• samba


    前言

    ftp用户端与服务端之间是通过协议访问的,但不支持通过挂载的方式访问,因为他不是一个文件系统。

    samba这款软件使用的是CIFS协议,使用CIFS这个协议的软件不仅有SAMBA软件,还有windows 系统的共享功能;samba可以实现跨操作系统平台的文件共享,比如linux和windows之间的文件共享、linux与linux之间的共享、windows与windows之间的共享;

    centos7搭建注意点

    • 注意地址解析问题
    • 无需重启服务配置文件就能生效,但最好重启服务,重启两个服务smb、nmb
    • 注意版本问题
    • 注意smb的权限与文件系统权限的交集

    samba的问题

    最大的问题就是权限问题,在权限当中搞的太灵活了,valid users、write list、read only之间的关系相互有冲突,让人搞不清是哪一条在起作用,让人非常恼火,我们可以在samba当中很轻松的让某些用户或组有读写权限,让匿名用户有只读权限,但是很难让某个普通用户拥有只读权限;

    第二个就是需要周围设置,比如有时候需要windows开启smb1.0功能,有时候还要注意其解析问题。总的来说,肯定是不如windows使用共享用鼠标点几下来的方便。

    需求

    • development_1的成员:zhangsan、lisi、wanger
    • development_2的成员:jia、yi、bing

    希望实现匿名用户有读权限,而以上两个组的成员具有读写权限;

    ###################################服务端配置
    [root@c71 ~]# !17
    ip addr show ens33 | awk -F" " 'NR==3{print $2}'
    192.168.80.136/24
    # 下面这几项必须保持一致,不然的话,当我们用客户端访问卡的要死
    [root@c71 ~]# hostname
    c71
    [root@c71 ~]# cat /etc/hostname
    c71
    [root@c71 ~]# cat /etc/hosts
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 c71
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 c71
    [root@c71 ~]# ping c71
    PING localhost (127.0.0.1) 56(84) bytes of data.
    64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.037 ms
    
    [root@c71 ~]# cat /etc/redhat-release 
    CentOS Linux release 7.9.2009 (Core)
    [root@c71 ~]# systemctl stop firewalld
    [root@c71 ~]# systemctl disable firewalld
    [root@c71 ~]# cat /etc/selinux/config  | grep disabled
    #     disabled - No SELinux policy is loaded.
    SELINUX=disabled
    [root@c71 ~]# yum -y install samba &> /dev/null; 
    [root@c71 ~]#systemctl enable smb ; systemctl enable nmb ; systemctl start smb ; systemctl start nmb ;
    [root@c71 ~]# ss -tunlp | egrep '(445|137|138|139)'
    [root@c71 /]# mkdir /smb_share ; chmod 777 /smb_share
    
    [root@c71 ~]# groupadd development_2
    [root@c71 ~]# groupadd development_1
    [root@c71 ~]# useradd -s /sbin/nologin -g development_1 zhangsan
    [root@c71 ~]# useradd -s /sbin/nologin -g development_1 lisi
    [root@c71 ~]# useradd -s /sbin/nologin -g development_1 wanger
    [root@c71 ~]# useradd -s /sbin/nologin -g development_2 jia
    [root@c71 ~]# useradd -s /sbin/nologin -g development_2 yi
    [root@c71 ~]# useradd -s /sbin/nologin -g development_2 bing
    Failed to find entry for user zhangsan.
    [root@c71 ~]# smbpasswd -a zhangsan
    New SMB password:
    Retype new SMB password:
    Added user zhangsan.
    [root@c71 ~]# smbpasswd -a lisi
    New SMB password:
    Retype new SMB password:
    Added user lisi.
    [root@c71 ~]# smbpasswd -a wanger
    New SMB password:
    Retype new SMB password:
    Added user wanger.
    [root@c71 ~]# smbpasswd -a jia
    New SMB password:
    Retype new SMB password:
    Added user jia.
    [root@c71 ~]# smbpasswd -a yi
    New SMB password:
    Retype new SMB password:
    Added user yi.
    [root@c71 ~]# smbpasswd -a bing
    New SMB password:
    Retype new SMB password:
    Added user bing.
    [root@c71 ~]# smbpasswd -e bing
    Enabled user bing.
    [root@c71 ~]# smbpasswd -e yi
    Enabled user yi.
    [root@c71 ~]# smbpasswd -e jia
    Enabled user jia.
    [root@c71 ~]# smbpasswd -e zhangsan
    Enabled user zhangsan.
    [root@c71 ~]# smbpasswd -e wanger
    Enabled user wanger.
    [root@c71 ~]# smbpasswd -e lisi
    Enabled user lisi.
    
