLWL

Access to shared services

# anonymous users (guest account) can log in, but cannot upload files [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps Enter root's password: Anonymous login successfulDomain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 21:12:29 2016.. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > lcd / etcsmb:\ >! pwd/etcsmb:\ > put fstab # cannot upload NT_STATUS_ACCESS_DENIED opening remote file\ fstabsmb:\ > ^ C# system account login Access the shared service [root@CentOS6] # smbclient / / 192.168.1.15/apps-U tao # specify the shared service directory as appsEnter tao's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > pwdCurrent directory is\\ 192.168.1.15\ apps\ # under apps smb:\ > ls. D 0 Wed Oct 19 00:31:41 2016.. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > lcd / etcsmb:\ > put fstabNT_STATUS_ACCESS_DENIED opening remote file\ fstab # cannot be uploaded. Although the service has write permission, it does not have write permission to the directory and file system smb:\ >

To enable tao users to upload and delete files, in addition to the write operations defined in the system, the directory file system must also have write permission. Only tao users are defined as follows:

[root@centos7 ~] # setfacl-m u:tao:rwx / samba/tools# sets rwx permissions for tao users [root@centos7 ~] # getfacl / samba/toolsgetfacl: Removing leading'/ 'from absolute path names# file: samba/tools# owner: root# group: rootuser::rwxuser:tao:rwxgroup::r-xmask::rwxother::r-x

Visit again and upload as follows

[root@CentOS6 ~] # smbclient / / 192.168.1.15/apps-U taoEnter tao's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 00:31:41 2016.. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > lcd / etcsmb:\ > put fstabputting file fstab as\ fstab (99.3 kb/s) (average 99.3 kb/s) # uploaded successfully smb:\ > ls. D 0 Wed Oct 19 01:00:43 2016.. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 01:00:43 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > rm fstab # Delete the file smb:\ > ls. D 0 Wed Oct 19 21:12:29 2016.. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks availablesmb:\ >

5. Suppose both tao users and xiu users have write operations, that is, they can upload files to / samba/tools, but I only want to allow tao to upload permissions, but xiu users cannot upload them. How should I set it? As follows

[root@centos7 ~] # setfacl-m u:xiu:rwx / samba/tools [root@centos7 ~] # getfacl / samba/toolsgetfacl: Removing leading'/ 'from absolute path names# file: samba/tools# owner: root# group: rootuser::rwxuser:tao:rwxuser:xiu:rwx # xiu users also have rwx permissions on files group::r-xmask::rwxother::r-x [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps-U xiu # system use Xiu login to visit Enter xiu's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 21:12:29 2016.. D 0 Wed Oct 19 00:31:41 2016 40940 blocks of size 1048576. 40071 blocks availablesmb:\ > lcd / etcsmb:\ > put issue # uploaded successfully putting file issue as\ issue (4.2 kb/s) (average 4.2 kb/s) smb:\ > ls. D 0 Wed Oct 19 21:28:02 2016.. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40071 blocks availablesmb:\ > ^ C

Edit configuration file / etc/samba/smb.conf

Restart the service and visit as follows:

[root@centos7 samba] # systemctl restart smb # restart service [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps-U xiu # xiu user logs in to Enter xiu's password again: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 21:28:02 2016.. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. Blocks availablesmb:\ > lcd / etcsmb:\ > put fstab NT_STATUS_ACCESS_DENIED opening remote file\ fstab [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps-U tao # tao users can upload files Enter tao's password: Domain= [MYGROUP] OS= [Windows 40072] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 21:28:02 2016.. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > lcd / etcsmb:\ > put fstab # uploaded successfully putting file fstab as\ fstab (55.2 kb/s) (average 55.2 kb/s) smb:\ > ls. D 0 Wed Oct 19 21:37:12 2016.. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks available

6. Define a subordinate group. All users in the subordinate group have write permission.

[root@centos7 ~] # groupadd distro [root@centos7 ~] # ll-d / samba/tools/drwxrwxr-x+ 2 root root 30 Oct 19 21:37 / samba/tools/ [root@centos7 ~] # chgrp distro / samba/tools/ [root@centos7 ~] # ll-d / samba/tools/drwxrwxr-x+ 2 root distro 30 Oct 19 21:37 / samba/tools/ [root@centos7 ~] # setfacl-b / samba/tools # to ensure the experiment Clear the acl permission of the directory [root@centos7 ~] # getfacl / samba/toolsgetfacl: Removing leading'/ 'from absolute path names# file: samba/tools# owner: root# group: distrouser::rwxgroup::r-xother::r-x [root@centos7 ~] # chmod 775 / samba/tools/ # the group that sets the directory has write permission [root@centos7 ~] # ll-d / samba/tools/drwxrwxr-x 2 root distro 30 Oct 19 22:23 / samba/tools/ [root@ Centos7 ~] # usermod-a-G distro tao [root@centos7 ~] # usermod-a-G distro xiu [root@centos7 ~] # id taouid=1000 (tao) gid=1000 (tao) groups=1000 (tao) 2003 (distro) [root@centos7 ~] # id xiuuid=1001 (xiu) gid=2002 (xiu) groups=2002 (xiu), 2003 (distro)

