2:samba配置,zhangsan,lisi,wangwu同属于sharedgroup组,在samba中共享/shared目录,要求三个用户都能访问自己的home目录,但wangwu访问不了/shared目录,其他两个用户可以将家目录中的文件存放在/shared目录下共享
[root@server ~]# rpm -qa |grep samba //若未安装,可以使用yum groupinstall -y "Windows File Server"命令安装
system-config-samba-1.2.41-5.el5
samba-common-3.0.33-3.14.el5
samba-client-3.0.33-3.14.el5
samba-3.0.33-3.14.el5
[root@server ~]# groupadd sharedgroup //添加sharedgroup组,并加三个用户加入该组
[root@server ~]# useradd -g sharedgroup -s /sbin/nologin zhangsan
[root@server ~]# useradd -g sharedgroup -s /sbin/nologin lisi
[root@server ~]# useradd -g sharedgroup -s /sbin/nologin wangwu
[root@server ~]# smbpasswd -a zhangsan //将前面创建的三个系统用户加入samba验证数据库
New SMB password:
Retype new SMB password:
Added user zhangsan.
[root@server ~]# smbpasswd -a lisi
New SMB password:
Retype new SMB password:
Added user lisi.
[root@server ~]# smbpasswd -a wangwu
New SMB password:
Retype new SMB password:
Added user wangwu.
[root@server ~]# mkdir /shared //创建shared目录,并修改属组,权限和selinux的语境,布尔值
[root@server ~]# chcon -t samba_share_t /shared
[root@server ~]# chown root.sharedgroup /shared/
[root@server ~]# chmod 2770 /shared/
[root@server ~]# ll -Zd /shared/
drwxrws--- root sharedgroup root:object_r:samba_share_t /shared/
[root@server ~]# setsebool -P samba_enable_home_dirs on //若不调整selinux布尔值,则用户无法进入自己的家目录
[root@server ~]# tail -5 /etc/samba/smb.conf //修改samba主配置文件如下
[shared] //共享名
path = /shared //共享的物理路径
comment = share directory //共享注释信息
readonly = no //可写入
valid users = zhangsan lisi //允许访问的用户列表,@sharedgroup代表整个组,基于用户级的访问控制
[root@server ~]# grep 'security' /etc/samba/smb.conf |head -1
security = user //samba的认证级别为user
[root@server ~]# grep '192.168.100.20' /etc/samba/smb.conf
hosts allow = 192.168.100.20 127.0.0.1 //只允许本机进行访问,基于主机级的访问控制
[root@server ~]# ifconfig |grep 'inet addr'
inet addr:192.168.100.20 Bcast:192.168.100.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
[root@server ~]# service smb start //启动服务,并保证下次开机自动启动
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@server ~]# chkconfig smb on