    [root@c71 ~]# testparm 
    Load smb config files from /etc/samba/smb.conf
    Loaded services file OK.
    Server role: ROLE_STANDALONE
    Press enter to see a dump of your service definitions
    # Global parameters
    [global]
    	printcap name = cups
    	security = USER
    	workgroup = SAMBA
    	idmap config * : backend = tdb
    	cups options = raw
    
    [smb_share]
    	comment = smb_share
    	guest ok = Yes
    	path = /smb_share
    	write list = @development_1 @development_2
    ###################################客户端测试##########
    root@u21:~# apt -y install samba-client &> /dev/null
    root@u21:~# smbclient //192.168.80.136/smb_share
    Enter WORKGROUP\root's password:
    Anonymous login successful
    Try "help" to get a list of possible commands.
    smb: \> ls
      .                                   D        0  Sun Feb 20 11:14:50 2022
      ..                                  D        0  Sun Feb 20 11:12:48 2022
      issue                               N       23  Sun Feb 20 11:14:50 2022
      fstab                               N      541  Sun Feb 20 11:14:50 2022
      hostname                            N        4  Sun Feb 20 11:14:50 2022
      passwd                              N     1434  Sun Feb 20 11:14:50 2022
    
                    52403200 blocks of size 1024. 50726628 blocks available
    smb: \> rm issue
    NT_STATUS_ACCESS_DENIED deleting remote file \issue
    
    root@u21:~# smbclient //192.168.80.136/smb_share -U jia%cba-123
    Try "help" to get a list of possible commands.
    smb: \> ls
      .                                   D        0  Sun Feb 20 11:14:50 2022
      ..                                  D        0  Sun Feb 20 11:12:48 2022
      issue                               N       23  Sun Feb 20 11:14:50 2022
      fstab                               N      541  Sun Feb 20 11:14:50 2022
      hostname                            N        4  Sun Feb 20 11:14:50 2022
      passwd                              N     1434  Sun Feb 20 11:14:50 2022
    
                    52403200 blocks of size 1024. 50726764 blocks available
    smb: \> rm issue
    NT_STATUS_ACCESS_DENIED deleting remote file \issue
    smb: \> exit
    root@u21:~# smbclient //192.168.80.136/smb_share -U jia%cba-123
    Try "help" to get a list of possible commands.
    smb: \> ls
      .                                   D        0  Sun Feb 20 11:14:50 2022
      ..                                  D        0  Sun Feb 20 11:12:48 2022
      issue                               N       23  Sun Feb 20 11:14:50 2022
      fstab                               N      541  Sun Feb 20 11:14:50 2022
      hostname                            N        4  Sun Feb 20 11:14:50 2022
      passwd                              N     1434  Sun Feb 20 11:14:50 2022
    
                    52403200 blocks of size 1024. 50726744 blocks available
    smb: \> rm issue
    smb: \> exit
    root@u21:~# smbclient //192.168.80.136/smb_share -U zhangsan%cba-123
    Try "help" to get a list of possible commands.
    smb: \> ls
      .                                   D        0  Sun Feb 20 11:16:14 2022
      ..                                  D        0  Sun Feb 20 11:12:48 2022
      fstab                               N      541  Sun Feb 20 11:14:50 2022
      hostname                            N        4  Sun Feb 20 11:14:50 2022
      passwd                              N     1434  Sun Feb 20 11:14:50 2022
    
                    52403200 blocks of size 1024. 50726748 blocks available
    smb: \> rm passwd
    smb: \> exit
    

    基本原理

    samba组件

    • netbios(网络基本输入输出系统,windows主机之间基于主机名互相通信的机制,是广播机制)

    windows既然不开共享,也会侦听137和138,因为netbios就是windows通过主机名进行互相访问的基础服务,smb也需要这种服务,每一次特别慢,因为第一次是广播。netbiosnmbd服务器控制,这个服务最好要打开,因为如果不打开windows访问的时候会非常慢。

