++ ++
Technical data backup
++ ++
0. Prerequisites for setting up a Samba server;
Linux is a multi-user operating system. Setting up any server is related to users, user groups, and permissions. This is the basis for operations. The Samba server is no exception. It is also very important to master this knowledge. Although the shared file server can also be mounted on Windows systems, its permission control is not flattering. If we use Windows to frame a network shared file system, we can also be confused by clicking the mouse. But in Linux, we can easily change the configuration file and build our Samba server in less than a few minutes. Which is easier? Only you know;
For the setup of Samba server, some brothers simply think that they only need to change the configuration file and create the corresponding directory. In fact, this is not the case. We need to do more in-depth work, such as directory permissions and ownership, that is, to allow users and user groups to have read and write permissions. Only by combining the configuration file with the permission of the shared directory can the Samba server be ready;
The following are common basic knowledge. We can find corresponding explanations in the list below for all the content involved in this article;
0.1 tools for viewing the file content and editing the file;
Introduction to Linux File Content viewing tools
File editor vi
0.2 related to files and directories;
Linux File Types and file extensions
Linux file and directory management: listing, deleting, copying, moving, and renaming
Linux file and directory attributes
Brief Introduction to Linux File Search
03 users and user groups;
Linux User and user group management overview
User and group configuration file details
Introduction to Linux User management tools
Linux user query
04 process management;
Linux Process Management
1 Samba Introduction
Samba (SMB) is a network server used for sharing files between Linux and Windows. Samba can be used for sharing files between Windows and Linux, it is also used for file sharing between Linux and Linux. However, for file sharing between Linux and Linux, the Network File System NFS is better, and NFS also needs to set up servers;
We all know that each machine in the Windows network can be a file sharing server or a client, and Samba can do the same, for example, a Linux machine, if the Samba server is mounted, it can act as a shared server, and can also be used as a client to Access Windows shared file systems in other networks, or other Linux sabmba servers;
In Windows network, we can see the shared file function, we can directly use the shared folder as a local hard disk. In Linux, Samba is used to provide a shared file system to machines on the network. It can also be used to mount the sharing of other machines on the local machine; in a sense, this is different from ftp.
The NetBIOS protocol used by Samba. If you fail to use samba,
Linux and Windows, Linux, and Linux
2 Samba functions and application scope
Samba should be mainly used in networks where Windows and Linux systems coexist. If a network environment is a Linux or UNIX system, it is better to use NFS if Samba is not necessary;
So what services does Samba provide for us? Sharing Files and printers;
3 Samba two server-related startup programs, client and server configuration files;
3.1 samba has two servers: SMB and nmb;
SMB is the main startup server of Samba, allowing other machines to know what the machine shares. If the nmb server is not enabled, it can only be accessed through IP addresses, for example, enter the following entry in Windows IE browser for access;
// 192.168.1.5/shared directory
// 192.168.1.5/OPT
Nmb is used for parsing. What does it resolve? Is to shareWorking GroupAndNetBIOS NameResolved;
In general, in the RPM package system, if Samba is installed in the RPM package, you can generally start the Samba server in the following ways;
[Root @ localhost ~] #/Etc/init. d/SMB start
Start the smb service: [OK]
Start nmb service: [OK]
What if it stops? Add stop after SMB; restart is restart
[root@localhost ~]# /etc/init.d/smb stop
[root@localhost ~]# /etc/init.d/smb restart
For all systems, the common method is to run SMB and nmb directly. Of course, you need to know the directory where SMB and nmb are located. If Samba is compiled by yourself, you should know where you put Samba;
[root@localhost ~]# /usr/sbin/smbd
[root@localhost ~]# /usr/sbin/nmbd
Run the following command to check whether the server is running;
[root@localhost ~]# pgrep smbd
[root@localhost ~]# pgrep nmbd
