cifs文件储存需要的服务为smb服务
一、服务端安装smb服务
smb服务器信息块协议,是一种IBM协议,用于在计算机间共享文件,打印机,串口等,smb协议可以用在因特网的TCP/IP协议之上,也可以用在其他网络协议如IPX和NetBEUI之上
1、smb服务的安装
[root@localhost ~]# yum install samba-common samba-client samba -y 安装smb服务
2、smb服务开启
[root@localhost ~]# systemctl start smb
[root@localhost ~]# systemctl enable smb
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
3、smb服务的配置文件
文件位置:
etc/samba/smb.conf
89 workgroup = WESTOS 名称
90 server string = Samba Server Version %v
91
92 ; netbios name = MYSERVER
93
94 ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
95 ; hosts allow = 127. 192.168.12. 192.168.13.
96 ' hosta allow = 172.25.254.178 白名单
97 ; hosta deny = 172.25.254.178 黑名单(;表示注释掉)
98 ; max protocol = SMB2
99
修改后重启生效
4、用户创建
注意:创建的用户必须是本地真实用户
[root@localhost ~]# smbpasswd -a xiaoming 创建smb用户
New SMB password:
Retype new SMB password:
Added user xiaoming.
[root@localhost ~]# pdbedit -L 查看smb用户
xiaoming:1001:
[root@localhost ~]# pdbedit -x xiaoming 删除smb用户
[root@localhost ~]# pdbedit -L
5、用户登录
1、匿名用户登陆
[root@localhost ~]# smbclient -L //172.25.254.177
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
2、本地用户登陆
[root@localhost ~]# smbclient -L //172.25.254.177 -U xiaoming
Enter xiaoming's password:
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
xiaoming Disk Home Directories
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
2、本地用户家目录登陆
[root@localhost ~]# smbclient //172.25.254.177/xiaoming -U xiaoming
Enter xiaoming's password:
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Sat May 12 06:50:00 2018
.. D 0 Sat May 12 06:50:00 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
483670 blocks of size 1024. 451829 blocks available
登陆后可执行ls,put,get,rm等命令进行查看,但对于touch等命令不支持,则需要挂载后执行
3、smb中可支持的命令

二、smb挂载
1、临时挂载
命令格式:mount //172.25.254.177/xiaoming /mnt -o password=redhat,username=xiaoming
[root@localhost ~]# mount //172.25.254.177/xiaoming /mnt -o password=redhat,username=xiaoming
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3344704 7129196 32% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 84 484848 1% /dev/shm
tmpfs 484932 12780 472152 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2350 451829 1% /home
//172.25.254.177/xiaoming 483670 2350 451829 1% /mnt
2、永久挂载
vim /etc/fstab
//172.25.254.177/xiaoming /mnt cifs defaults,username=xiaoming,password=redhat 0 0
三、smb共享设置
当selinux在强制状态下,本地用户无法共享家目录
1、共享smb用户家目录
[root@localhost ~]# smbclient -L //172.25.254.177 匿名用户可以登陆
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root@localhost ~]# smbclient //172.25.254.177/xiaoming -U xiaoming 本地用户不可登陆家目录
Enter xiaoming's password:
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
NT_STATUS_ACCESS_DENIED listing \*
smb: \>
这种情况下,需要修改smb的bool
值
[root@localhost ~]# setsebool -P samba_enable_home_dirs on 修改bool值
[root@localhost ~]# getsebool -a | grep samba 查看bool值
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
配置文件中提示开启bool值
测试:
修改完成后本地用户可以直接登陆家目录
[root@localhost ~]# smbclient //172.25.254.177/xiaoming -U xiaoming
Enter xiaoming's password:
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
smb: \> ls
. D 0 Sat May 12 06:50:00 2018
.. D 0 Sat May 12 06:50:00 2018
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.mozilla DH 0 Thu Jul 10 18:29:32 2014
.config DH 0 Thu Jul 10 19:06:52 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.bash_logout H 18 Wed Jan 29 07:45:18 2014
483670 blocks of size 1024. 451824 blocks available
smb: \>
2、共享用户自行建立的目录
[root@localhost ~]# mkdir /smbdir
[root@localhost ~]# semanage fcontext -a -t samba_share_t '/smbdir(/.*)?'