    • wins

    netbios广播解析太慢了,后面出现了单节点解析,也就是netbios的升级版,也叫wins服务,

    • winbind

    samba的三个子服务之一、当samba启用了AD域功能之后,才会启动此服务,使用AD域需要打开winbindd

    配置文件

    配置文件结构:配置文件的结构是这样的,总体分为全局设定和特定共享设定,而特定共享设定又分为:家目录、打印机、自定义共享;

    全局设定

    global:netbios、workgroup

    • smb服务端有两种服务模式:域模式、工作组;
    • smb服务端有个服务:smb和nmb、smb侦听在tcp/139和tcp/445,主要用来传输使用(windows共享也是如此),nmb主要用来解析netbios地址,侦听在udp/137和udp/138端口。
    
    [root@C8 ~]# rpm -ql samba | grep sys  有两个system文件意味着有两个服务,一个常用,一个不常用
    /usr/lib/systemd/system/nmb.service
    /usr/lib/systemd/system/smb.service
    
    # 解释配置文件,example里面有比较详细的解释
    [root@C8 ~]# cd /etc/samba/ && ls
    lmhosts  smb.conf  smb.conf.example
    [root@C8 samba]# egrep -v '(^$|^#)' smb.conf 
    # 全局设置
    [global]
    # workgroup = SAMBA  # 工作组的名称,这和windows的工作组是一个意思,沿袭了windows一部分东西,windows的默认工作组是workgroup,好改一下;
    # 在centos6是可以通过sambaclient -L 探测服务端的工作组,centos7不行;
    	workgroup = WORKGROUP
    # netbios的作用就是访问的时候可以使用netbiosname,而不用使用IP,有点类似于域名的概念,smbclient -L 后面直接跟netbios名字,但要依赖nmb服务
    # 也就是说要先启动nmb之后,客户端才能使用netbios名字进行访问,smb是侦听在137、138两端口,注意,Ping netbios是不行的
    	netbios name = linux40
    	security = user
    	passdb backend = tdbsam
    	printing = cups
    	printcap name = cups
    	load printers = yes
    	cups options = raw
    [homes]
    	comment = Home Directories
    	valid users = %S, %D%w%S
    	browseable = No
    	read only = No
    	inherit acls = Yes
    [printers]
    	comment = All Printers
    	path = /var/tmp
    	printable = Yes
    	create mask = 0600
    	browseable = No
    [print$]
    	comment = Printer Drivers
    	path = /var/lib/samba/drivers
    	write list = @printadmin root
    	force group = @printadmin
    	create mask = 0664
    	directory mask = 0775
    

    user

    smb用户必须先是系统用户,用户的密码是通过samba自己维护的。

    # 当我们通过windows访问centos的smb的时候,让我们输入的账号并不是centos系统用户的账号,而是samba用户的账号和密码。
    # 添加访问的用户,smb用户首先得是一个系统用户,其次才能成为一个smb用户;
    # 列出smb用户
    [root@C8 ~]# pdbedit -L
    [root@C8 ~]# useradd -s /sbin/nologin smb1
    [root@C8 ~]# useradd -s /sbin/nologin smb2
    # 添加smb用户
    [root@C8 ~]# smbpasswd -a smb1
    New SMB password:
    Retype new SMB password:
    Added user smb1.
    [root@C8 ~]# smbpasswd -a smb2
    New SMB password:
    Retype new SMB password:
    Added user smb2.
    # 修改用户密码
    [root@C8 ~]# smbpasswd smb1
    New SMB password:
    Retype new SMB password:
    # 再列出
    [root@C8 ~]# pdbedit -L
    smb1:1001:
    smb2:1002:
    # 删除账号
    [root@C8 ~]# smbpasswd -x smb1
    
    # 下面这个文件就是smb的用户数据库文件
    [root@C8 ~]# ll /var/lib/samba/private/passdb.tdb 
    -rw-------. 1 root root 421888 11月 14 18:51 /var/lib/samba/private/passdb.tdb
    
