To implement file sharing Netstat-apn|grep SMB can be pressed to SMB service, need to turn on 139, 445 port number need to add the following rule in firewall vi/etc/sysconfig/iptables-a input-m State--state N Ew-m tcp-p TCP--dport 8001-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 3306-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 135-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 445-j ACCEPT
How to add multi-port
iptables -I INPUT 8 -p udp -m multiport --dport 137,138 -j ACCEPT iptables -I INPUT 8 -p tcp -m state --state NEW -m multiport --dport 139,445 -j ACCEPTAdd virtual SMB User useradd Admin Add password to virtual user smbpasswd-a admin input two times password edit configuration file/etc/samba/sudouser/etc/samba/smb.conf configuration format [public]
Comment = Public Stuff
browseable = yes
Path =/home/
Public = yes
writable = yes
; printable = no
#; Write list = +staff: note #和; the beginning of the may be commented out of the non-functional configuration # If you have only seen the folder, cannot see the file, may be Samba service and SELinux conflict vi/etc/selinux/config shutdown SELinux #SELINUX =enforcing
Selinux=disable test: Add a network location from the client and enter \\ip\public. Follow the prompts to enter the SMB user name, password with SELinux data:
About SELinux
SElinux provides a flexible, mandatory access control system (MAC) at the Linux kernel level, which is built on a discretionary access control system (DAC).
DAC refers to the system's secure access control, which is freely managed by the root of the system administrator, not the system enforcement behavior
When a Mac runs, such as an application or a thread running with a user uid or suid, it also has access control restrictions on some other objects, such as files, sockets (sockets), or other threads
By running the SELinux Mac kernel, you can protect your system from malicious programs, or bugs in the system itself will not have a fatal impact on the system (limiting the impact to a certain extent)
SELinux defines access and transfer permissions for every user, program, process, and file. Then manage the interaction between all these objects
The full limit of the objects set by SELinux can be specified strictly at the time of installation, or completely disabled, as required
In most cases, SELinux is completely transparent to users, and ordinary users simply do not feel the existence of SELinux, and only system administrators need to consider these user environments and policies. These strategies can be loosely deployed or apply stringent restrictions, and SELinux provides a very specific control strategy that spans the entire Linux system
For example, when an object such as an application wants to access a file object, the control program in the kernel checks the access vector cache (AVC), looks for the permissions of the target and object from here, and if no permission definition is found here, continues querying the top and bottom associations of the security definition, as well as the file permissions, Then make a decision to grant access and deny access. If the avc:denied message appears in Var/log/messages, the access is denied.
Targets and objects determine their own security associations through the installed policies, and these installed policies are responsible for providing information to the system to generate a secure list.
In addition to running the mandatory mode, SELinux can run in the licensing mode, at which point the deny condition is logged after the AVC is checked. SELinux does not enforce the use of this strategy.
The following is a description of SELinux-related tools
/usr/bin/setenforce Modifying the SELinux real-time operation mode
Setenforce 1 setting SELinux to become enforcing mode
Setenforce 0 Setting SELinux to become permissive mode
If you want to completely disable SELinux you need to set the parameter selinux=0 in/etc/sysconfig/selinux, or add this parameter in/etc/grub.conf
/usr/bin/setstatus-v
Configuring Samba for file sharing