To disable the Samba server, you can also use the following methods, which are mostly common. You need the root permission to execute them;
[root@localhost ~]# pkill smbd
[root@localhost ~]# pkill nmbd
3.2 view the port and firewall of the Samba server;
How can this be used? Sometimes your firewall may block the port of the smbd server, so we should use the port occupied by the smbd server. In the following view, we know that the ports occupied by smbd are 139 and 445;
[root@localhost ~]# netstat -tlnp |grep smb
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 10639/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 10639/smbd
If you have a firewall, you must open these two ports. If you do not know how to open it. Maybe you are a newbie like me, or clear firewall rules;
[Root @ localhost ~] # Iptables-F
Or
[Root @ localhost ~] #/Sbin/iptables-F
3.3 view the configuration file of the Samba server;
If we use the samba software package that comes with the Linux release, the configuration files of the Samba server are generally located in the/etc/samba directory, and the main configuration file of the server is SMB. conf; there are also user configuration files such as smbpasswd, smbusers, and LmHosts (you 'd better check the content of these files); and there is a file such as secrets. TDB, this file is automatically generated by the Samba server startup. Let's add the description of these files according to the progress of the tutorial. All at once, I feel that there is too much content; therefore, only 1.1 points are allowed;
3.4. Some Samba tools (server and client) in Linux );
smbcacls smbcontrol smbencrypt smbmount smbprint smbstatus smbtree
smbclient smbcquotas smbmnt smbpasswd smbspool smbtar smbumount
smbd nmbd mount
Among them, the server side is smbd, nmbd, smbpasswd, and most others are clients. These are not all well-versed, but at least a few must be used; for example, smbmount (that is, the usage of the Mount parameter) and smbclient;
3.5 common tools in Linux: Mount (smbmount) and smbclient; how to view Linux sharing in windows;
3.5.1 view Windows shared files in the network and Samba shared files in the Linux system;
In general, we need to use smbclient; common usage is nothing more than the following;
[Root @ localhost ~] # Smbclient-l // ip address or computer name
Smbclient is a Linux client of Samba. It is used on a Linux machine to view shared resources on the server. Like FTP, users can log on to the Samba server or upload put and download get files, unfortunately, Chinese support is unfriendly;
View resources on the server;
Smbclient-l // ip [-u user name]
If your samba server is configured in user mode, add "-u username". If it is in share mode, skip this step;
For example:
[Root @ localhost ~] # Smbclient-l // 192.168.1.3-u sir01
Password: enter the password of sir01.
If you use the share mode, you can directly use it without paying attention to the user and password;
[Root @ localhost ~] # Smbclient-l // 192.168.1.3
Password: Press enter.
Logon user identity Samba server sharing
After logging on to and sharing as a user, you can upload and download files in the same way as an FTP user. You can use put to upload files and get to download files;
Smbclient // ip address/Shared Folder-u user
Note: IP addresses are all known. If you do not know your own IP addresses, you can use/sbin/ifconfig to view them. Shared Folders are stored in SMB. [shared folder] defined in Conf, such as [sir01]. -U user name indicates the samba user;
For example:
[root@localhost ~]# smbclient //192.168.1.3/sir01 -U sir01
Password:
Domain=[LINUXSIR] OS=[Unix] Server=[Samba 3.0.21b-2]
smb: /> ls
Note:After logging on to the Samba server, you can use commands of smbclient to upload and download files like FTP commands;
Smbclient command description
Command description? Or help [command] provides help for help or a command! [Shell Command] Run the shell command used, or ask the user to enter the shell prompt CD [Directory] to switch to the specified directory on the server, if not specified, then smbclient returns the current local directory LCD [Directory] to switch to the directory specified by the client; Dir or ls to list files in the current directory; exit or quit to exit smbclientget file1 file2 to download file1 from the server, the file name file2 is stored on the local machine. If you do not want to rename file2, You can omit mget file1 file2 file3 filen and download multiple files from the server; the MD or mkdir directory creates the RD or rmdir directory on the server and deletes the put file1 [file2] directory on the server. upload a file file1 to the server and change the name to file2 on the server; mput file1 file2 filen upload multiple files to the server