    # 查看用户的详细信息,有一个SID,也是从微软当中模拟而来的
    [root@C8 ~]# pdbedit -L -v smb1
    Unix username:        smb1
    NT username:          
    Account Flags:        [U          ]
    User SID:             S-1-5-21-3762892953-1983712240-1896709800-1000    # 用户SID
    Primary Group SID:    S-1-5-21-3762892953-1983712240-1896709800-513
    Full Name:            
    Home Directory:       \\LINUX40\smb1
    HomeDir Drive:        
    Logon Script:         
    Profile Path:         \\LINUX40\smb1\profile
    Domain:               LINUX40
    Account desc:         
    Workstations:         
    Munged dial:          
    Logon time:           0
    Logoff time:          三, 06 2月 2036 23:06:39 CST
    Kickoff time:         三, 06 2月 2036 23:06:39 CST
    Password last set:    日, 14 11月 2021 18:54:12 CST
    Password can change:  日, 14 11月 2021 18:54:12 CST
    Password must change: never
    Last bad password   : 0
    Bad password count  : 0
    Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    
    # 查看smb当前状态,当前没有人任何人连接
    [root@C8 ~]# smbstatus 
    
    Samba version 4.13.3
    PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
    ----------------------------------------------------------------------------------------------------------------------------------------
    Service      pid     Machine       Connected at                     Encryption   Signing     
    ---------------------------------------------------------------------------------------------
    No locked files
    

    host allow

    # 允许哪台主机访问,10. 就代表网络位是10就可以,也可以写死
    [global]
            hosts allow = 10. 192.168. 192.168.0.105
    

    log

    为每一个客户端单独准备一个日志文件

    [global]
            log file = /var/log/samba/log.%I
    	log level = 2 日志级别,默认是0,不记录。
    
    # 效果是为每一个客户端单独准备一个日志文件
    [root@C8 ~]# ls /var/log/samba/
    cores  log.0.0.0.0  log.192.168.0.105  log.nmbd  log.smbd  old
    
    # 测试一下
    [root@template ~]# smbclient -L 192.168.0.104 -U smb1%123
    
    	Sharename       Type      Comment
    	---------       ----      -------
    	print$          Disk      Printer Drivers
    	IPC$            IPC       IPC Service (Samba 4.13.3)
    	smb1            Disk      Home Directories     # 默认把自己家目录给共享出来了
    Reconnecting with SMB1 for workgroup listing.
    smbXcli_negprot_smb1_done: No compatible protocol selected by server.
    protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
    Unable to connect with SMB1 -- no workgroup available
    
    [root@C8 samba]# cat log.192.168.0.105
    [2021/11/14 19:24:06.145968,  2] ../../source3/auth/auth.c:329(auth_check_ntlm_password)
      check_ntlm_password:  authentication for user [smb1] -> [smb1] -> [smb1] succeeded   # 看到客户端信息
    [2021/11/14 19:24:06.146691,  2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[homes]"
    [2021/11/14 19:24:06.146856,  2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[printers]"
    [2021/11/14 19:24:06.146964,  2] ../../source3/param/loadparm.c:2864(lp_do_section)
      Processing section "[print$]"
    
    # 在客户端上直接访问服务端家目录
    [root@template ~]# smbclient //192.168.0.104/smb1 -U smb1%cba-123
    Try "help" to get a list of possible commands.
    smb: \> ls
    NT_STATUS_ACCESS_DENIED listing \*
    
    # 在服务端上看连接
    [root@C8 ~]# smbstatus 
    Samba version 4.13.3
    PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
    ----------------------------------------------------------------------------------------------------------------------------------------
    37329   smb1         smb1         192.168.0.105 (ipv4:192.168.0.105:43574)  SMB3_11           -                    partial(AES-128-CMAC)
    
    Service      pid     Machine       Connected at                     Encryption   Signing     
    ---------------------------------------------------------------------------------------------
    smb1         37329   192.168.0.105 日 11月 14 19时26分42秒 2021 CST -            -           
    
    No locked files
    
    # 默认家目录共享,全是因为这个模块下的内容
    [homes]
    	comment = Home Directories
    	valid users = %S, %D%w%S
    	browseable = No
    	read only = No
    	inherit acls = Yes
    

