文件服务器:samba
将samba服务器端目录/smbshare共享,共享名为myshare,共享可以浏览,允许用户rose和用户marry访问
用户rose具有只读权限,marry具有读写权限 (rose和marry系统存在的用户)
服务器:
1、配置yum仓库、安装软件包(samba、samba-client)
[root@stw ~]# cd /etc/yum.repos.d/
[root@stw yum.repos.d]# ls
server.repo
[root@stw yum.repos.d]# mount /dev/cdrom /mnt
mount: /dev/sr0 is write-protected, mounting read-only
[root@stw yum.repos.d]# yum -y install samba samba-client
2、关闭防火墙设置selinux并重启
[root@stw ~]# systemctl stop firewalld.service
[root@stw ~]# systemctl disable firewalld.service
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@stw ~]# setenforce 0
[root@stw ~]# vim /etc/selinux/config
[root@stw ~]# reboot
3、创建共享目录、共享目录下创建file1、file2文件用于测试
[root@stw ~]# mkdir /smbshare
[root@stw ~]# cd /smbshare
[root@stw smbshare]# touch file1 file2
[root@stw smbshare]# ls
file1 file2
4、创建rose、marry用户并把shell环境设为/sbin/nologin
[root@stw ~]# useradd rose
[root@stw ~]# useradd marry
[root@stw ~]# usermod -s /sbin/nologin rose
[root@stw ~]# usermod -s /sbin/nologin marry
5、将rose和marry用户添加进samba用户
smbpasswd -a rose
smbpasswd -a marry
[root@stw ~]# smbpasswd -a rose
New SMB password:
Retype new SMB password:
Added user rose.
[root@stw ~]# smbpasswd -a marry
New SMB password:
Retype new SMB password:
Added user marry.
6、设置samba用户的权限、可以查看samba用户(ACL)
setfacl -m u🌹r-x /smbshare/
setfacl -m u:marry:rwx /smbshare/
pdbedit -L —列出系统上配置为samba用户的所有用户
[root@stw ~]# setfacl -m u:rose:r-x /smbshare
[root@stw ~]# setfacl -m u:marry:rwx /smbshare
[root@stw ~]# pdbedit -L
rose:1001:
marry:1002:
[root@stw ~]# getfacl /smbshare //查看是否配置
getfacl: Removing leading '/' from absolute path names
# file: smbshare
# owner: root
# group: root
user::rwx
user:rose:r-x
user:marry:rwx
group::r-x
mask::rwx
other::r-x
7、修改配置文件
vim /etc/samba/smb.conf
[myshare]
path = /smbshare
browseable = yes
valid users = rose,marry
write list = marry
[root@stw ~]# vim /etc/samba/smb.conf
8、重启服务(smb、nmb)
[root@stw ~]# systemctl restart smb.service
[root@stw ~]# systemctl restart nmb.service
[root@stw ~]# systemctl enable smb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd
[root@stw ~]# systemctl enable nmb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nmb.service to /usr/lib/systemd
客户端:
1、配置yum仓库,安装服务(samba-client 、cifs-utils)
[root@stw2 ~]# yum -y install samba-client cifs-utils
2、匿名用户访问samba服务器共享资源列表
[root@stw2 ~]# smbclient -L 192.168.100.10
Enter SAMBA\root's password:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
smbshare Disk
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.8.3)
Reconnecting with SMB1 for workgroup listing.
Anonymous login successful
Server Comment
--------- -------
Workgroup Master
--------- -------
SAMBA STW
3、samba用户浏览samba服务器共享资源列表
[root@stw2 ~]# smbclient -L 192.168.100.10 -U rose
Enter SAMBA\rose's password:
Sharename Type Comment
--------- ---- -------
smbshare Disk
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.8.3)
rose Disk Home Directories
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
Workgroup Master
--------- -------
SAMBA STW
4、匿名用户访问samba服务器的共享资源(无法访问)
[root@stw2 ~]# smbclient //192.168.100.10/myshare
Enter SAMBA\root's password:
Anonymous login successful
tree connect failed: NT_STATUS_ACCESS_DENIED
5、samba用户浏览samba服务器共享资源(rose用户上传写入文件或目录,marry用户可以)
[root@stw2 ~]# smbclient //192.168.100.10/myshare -U rose
Enter SAMBA\rose's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Aug 14 11:50:01 2025
.. DR 0 Thu Aug 14 11:49:49 2025
file1 N 0 Thu Aug 14 11:50:01 2025
file2 N 0 Thu Aug 14 11:50:01 2025
52403200 blocks of size 1024. 48697424 blocks available
smb: \>
[root@stw2 ~]# touch rose
[root@stw2 ~]# smbclient //192.168.100.10/myshare -U rose
Enter SAMBA\rose's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Aug 14 11:50:01 2025
.. DR 0 Thu Aug 14 11:49:49 2025
file1 N 0 Thu Aug 14 11:50:01 2025
file2 N 0 Thu Aug 14 11:50:01 2025
52403200 blocks of size 1024. 48697424 blocks available
smb: \> put rose
NT_STATUS_ACCESS_DENIED opening remote file \rose
smb: \> exit
[root@stw2 ~]# smbclient //192.168.100.10/myshare -U marry
Enter SAMBA\marry's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Thu Aug 14 11:50:01 2025
.. DR 0 Thu Aug 14 11:49:49 2025
file1 N 0 Thu Aug 14 11:50:01 2025
file2 N 0 Thu Aug 14 11:50:01 2025
52403200 blocks of size 1024. 48698012 blocks available
smb: \> put rose
