说实话搞这些很蛋疼, 没啥技术含量.
What is Samba?
这个历史悠久了
Since 1992, Samba has provided secure, stable and fast file and print services
for all clients using the SMB/CIFS protocol, such as all versions of DOS and
Windows, OS/2, Linux and many others.
财务有个需求
- 3个账号
admin 管理员用
opeople 已在员工用
npeople 新来员工用
- 3个文件夹
CW-No.1
CW-No.2
CW-Public
- 权限要求
admin可以读写所有文件夹
opeople可以读写CW-No.2 CW-Public
npeople可以读写CW-Public
smb设置
yum install samba samba-client
$ cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
server string = linux file share
[CW-No.1]
comment = caiwu1
path = /home/CW-No.1
#valid users = admin
#write list = admin
#read list = admin
#valid users = @caiwu
valid users = admin,opeople
write list = admin,opeople
read list = admin,opeople
create mode = 0770
force create mode = 0770
directory mode = 0770
force directory mode = 0770
[CW-No.2]
comment = caiwu2
path = /home/CW-No.2
#valid users = @caiwu
valid users = admin
write list = admin
read list = admin
[CW-Public]
comment = publice
path = /home/CW-Public
public = yes
writable = yes
read only = no
create mode = 0777
force create mode = 0777
directory mode = 0777
force directory mode = 0777
这里遇到一个难点,就是admin创建的文件夹权限是755,导致同组的opeople没办法往进写文件. 咋办呢? 只能通过添加 create mode 这种参数来搞,这几个权限参数救了了, 我拆了一些linux的特殊权限都没能解决. http://www.cnblogs.com/iiiiher/p/6076277.html
- 本地测试挂载
smbclient //127.0.0.1/CW-Public -U opeople%opeople123
- 添加smb用户并设置密码
useradd opeople -g caiwu -s /sbin/nologin -M
smbpasswd -a opeople
- 查看smb已有用户
pdbedit -L
docker安装: 端口 tcp 135 449
可以快速的启动一个共享目录
sudo docker run -it -p 139:139 -p 445:445 -d dperson/samba
-u "example1;badpass"
-u "example2;badpass"
-s "public;/share"
-s "users;/srv;no;no;no;example1,example2"
-s "example1 private;/example1;no;no;no;example1"
-s "example2 private;/example2;no;no;no;example2"
windows多次测试清理凭据
清除凭据
net use \192.168.1.100IPC$ /delete
netstat -n|findstr "1.100"
可以看到tcp的close_wait状态,需要等几秒才断开
todo: 这里有个kingate,有趣的反带软件,抽时间可以研究下
http://www.361way.com/install-kingate-proxy/2801.html