    其它

    • security = user,通过什么方式访问,user的意思是通过账号和密码的方式访问
    • passdb backend = tdbsam,这就是用户名密码存储的地方

    家目录

    [homes]
    				# 注释信息
            comment = Home Directories
    				# 有效用户,就是自己
            valid users = %S, %D%w%S
    
    				# 是否允许它人浏览自己的家目录,默念不允许
            browseable = No
            read only = No
            inherit acls = Yes
    

    自定义

    [shared_name]
    	path = /path/to/share_directory
    	# 注释信息
    	comment = COMMENT
    
    	# 是否允许来宾访问
    	guest ok  = yes
    
    	# 是否可写,另一种写法是read only = No 是不是只读的,如果是只读的,那就是writable的no;
    	writable = yes
    
    	# 允许写入的用户列表,多个用户之间用逗分隔,组的话前面加@
    	write list = user1,user2,user3,@g1
    
    	# 允许读取的用户列表
    	valid users = user3,user4,@g2
    
    # 测试语法是否有错 
    testpram 
    

    客户端

    # c7探测目标c8主机共享了哪些文件夹
    [root@template ~]# smbclient -L 192.168.0.104
    Enter SAMBA\root's password:   #这里没输入密码,直接回车,因为服务端暂时还没为sab用户创建用户名和密码
    Anonymous login successful     # 表示支持匿名访问
    
    	Sharename       Type      Comment   # 当前结果显示没有共享任何内容
    	---------       ----      -------
    	print$          Disk      Printer Drivers 
    	IPC$            IPC       IPC Service (Samba 4.13.3)
    Reconnecting with SMB1 for workgroup listing.
    smbXcli_negprot_smb1_done: No compatible protocol selected by server.
    protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
    Unable to connect with SMB1 -- no workgroup available
    
    # c7探测目标windows主机共享了哪些文件夹
    yum list samba*
    yum -y install samba-client
    [root@template ~]# smbclient -L 192.168.0.115 -U zhanghe%PASSWD
    
    	Sharename       Type      Comment
    	---------       ----      -------
    	ADMIN$          Disk      远程管理
    	C$              Disk      默认共享
    	D$              Disk      默认共享
    	IPC$            IPC       远程 IPC
    	VT              Disk      
    Reconnecting with SMB1 for workgroup listing.
    do_connect: Connection to 192.168.0.115 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
    Unable to connect with SMB1 -- no workgroup available
    
    [root@template ~]# smbclient //192.168.0.115/VT -U zhanghe%PASSWD
    Try "help" to get a list of possible commands.
    smb: \> ls
    smb: \> pwd
    Current directory is \\192.168.0.115\VT\
    smb: \> get 网络安全公开课20211012.mp4
    smb: \> !ls   # 查看当前目录
    anaconda-ks.cfg  网络安全公开课20211012.mp4
    smb: \> put anaconda-ks.cfg 
    putting file anaconda-ks.cfg as \anaconda-ks.cfg (290.3 kb/s) (average 290.3 kb/s)
    

    挂载访问

    mount -t cifs //SERVER/shared_name /local_point -o username=USERNAME,password=PASSWORD
    

    /etc/fstab写到里面,开机自动挂载放到fstab会有密码泄露的风险,不建议开机自动挂载;

    测试

    仅有path

    所有人都能读、也就是说所有人都能下载,但不能上传和删除,不能匿名

    # 服务端
    [root@c71 ~]# grep development /etc/group
    development_1:x:1000:
    development_2:x:1001:
    [root@c71 ~]# tail -6 /etc/passwd
    lisi:x:1001:1000::/home/lisi:/sinb/nologin
    wanger:x:1002:1000::/home/wanger:/sinb/nologin
    jia:x:1003:1001::/home/jia:/sinb/nologin
    yi:x:1004:1001::/home/yi:/sinb/nologin
    bing:x:1005:1001::/home/bing:/sinb/nologin
    zhanghe:x:1006:1006::/home/zhanghe:/sbin/nologin
    [root@c71 ~]# egrep -v '(^[[:space:]*$]]|^#)' /etc/samba/smb.conf
    [global]
    	workgroup = SAMBA
    	security = user
    	passdb backend = tdbsam
    	printing = cups
    	printcap name = cups
    	load printers = yes
    	cups options = raw
    [samba_share]
    	path = /smb_share
    