[root@localhost ~]# restorecon -RvvF /smbdir/
restorecon reset /smbdir context system_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[root@localhost ~]# vim /etc/samba/smb.conf
重启后登陆测试效果
配置文件中也有提醒:
3、共享系统目录
修改安全上下文会影响其他服务的使用,所有要修改smb布尔值,修改此bool值,也可共享用户自行建立的目录
[root@localhost ~]# setsebool -P samba_export_all_rw on 开启smb所有读写的bool值
[root@localhost ~]# getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> on
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
修改配置文件共享/mnt目录
测试:匿名用户登陆可看到共享的/mnt和/redhat目录,本地用户可直接登陆/mnt目录
4、用户权限设置
[redhat] 名称
comment = smbdir directory 介绍
path = /smbdir 共享目录
writable =yes 所有人可读写
;write list = +student 允许+组可读写,没有+表示用户可读写
browseable = yes 共享浏览信息
admin users = xiaoming xiaoming用户以超级用户访问
guest ok = yes 匿名用户可挂载
1、所有人可读写设置
测试:
xiaoming用户挂载后可读写
新建一个smb用户student用户挂载后也可读写
2、允许某用户可写
测试:xiaoming用户可读写,xtudent用户不可读写
3、允许某用户组读写
测试:student用户可读写,xiaoming用户不可读写
修改xiaoming用户所在组后,xiaoming用户也可读写
4、共享浏览信息
browseable默认状态为no,在no的状态下匿名用户登陆,是看不到本地用户自行建立的共享目录
[root@localhost ~]# smbclient -L //172.25.254.177
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
当browseable在yes的状态下,匿名用户可查看到
[root@localhost ~]# smbclient -L //172.25.254.177
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Sharename Type Comment
--------- ---- -------
redhat Disk smbdir directory 共享目录
IPC$ IPC IPC Service (Samba Server Version 4.2.3)
Anonymous login successful
Domain=[WESTOS] OS=[Windows 6.1] Server=[Samba 4.2.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
5、本地用户对于redhat域以超级用户身份访问
测试:
[root@localhost ~]# mount -o username=xiaoming,password=redhat //172.25.254.177/redhat /mnt/
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3345400 7128500 32% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12764 472168 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2355 451824 1% /home
//172.25.254.177/redhat 10473900 3345400 7128500 32% /mnt
[root@localhost ~]# touch /mnt/file6
[root@localhost ~]# ll /mnt/
total 0
-rw-r--r--. 1 xiaoming xiaoming 0 May 12 10:01 file1
-rw-r--r--. 1 student student 0 May 12 10:02 file2
-rw-r--r--. 1 xiaoming xiaoming 0 May 12 11:27 file3
-rw-r--r--. 1 xiaoming xiaoming 0 May 12 11:38 file5
-rw-r--r--. 1 root xiaoming 0 May 12 11:47 file6 新建的fiile6文件所有人为root用户
6、允许匿名用户访问共享目录
四、多用户挂载
服务端:
客户端:
1、使用cifs-utils进行加密
[root@localhost ~]# yum install cifs-utils 安装cifs服务
[root@localhost ~]# vim /root/smbuser 创建用户信息文件
username=xiaoming
password=redhat
2、超级用户认证挂载
超级用户以xiaoming用户登陆挂载,可查看在/mnt下的文件
[root@localhost ~]# mount -o credentials=/root/smbuser,sec=ntlmssp,multiuser //172.25.254.177/redhat /mnt
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3153884 7320016 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12740 472192 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
//172.25.254.177/redhat 10473900 3345184 7128716 32% /mnt
[root@localhost ~]# ls /mnt/
file1 file2 file3 file5 file6
3、普通用户以student用户身份访问
[root@localhost ~]# su - student
[student@localhost ~]$ cifscreds add -u student 172.25.254.177
Password:
[student@localhost ~]$ ls /mnt/
file1 file2 file3 file5 file6