Configure access control for Samba File Sharing

Create a Samba File Server to implement access control for different user groups.

Required Software

[[Email protected] ~] Yum-y install samba-client samba-common

The general configuration is as follows (write only the main configuration)

[Global]

Workgroup = workgroup // Samba is mainly used for cross-platform sharing. Generally, Windows is a workgroup group.

Security = user // security level configuration to implement access control for different users and groups.
Load printers = No // whether to display the printer. The default value is yes. If not, set it to No.

// Whether to display the user's home directory. I will not display it here. I added it to the front and commented it out. Here, #,; are all comments, but; the comments are the cases in the configuration file, and # are the real comments.
; [Homes]
; Comment = Home Directories
; Browseable = No
; Writable = Yes
; Valid users = % s
; Valid users = mydomain \ % s

[Product]
Comment = product department share
Path =/data/product
Writable = Yes
Browseable = Yes
Read list = @ Product
Write list = @ Product
[Cusotmer]
Comment = customer service department share
Path =/data/customer
Browseable = Yes
Writable = Yes
Read list = @ Kefu
Write list = @ Kefu

The configuration file is complete. The following figure shows the users who access the Samba server.

Add group and user

[[Email protected] ~] Groupadd Kefu
[[Email protected] ~] Groupadd Product
[[Email protected] ~] Useradd-G Kefu-m-S/sbin/nologin Kefu
[[Email protected] ~] Useradd-G product-m-S/sbin/nologin Product

[[Email protected] ~] Chown. Kefu customer/

[[Email protected] ~] Chown. Product product/

[[Email protected] ~] Chmod 770 customer/product/
This is my directory permission. The two shared directories can be seen after the user enters, but no one can go into the target directory. If the target user is allowed to view them, set the permission to 755.

Drwxrwx ---. 5 root Kefu 4096 Aug 14 customer
Drwxrwx ---. 3 root product 4096 Aug 14 :55 Product

Note: The user accessing the Samba server must exist in/etc/passwd. The access password cannot be the same as the user's password in the system. You do not need to set the password in the system.

[[Email protected] ~] Pdbedit-a product // set the product user to the samba access user. Press enter and you will be asked to enter the password twice.
[[Email protected] ~] Pdbedit-A Kefu

[[Email protected] ~] Pdbedit-l // view the samba access user we set.

Product: 503:
Kefu: 502:

Restart the Samba server.

[[Email protected] ~] Testparm // test whether the Configuration File Syntax is correct

[[Email protected] ~] Service SMB start

Test

Windows client access through UNC path

\ X. x

Enter the username and password for Samba access set above.

This article from the "Linux cainiao" blog, please be sure to keep this source http://ludihua.blog.51cto.com/4601284/1540394