Edit the configuration file / etc/samba/smb.conf as follows:

Restart the service and visit as follows:

[root@centos7 samba] # systemctl restart smb [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps-U xiu # use the xiu user to log in to Enter xiu's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 21:37:12 2016.. D 0 Wed Oct 19 00:31:41 2016 issue A 90 Wed Oct 19 21:28:02 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > pwdCurrent directory is\\ 192.168.1.17\ apps\ smb:\ > rm issue # you can delete smb:\ > ls. D 0 Wed Oct 19 22:22:30 2016.. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > lcd / etcsmb:\ > put issue # can upload putting file issue as\ issue (5.2kb/s) (average 5.2kb/s) smb:\ > ls. D 0 Wed Oct 19 22:23:51 2016.. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:23:51 2016 40940 blocks of size 1048576. 40072 blocks available#==== [root@centos7 ~] # gpasswd-d xiu distro # remove the show from the group Removing user xiu from group distro [root@centos7 ~] # groupmems-g distro-l # View group member tao # use the show user to log in again and find that the show cannot be uploaded The following is [root@CentOS6 ~] # smbclient / / 192.168.1.17/apps-U xiuEnter xiu's password: Domain= [MYGROUP] OS= [Windows 6.1] Server= [Samba 4.2.3] smb:\ > ls. D 0 Wed Oct 19 22:40:22 2016.. D 0 Wed Oct 19 00:31:41 2016 fstab A 1017 Wed Oct 19 21:37:12 2016 issue A 90 Wed Oct 19 22:40:22 2016 40940 blocks of size 1048576. 40072 blocks availablesmb:\ > pwdCurrent directory is\\ 192.168.1.17\ apps\ smb:\ > rm issue # cannot delete NT_STATUS_MEDIA_WRITE_PROTECTED deleting remote file\ issueNT_STATUS_MEDIA_WRITE_PROTECTED listing\ issuesmb:\ > lcd / etcsmb:\ > put issue # cannot upload NT_STATUS_ACCESS_DENIED opening remote file\ issue

7. Access using mount.cifs

[root@centos7 ~] # usermod-a-G distro xiu # adds xiu users to the distro group, that is, it also has write access [root@centos7 ~] # id xiuuid=1001 (xiu) gid=2002 (xiu) groups=2002 (xiu), 2003 (distro) [root@centos7 ~] # ll-d / samba/tools/drwxrwxr-x 2 root distro 63 Oct 19 23:24 / samba/tools/# uses mount-t cifs (mount.cifs) to specify smb servers and shared directories And use the login system user and password [root@CentOS6 ~] # mount-t cifs / / 192.168.1.17/apps/ / mnt-o username=xiu,password=134296 [root@CentOS6 ~] # mount # to view the mount point / dev/mapper/vg0-root on / type ext4 (rw) proc on / proc type proc (rw) sysfs on / sys type sysfs (rw) devpts on / dev/pts type devpts (rw,gid=5 Mode=620) tmpfs on / dev/shm type tmpfs (rw) / dev/sda1 on / boot type ext4 (rw) / dev/mapper/vg0-usr on / usr type ext4 (rw) / dev/mapper/vg0-var on / var type ext4 (rw) / dev/sda5 on / home type ext4 (rw,usrquota Grpquota) none on / proc/sys/fs/binfmt_misc type binfmt_misc (rw) / / 192.168.1.17/apps/ on / mnt type cifs (rw) # has been mounted [root@CentOS6 ~] # cd / mnt/ [root@CentOS6 mnt] # lsfstab issue [root@CentOS6 mnt] # echo taotaoxiuxiu > test.txt # visible client root users have write access to mount point / mnt [root@CentOS6 mnt] # su-tao # switch To an ordinary user [tao@CentOS6 ~] $cd / mnt/ [tao@CentOS6 mnt] $lsfstab issue test.txt [tao@CentOS6 mnt] $cat test.txt taotaoxiuxiu [tao@CentOS6 mnt] $echo nulixiangqian > > test.txt-bash: test.txt: Permission denied # although the server system user has write permission (including file system) However, ordinary users of customer orders do not have write access to the mount point.