3.5.2 access the file shared by Linux Samba server in windows;
In this case, you can view the workgroup on the Internet, or enter the following in your browser:
// Ip address or computer name
In this way, you can see what is shared on this machine, and click the mouse to complete the operation. If you cannot access the machine, do not forget to clear the Linux Firewall planning, or let the corresponding port pass;
3.5.3 mount the smbfs File System in Linux;
Mount usage: load the shared folder in the network to the local machine. Mount is used to mount the file system. SMB can also be used as a network file system; smbmount is also a variant of mount;
Mount mounting smbfs usage;
Mount-T smbfs-O codePage = cp936, username = username, password = password,-l // ip address/Shared Folder name mount point
Or
Mount-T smbfs-O codePage = cp936, username = username, password = password,-l // computer name/Shared Folder name mount point
Or
Mount-T smbfs-O codePage = cp936 // ip address or computer name/Shared Folder name mount point
Usage of smbmount:
Smbmount-O username = user name, password = password,-l // ip address or computer name/Shared Folder name mount point
Smbmount // ip address or computer name/Shared Folder name mount point
Note:
If your server is shared by share, you can mount the server without the user name or password. If a password prompt is displayed, press Enter. You can also mount the server with smbmount, in this way, you do not need to use Mount-T smbfs to specify the file system type;
For the mount point, we need to create a folder by ourselves. For example, we can create a folder in/opt/smbhd. You can say this;
In the mount command, we found that there is such a parameter codePage = cp936, which is the encoding of the server-side file system, cp936 is simplified Chinese, of course you can use utf8, etc, try it.
If you mount a remote smbfs File System with garbled characters in simplified Chinese, you must specify the encoding when mounting the file system;
4. The simplest example is the implementation of readable and writable anonymous users;
Step 1: Change smb. conf
Let's implement a simple function so that all users can read and write a folder shared by a Samba server. We need to modify smb. conf. First, back up the smb. conf file;
[root@localhost ~]# cd /etc/samba
[root@localhost samba]# mv smb.conf smb.confBAK
Then we will recreate an smb. conf file;
[root@localhost samba]#touch smb.conf
Then we write the following section into smb. conf;
[global]
workgroup = LinuxSir
netbios name = LinuxSir05
server string = Linux Samba Server TestServer
security = share
[linuxsir]
path = /opt/linuxsir
writeable = yes
browseable = yes
guest ok = yes
Note:
[Global] This section is a global configuration and is required. There are the following rows;
Workgroup is the working group displayed in windows. Here I set linuxsir (in upper case );
NetBIOS name is the name of the computer displayed in windows;
Server String is the description of the Samba server, which can be defined by yourself. This is not important;
Security is the authentication and login method. Here we use share. There are many authentication methods, one of which is also commonly used as the user authentication method. If share is used, you do not need to set the user and password;
[Linuxsir] the shared directory is displayed in windows;
Path = You can set where the directory to be shared is stored;
Whether writeable can be written. Here I set it to writable;
Whether browseable can be viewed or not. If browsed, we can see shared folders under the Working Group. If you do not want to display it, set it to browseable = No.
Guest OK anonymous users log on as guest;
Step 2: create a directory and grant permissions;
[root@localhost ~]# mkdir -p /opt/linuxsir
[root@localhost ~]# id nobody
uid=99(nobody) gid=99(nobody) groups=99(nobody)
[root@localhost ~]# chown -R nobody:nobody /opt/linuxsir
Note:For nobody authorization, we first use the id command to view the information of the nobody user. It is found that the user group is also nobody. We must take this as the standard. In some systems, the nobody user group is not the nobody;
Step 3: Start smbd and nmbd servers;
[root@localhost ~]# smbd
[root@localhost ~]# nmbd
Step 4: Check the smbd process and check whether the Samba server is running;
[root@localhost ~]# pgrep smbd
13564
13568
Step 5: Access Samba server sharing;
In Linux, you can use the following command to access;
[Root @ localhost ~] # Smbclient-l // linuxsir05
Password: Note: Press enter directly.