putting file rose as \rose (0.0 kb/s) (average 0.0 kb/s)
smb: \> ls
. D 0 Thu Aug 14 15:39:19 2025
.. DR 0 Thu Aug 14 11:49:49 2025
file1 N 0 Thu Aug 14 11:50:01 2025
file2 N 0 Thu Aug 14 11:50:01 2025
rose A 0 Thu Aug 14 15:39:19 2025
52403200 blocks of size 1024. 48698012 blocks available
smb: \>
6、使用mount命令讲samba服务器共享资源挂载到本地目录下
交互式挂载—等待你输入密码(rose用户不能在挂载目录中创建文件、marry用户可以在挂载文件中创建目录)
[root@stw2 ~]# mkdir /smbmount
[root@stw2 ~]# mount -t cifs -o username=rose //192.168.100.10/myshare /smbmount
Password for rose@//192.168.100.10/myshare: ****
[root@stw2 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 xfs 50G 3.6G 47G 8% /
devtmpfs devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs tmpfs 2.0G 13M 2.0G 1% /run
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 163M 852M 17% /boot
tmpfs tmpfs 394M 12K 394M 1% /run/user/42
tmpfs tmpfs 394M 0 394M 0% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt
//192.168.100.10/myshare cifs 50G 3.6G 47G 8% /smbmount
[root@stw2 ~]# cd /smbmount
[root@stw2 smbmount]# ls
file1 file2
[root@stw2 smbmount]# touch file3
touch: cannot touch ‘file3’: Permission denied
[root@stw2 smbmount]# cd
[root@stw2 ~]# umount /smbmount
[root@stw2 ~]# mount -t cifs -o username=marry //192.168.100.10/myshare /smbmount
Password for marry@//192.168.100.10/myshare: *****
[root@stw2 ~]# cd /smbmount
[root@stw2 smbmount]# ls
file1 file2
[root@stw2 smbmount]# touch file3
[root@stw2 smbmount]# ls
file1 file2 file3
非交互式挂载—直接挂载上、不用密码
[root@stw2 ~]# umount /smbmount //先取消一下刚刚的挂载
[root@stw2 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 xfs 50G 3.6G 47G 8% /
devtmpfs devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs tmpfs 2.0G 13M 2.0G 1% /run
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 163M 852M 17% /boot
tmpfs tmpfs 394M 12K 394M 1% /run/user/42
tmpfs tmpfs 394M 0 394M 0% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt
[root@stw2 ~]# mount -t cifs -o username=marry,password=marry,sec=ntlmssp //192.168.100.1
[root@stw2 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 xfs 50G 3.6G 47G 8% /
devtmpfs devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs tmpfs 2.0G 13M 2.0G 1% /run
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 163M 852M 17% /boot
tmpfs tmpfs 394M 12K 394M 1% /run/user/42
tmpfs tmpfs 394M 0 394M 0% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt
//192.168.100.10/myshare cifs 50G 3.6G 47G 8% /smbmount
[root@stw2 ~]# vim /etc/fstab //下次启动生效(永久挂载)
[root@stw2 ~]# mount -a
7、多用户挂载,使用multiuser选项
让普通用户stw借用marry的权限能够在挂载点中写入文件或者目录(即使挂载的是rose用户)
[root@stw2 ~]# ls /home
stw
[root@stw2 ~]# su - stw //先切换到普通用户,发现普通用户是没有写入权限的
[stw@stw2 ~]$ cd /smbmount
[stw@stw2 smbmount]$ ls
file1 file2 file3
[stw@stw2 smbmount]$ touch file4
touch: cannot touch ‘file4’: Permission denied
[stw@stw2 smbmount]$ exit
logout
只能用root的身份调用marry来执行写入权限,普通用户没有写入权限
挂载rose用户,root用户也没有写入权限(多用户挂载需要在配置文件中加上multiuser)
[root@stw2 ~]# umount /smbmount
[root@stw2 ~]# vim /etc/fstab
[root@stw2 ~]# mount -a
[root@stw2 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sda2 xfs 50G 3.6G 47G 8% /
devtmpfs devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs tmpfs 2.0G 13M 2.0G 1% /run
tmpfs tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda1 xfs 1014M 163M 852M 17% /boot
tmpfs tmpfs 394M 12K 394M 1% /run/user/42
tmpfs tmpfs 394M 0 394M 0% /run/user/0
/dev/sr0 iso9660 4.3G 4.3G 0 100% /mnt
//192.168.100.10/myshare cifs 50G 3.6G 47G 8% /smbmount
[root@stw2 ~]# cd /smbmount
[root@stw2 smbmount]# ls
file1 file2 file3
[root@stw2 smbmount]# touch file4
touch: cannot touch ‘file4’: Permission denied
然后切换到普通用户stw,执行多用户挂载命令(调用marry的权限)
[root@stw2 ~]# su - stw
Last login: Thu Aug 14 15:51:48 CST 2025 on pts/0
[stw@stw2 ~]$ cd /smbmount
[stw@stw2 smbmount]$ ls
ls: reading directory .: Permission denied
[stw@stw2 smbmount]$ cifscreds add 192.168.100.10 -u marry
Password:
[stw@stw2 smbmount]$ cd /smbmount
[stw@stw2 smbmount]$ ls
file1 file2 file3
[stw@stw2 smbmount]$ touch file4
[stw@stw2 smbmount]$ ls
file1 file2 file3 file4
因为普通用户stw调用的是marry的权限,所以即使挂载的是rose用户,stw用户也可以写入文件或目录
可以查看到file4的所属用户为marry(服务器中查看)
[root@stw smbshare]# ll
total 0
-rw-r--r-- 1 root root 0 Aug 14 11:50 file1
-rw-r--r-- 1 root root 0 Aug 14 11:50 file2
-rwxr--r-- 1 marry marry 0 Aug 14 15:43 file3
-rwxr--r-- 1 marry marry 0 Aug 14 16:00 file4