In this case, we will create a local directory / data/apps as the mount point, and grant the tao user rwx permission to see if it can be written in, as follows:

# create a mount point directory [root@CentOS6 ~] # mkdir-pv / data/appsmkdir: created directory `/ data'mkdir: created directory` / data/apps'#====# to enable tao users to have rwx permission on this directory [root@CentOS6 ~] # setfacl-m u:tao:rwx / data/apps/ [root@CentOS6 ~] # getfacl / data/appsgetfacl: Removing leading'/ 'from absolute path names# file: data/apps# owner: root# group: rootuser::rwxuser:tao:rwxgroup: : r-xmask::rwxother::r-x#====# is mounted to / data/apps Switch to tao user See if you can write [root@CentOS6 ~] # mount-t cifs / / 192.168.1.17/apps/ / data/apps-o username=xiu,password=134296 [root@CentOS6 ~] # mount/dev/mapper/vg0-root on / type ext4 (rw) proc on / proc type proc (rw) sysfs on / sys type sysfs (rw) devpts on / dev/pts type devpts (rw,gid=5) Mode=620) tmpfs on / dev/shm type tmpfs (rw) / dev/sda1 on / boot type ext4 (rw) / dev/mapper/vg0-usr on / usr type ext4 (rw) / dev/mapper/vg0-var on / var type ext4 (rw) / dev/sda5 on / home type ext4 (rw,usrquota Grpquota) none on / proc/sys/fs/binfmt_misc type binfmt_misc (rw) / / 192.168.1.17/apps/ on / data/apps type cifs (rw) [root@CentOS6 ~] # cd / data/apps/ [root@CentOS6 apps] # lltotal 12 RWXR Kukyo-1 1000 1000 1017 Oct 19 2016 fstab-rwxr--r-- 1 1001 2002 90 Oct 19 2016 issue-rw-r--r-- 1 1001 2002 13 Oct 19 2016 test.txt [root@CentOS6 Apps] # su-tao [tao@CentOS6 ~] $cd / data/apps/ [tao@CentOS6 apps] $lsfstab issue test.txt [tao@CentOS6 apps] $echo nulizaiyiqi > > test.txt-bash: test.txt: Permission denied # permission denied

As above, we found or were rejected, this is why on earth? This is because the remote and client use id mapping, which has nothing to do with the user name, but only the id number.

[root@CentOS6 ~] # ll / data/apps/ # owner total 12 id xiuuid=1001 (xiu) gid=2002 (xiu) groups=2002 (xiu) displayed by [root@centos7 ~] # id xiuuid=1001 (xiu) gid=2002 (xiu) groups=2002 (xiu) 2003 (distro) [root@centos7 ~] # ll / samba/tools/ # proprietor total 12RWXRwhim / samba/tools/ # shown on the server side, the owner total 12 RWXRwhim-1 tao tao 1017 Oct 19 21:37 fstab-rwxr--r-- 1 xiu xiu 90 Oct 19 22:40 issue-rw-r--r-- 1 xiu xiu 13 Oct 19 23:33 test.txt [root@CentOS6 ~] # useradd-u 1001 wang # create the same user as the server owner id number [root @ CentOS6 ~] # su-wang [wang@CentOS6 ~] $cd / data/apps/ [wang@CentOS6 apps] $lsfstab issue test.txt [wang@CentOS6 apps] $echo nulizaiyiqi > > test.txt # write operation succeeded [wang@CentOS6 apps] $cat test.txttaotaoxiuxiunulizaiyiqi [wang@CentOS6 apps] $lltotal 12 RWXR Muhami-1 1000 1000 1017 Oct 19 2016 fstab-rwxr--r-- 1 wang 2002 90 Oct 19 2016 issue-rw-r--r-- 1 wang 2002 25 Oct 20 2016 test.txt

Summary:

1. If a user wants to have write access to a shared file, it is limited by two factors: first, whether the shared file server (ftp,samba) allows anonymous users or system accounts to have write permission; on the other hand, whether the user has write permission to the file system of the shared file; only if both are satisfied, the user can upload and delete files in the shared file directory.

two。 For the users in the mount.cifs mount operation in the smaba service, the user specified in the-o option directly produces a mapping relationship; the access mount runs as the user specified by the-o option, which is mapped with the local user as ID, that is, the local user's id number must be the same as the id number of the user specified by the-o option before the write operation can be performed (the first point above must also be satisfied).

3) smbstatus command:

★ displays access status information for related shares of the samba service

-b: displays brief format information

-v: displays detailed format information

Demo

[root@centos7] # smbstatusSamba version 4.2.3PID Username Group Machine Protocol Version-2228 xiu Xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 # Mount access Service pid machine Connected at---IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016 # client access to No locked files

Brief display-b, and detailed display-v

[root@centos7] # smbstatus-b Samba version 4.2.3PID Username Group Machine Protocol Version-2228 xiu Xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 [root@centos7 ~] # smbstatus-vusing configfile = / etc/samba/smb.confSamba version 4.2.3PID Username Group Machine Protocol Version-- 2228 xiu xiu 192.168.1.16 (ipv4:192.168.1.16:49088) NT1 Opened / var/lib/samba/connections.tdbService pid machine Connected at- -- IPC$ 2228 192.168.1.16 Wed Oct 19 23:57:47 2016apps 2228 192.168.1.16 Wed Oct 19 23:57:47 2016No locked files

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.