在公司内部打造一个文件管理系统,其作用域仅仅在公司内部,支持在线对文件的修改和保存操作等,同时也要注意权限问题。
2.策划
目前设立四个群组:运维、开发 、测试和普通,当然所对应的对文件的访问权限也是不一致的,运维具有最高权限,其次才是开发、测试和普通
3.安装与部署
3.1 利用yum安装samba服务器
[root@localhost ~]# yum install -y samba
3.2 利用groupadd建立用户组
[root@localhost ~]# groupadd management
[root@localhost ~]# groupadd development
[root@localhost ~]# groupadd test
[root@localhost ~]# groupadd user
[root@localhost ~]#
3.3 新建用户并且指定群组
[root@localhost ~]# cat /etc/group | egrep "management|development|test|^user:"
management:x:1001:
development:x:1002:
test:x:1003:
user:x:1004:
[root@localhost ~]#
[root@localhost ~]# useradd D17040009 -g 1001
[root@localhost ~]# useradd D17040010 -g 1002
[root@localhost ~]# useradd D17040011 -g 1003
[root@localhost ~]# useradd D17040012 -g 1004
3.4 新建文件夹并且配置ACL权限
[root@localhost home]# mkdir sam
[root@localhost sam]# mkdir management development test user
[root@localhost sam]# setfacl -m g:development:rwx development/
[root@localhost sam]# setfacl -m g:management:rwx management/
[root@localhost sam]# setfacl -m g:management:rwx development/
[root@localhost sam]# setfacl -m g:management:rwx tset/
[root@localhost sam]# setfacl -m g:management:rwx test/
[root@localhost sam]# setfacl -m g:management:rwx user/
[root@localhost sam]# setfacl -m g:development:rwx test/
[root@localhost sam]# setfacl -m g:development:rwx user/
[root@localhost sam]# setfacl -m g:test:rwx test
[root@localhost sam]# setfacl -m g:test:rwx user
[root@localhost sam]# setfacl -m g:user:rwx user
3.5 修改配置文件
[root@localhost sam]# cat /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
# workgroup = SAMBA
workgroup = WORKGROUP
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
# load printers = yes
load printers = no
cups options = raw
log file = /var/log/samba/log.%m
max log size = 50
passdb backend = smbpasswd
username map = /etc/samba/smbusers
[smb]
comment = 5M1330
path = /home/sam
writable = yes
browseable = yes
available = yes
#[homes]
# comment = Home Directories
# comment = 5M1330 Directories
# path = /home/vsftpd
# admin user = root
# valid users = %S, %D%w%S
# valid user = @management,@development,@test,@user
# browseable = yes
# writable = yes
# read only = no
# inherit acls = Yes
# guest ok = no
#[printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
#[print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = root
# create mask = 0664
# directory mask = 0775
4.测试
4.1 登陆用户:D17040009 所属组:management
访问management目录 访问OK 创建文件或文件夹OK访问development目录 访问OK 创建文件或文件夹OK
访问test目录 访问OK 创建文件或文件夹OK
访问user目录 访问OK 创建文件或文件夹OK
4.2 登陆用户:D17040010所属组:development
访问management目录 访问FAIL访问development目录 访问OK 创建文件或文件夹OK
访问test目录 访问OK 创建文件或文件夹OK
访问user目录 访问OK 创建文件或文件夹OK
4.3登陆用户:D17040011所属组:test
访问management目录 访问FAIL访问development目录 访问FAIL
访问test目录 访问OK 创建文件或文件夹OK
访问user目录 访问OK 创建文件或文件夹OK
4.4 登陆用户:D17040012所属组:user
访问management目录 访问FAIL访问development目录 访问FAIL
访问test目录 访问FAIL
访问user目录 访问OK 创建文件或文件夹OK
5.系统维护和故障排除
5.1 无法连接samba服务器
尝试ping一次查看网络能否ping通
查看firewall配置
重启samba服务尝试
5.2 无法创建文件
查看服务器selinux配置
重启samba服务尝试
5.3 新建用户并且加入群组无法访问应该访问的位置
删除用户再次新建