    # 客户端
    [root@c72 ~]# smbclient -L 192.168.80.130
    Enter SAMBA\root's password: 
    Anonymous login successful
    
    	Sharename       Type      Comment
    	---------       ----      -------
    	samba_share     Disk      
    	IPC$            IPC       IPC Service (Samba 4.10.16)
    Reconnecting with SMB1 for workgroup listing.
    Anonymous login successful
    
    	Server               Comment
    	---------            -------
    
    	Workgroup            Master
    	---------            -------
    	SAMBA                C71
    
    # 能下载,不能删除和上传
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U zhangsan%cba-123
    Try "help" to get a list of possible commands.
    smb: \> ls
      .                                   D        0  Sun Feb 20 01:52:18 2022
      ..                                  D        0  Sat Feb 19 20:49:26 2022
      fstab                               A      465  Sat Feb 19 21:36:34 2022
      passwd                              N     1483  Sun Feb 20 01:52:18 2022
      issue                               N       23  Sun Feb 20 01:52:18 2022
    
    		52403200 blocks of size 1024. 50726904 blocks available
    smb: \> get issue 
    getting file \issue of size 23 as issue (4.5 KiloBytes/sec) (average 4.5 KiloBytes/sec)
    smb: \> rm issue 
    NT_STATUS_ACCESS_DENIED deleting remote file \issue
    smb: \> put anaconda-ks.cfg 
    NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
    
    # 不能匿名
    [root@c72 ~]# smbclient //192.168.80.130/samba_share
    Enter SAMBA\root's password: 
    Anonymous login successful
    tree connect failed: NT_STATUS_ACCESS_DENIED
    

    public

    public其实主浊guest ok ,如果我们写成public 那就是翻译成guest,是一个意思,就是是否允许匿名访问,打开了之后匿名用户也只是拥有下载权限;

    # 服务端
    [root@c71 ~]# grep -v "^#" /etc/samba/smb.conf
    [global]
    	workgroup = SAMBA
    	security = user
    	passdb backend = tdbsam
    	printing = cups
    	printcap name = cups
    	load printers = yes
    	cups options = raw
    [samba_share]
    	path = /smb_share
    	public = yes
    
    # 客户端匿名访问测试
    [root@c72 ~]# smbclient //192.168.80.130/samba_share
    Enter SAMBA\root's password: 
    Anonymous login successful
    Try "help" to get a list of possible commands.
    smb: \> put anaconda-ks.cfg 
    NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
    smb: \> get issue 
    getting file \issue of size 23 as issue (3.7 KiloBytes/sec) (average 3.7 KiloBytes/sec)
    smb: \> rm issue 
    NT_STATUS_ACCESS_DENIED deleting remote file \issue
    smb: \> ls
      .                                   D        0  Sun Feb 20 01:52:18 2022
      ..                                  D        0  Sat Feb 19 20:49:26 2022
      fstab                               A      465  Sat Feb 19 21:36:34 2022
      passwd                              N     1483  Sun Feb 20 01:52:18 2022
      issue                               N       23  Sun Feb 20 01:52:18 2022
    
    		52403200 blocks of size 1024. 50726172 blocks available
    
    # 普通用户的权限没变,还是只能下载
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U lisi%cba-123
    Try "help" to get a list of possible commands.
    smb: \> put anaconda-ks.cfg 
    NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
    smb: \> get fstab 
    getting file \fstab of size 465 as fstab (151.4 KiloBytes/sec) (average 151.4 KiloBytes/sec)
    smb: \> rm fstab 
    NT_STATUS_ACCESS_DENIED deleting remote file \fstab
    smb: \> ls
      .                                   D        0  Sun Feb 20 01:52:18 2022
      ..                                  D        0  Sat Feb 19 20:49:26 2022
      fstab                               A      465  Sat Feb 19 21:36:34 2022
      passwd                              N     1483  Sun Feb 20 01:52:18 2022
      issue                               N       23  Sun Feb 20 01:52:18 2022
    
