1.需求
在公司内部打造一个文件管理系统,其作用域仅仅在公司内部,支持在线对文件的修改和保存操作等,同时也要注意权限问题。
2.策划
目前设立四个群组:运维、开发 、测试和普通,当然所对应的对文件的访问权限也是不一致的,运维具有最高权限,其次才是开发、测试和普通
3.安装与部署
3.1 利用yum安装samba服务器
[root@localhost ~]# yum install -y samba
3.2 利用groupadd建立用户组
[root@localhost ~]# groupadd management [root@localhost ~]# groupadd development [root@localhost ~]# groupadd test [root@localhost ~]# groupadd user [root@localhost ~]#
3.3 新建用户并且指定群组
[root@localhost ~]# cat /etc/group | egrep "management|development|test|^user:" management:x:1001: development:x:1002: test:x:1003: user:x:1004: [root@localhost ~]# [root@localhost ~]# useradd D17040009 -g 1001 [root@localhost ~]# useradd D17040010 -g 1002 [root@localhost ~]# useradd D17040011 -g 1003 [root@localhost ~]# useradd D17040012 -g 1004
3.4 新建文件夹并且配置ACL权限
[root@localhost home]# mkdir sam [root@localhost sam]# mkdir management development test user [root@localhost sam]# setfacl -m g:development:rwx development/ [root@localhost sam]# setfacl -m g:management:rwx management/ [root@localhost sam]# setfacl -m g:management:rwx development/ [root@localhost sam]# setfacl -m g:management:rwx tset/ [root@localhost sam]# setfacl -m g:management:rwx test/ [root@localhost sam]# setfacl -m g:management:rwx user/ [root@localhost sam]# setfacl -m g:development:rwx test/ [root@localhost sam]# setfacl -m g:development:rwx user/ [root@localhost sam]# setfacl -m g:test:rwx test [root@localhost sam]# setfacl -m g:test:rwx user [root@localhost sam]# setfacl -m g:user:rwx user
3.5 修改配置文件
[root@localhost sam]# cat /etc/samba/smb.conf # See smb.conf.example for a more detailed config file or # read the smb.conf manpage. # Run 'testparm' to verify the config is correct after # you modified it. [global] # workgroup = SAMBA workgroup = WORKGROUP security = user passdb backend = tdbsam printing = cups printcap name = cups # load printers = yes load printers = no cups options = raw log file = /var/log/samba/log.%m max log size = 50 passdb backend = smbpasswd username map = /etc/samba/smbusers [smb] comment = 5M1330 path = /home/sam writable = yes browseable = yes available = yes #[homes] # comment = Home Directories # comment = 5M1330 Directories # path = /home/vsftpd # admin user = root # valid users = %S, %D%w%S # valid user = @management,@development,@test,@user # browseable = yes # writable = yes # read only = no # inherit acls = Yes # guest ok = no #[printers] # comment = All Printers # path = /var/tmp # printable = Yes # create mask = 0600 # browseable = No #[print$] # comment = Printer Drivers # path = /var/lib/samba/drivers # write list = root # create mask = 0664 # directory mask = 0775
4.测试
4.1 登陆用户:D17040009 所属组:management
| 访问management目录 | 访问OK 创建文件或文件夹OK |
| 访问development目录 | 访问OK 创建文件或文件夹OK |
| 访问test目录 | 访问OK 创建文件或文件夹OK |
| 访问user目录 | 访问OK 创建文件或文件夹OK |
4.2 登陆用户:D17040010所属组:development
| 访问management目录 | 访问FAIL |
| 访问development目录 | 访问OK 创建文件或文件夹OK |
| 访问test目录 | 访问OK 创建文件或文件夹OK |
| 访问user目录 | 访问OK 创建文件或文件夹OK |
4.3登陆用户:D17040011所属组:test
| 访问management目录 | 访问FAIL |
| 访问development目录 | 访问FAIL |
| 访问test目录 | 访问OK 创建文件或文件夹OK |
| 访问user目录 | 访问OK 创建文件或文件夹OK |
4.4 登陆用户:D17040012所属组:user
| 访问management目录 | 访问FAIL |
| 访问development目录 | 访问FAIL |
| 访问test目录 | 访问FAIL |
| 访问user目录 | 访问OK 创建文件或文件夹OK |
5.系统维护和故障排除
5.1 无法连接samba服务器
尝试ping一次查看网络能否ping通
查看firewall配置
重启samba服务尝试
5.2 无法创建文件
查看服务器selinux配置
重启samba服务尝试
5.3 新建用户并且加入群组无法访问应该访问的位置
删除用户再次新建