    		52403200 blocks of size 1024. 50726132 blocks available
    
    

    writable

    是否能被所有用户可写,默认是no,等价于read only,writable = yes 等价于 read only = no

    
    # 服务端
    [root@c71 ~]# testparm 
    Load smb config files from /etc/samba/smb.conf
    Loaded services file OK.
    Server role: ROLE_STANDALONE
    
    Press enter to see a dump of your service definitions
    
    # Global parameters
    [global]
    	printcap name = cups
    	security = USER
    	workgroup = SAMBA
    	idmap config * : backend = tdb
    	cups options = raw
    
    [samba_share]
    	guest ok = Yes
    	path = /smb_share
    	read only = No   # 自动翻译成read only
    
    # 客户端匿名用户获得读写权限
    [root@c72 ~]# smbclient //192.168.80.130/samba_share 
    Enter SAMBA\root's password: 
    Anonymous login successful
    Try "help" to get a list of possible commands.
    smb: \> put anaconda-ks.cfg 
    putting file anaconda-ks.cfg as \anaconda-ks.cfg (7.2 kb/s) (average 7.2 kb/s)
    smb: \> rm issue
    
    # 客户端的普通用户还是仅有读的权限
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U zhangsan%cba-123
    Try "help" to get a list of possible commands.
    smb: \> put anaconda-ks.cfg 
    NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
    smb: \> put /etc/issue
    NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \etc\issue
    smb: \> rm issue 
    NT_STATUS_NO_SUCH_FILE listing \issue
    smb: \> get issue 
    NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \issue
    smb: \> get fstab 
    getting file \fstab of size 465 as fstab (75.7 KiloBytes/sec) (average 75.7 KiloBytes/sec)
    
    

    valid users

    valid user 是非常的强劲,不是仅允许谁访问,不在名单内部的都不允许看到,当valied users与write lists同在时,valied users生效。

    # 服务端
    [root@c71 ~]# testparm 
    Load smb config files from /etc/samba/smb.conf
    Loaded services file OK.
    Server role: ROLE_STANDALONE
    
    Press enter to see a dump of your service definitions
    
    # Global parameters
    [global]
    	printcap name = cups
    	security = USER
    	workgroup = SAMBA
    	idmap config * : backend = tdb
    	cups options = raw
    
    [samba_share]
    	guest ok = Yes
    	path = /smb_share
    	read only = No
    	valid users = @development_1
    
    # development 拥有完整的权限
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U lisi%cba-123
    Try "help" to get a list of possible commands.
    smb: \> get issue 
    NT_STATUS_OBJECT_NAME_NOT_FOUND opening remote file \issue
    smb: \> get fstab 
    getting file \fstab of size 465 as fstab (90.8 KiloBytes/sec) (average 90.8 KiloBytes/sec)
    smb: \> rm fstab 
    smb: \> put anaconda-ks.cfg 
    NT_STATUS_ACCESS_DENIED opening remote file \anaconda-ks.cfg
    smb: \> put issue 
    putting file issue as \issue (5.6 kb/s) (average 5.6 kb/s)
    smb: \> exit
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U jia%cba-123
    tree connect failed: NT_STATUS_ACCESS_DENIED
    [root@c72 ~]# smbclient //192.168.80.130/samba_share -U yi%cba-123
    tree connect failed: NT_STATUS_ACCESS_DENIED
    
    # 匿名关闭
    [root@c72 ~]# smbclient //192.168.80.130/samba_share 
    Enter SAMBA\root's password: 
    Anonymous login successful
    tree connect failed: NT_STATUS_ACCESS_DENIED
    

    write list

    完全独立,最好不要与其它选项连用,就是在这个列表里面才有完整的权限

  • 相关阅读:
    回文串---最长回文
    回文串---Hotaru's problem
    回文串--- Girls' research
    回文串---吉哥系列故事——完美队形II
    回文串---Palindrome
    treap树---营业额统计
    treap树---Double Queue
    《程序员代码面试指南》第二章 链表问题 复制含有随机指针节点的链表
    《程序员代码面试指南》第二章 链表问题 将单链表按某值划分为左边小,中间相等,右边大的链表
    《程序员代码面试指南》第二章 链表问题 反转部分单向链表
  • 原文地址:https://www.cnblogs.com/yizhangheka/p/15916253.html
Copyright © 2020-2023  润新知