In Windows, you can use the following method to access;
//LinuxSir05/
5. A complicated User Sharing Model (suitable for small enterprises with around 10 persons );
For example, a company has five departments: linuxsir, sir01, sir02, sir03, and sir04. We want to design a secure file sharing model for this company. Each user has his/her own network disk, and sir01 to sir04 also have a shared network hard disk. All users (including anonymous users) have a shared database, which is read-only for security purposes; all users (including anonymous users) need to have a folder for temporary file final conversion .......
5.1 shared permission design and implementation functions;
1) The linuxsir department has the permission to manage all SMB spaces;
2) sir01 to sir04 have their own space and have absolute privacy for other users except themselves and linuxsir;
3) linuxsir01 to linuxsir04 have a space for common read and write permissions;
4) all users (including anonymous users) have a space with read permission for the database, so data writing is not required.
5) There is also a common space between sir01 and sir04, which is private to users from sir01 to sir04 and cannot be accessed by other users.
6) There is also a space for all users to write, delete, and other functions, and there is no restriction on permissions for the final transfer of temporary documents for all users of the company;
5.2 create a directory on the server;
[root@localhost ~]# mkdir -p /opt/linuxsir
[root@localhost ~]# cd /opt/linuxsir
[root@localhost linuxsir]# mkdir sir01 sir02 sir03 sir04 sirshare sir0104rw sirallrw
[root@localhost linuxsir]# ls
sir01 sir0104rw sir02 sir03 sir04 sirallrw sirshare
Note: The functions are as follows:
/Opt/linuxsir this is the Administrator directory, responsible for managing all the directories under it;
/Opt/linuxsir/sir01 is the home directory of sir01 and is used for private use. Except for the user itself and linuxsir, other users cannot read or write;
/Opt/linuxsir/sir02 is the home directory of sir02 and is used for private use. Except for the user itself and linuxsir, other users cannot read or write;
/Opt/linuxsir/sir03 is the home directory of sir03 and is used for private use. Except for the user itself and linuxsir, other users cannot read or write;
/Opt/linuxsir/sir04 is the home directory of sir04 and is used for private use. Except for the user itself and linuxsir, other users cannot read or write;
/Opt/linuxsir/sirshare users (except linuxsir has permission to write) read-only directory
/Opt/linuxsir/sir01_rw is used to read and write shared directories from sir01 to sir04, But anonymous users cannot read and write;
/Opt/linuxsir/sirallrw is used to read and write all users (including anonymous users;
5.3 Add a user group and set the permission for the home directory of the corresponding directory;
5.3.1 Add a user group;
[root@localhost ~]# /usr/sbin/groupadd linuxsir
[root@localhost ~]# /usr/sbin/groupadd sir01
[root@localhost ~]# /usr/sbin/groupadd sir02
[root@localhost ~]# /usr/sbin/groupadd sir03
[root@localhost ~]# /usr/sbin/groupadd sir04
[root@localhost ~]# /usr/sbin/groupadd sir0104
5.3.2 Add a user;
[root@cuc03 ~]# adduser -g sir01 -G sir0104 -d /opt/linuxsir/sir01 -s /sbin/nologin sir01
[root@cuc03 ~]# adduser -g sir02 -G sir0104 -d /opt/linuxsir/sir02 -s /sbin/nologin sir02
[root@cuc03 ~]# adduser -g sir03 -G sir0104 -d /opt/linuxsir/sir03 -s /sbin/nologin sir03
[root@cuc03 ~]# adduser -g sir04 -G sir0104 -d /opt/linuxsir/sir04 -s /sbin/nologin sir04
[root@cuc03 ~]# adduser -g linuxsir -d /opt/linuxsir -G linuxsir,sir01,sir02,sir03,sir04,sir0104 -d /opt/linuxsir -s /sbin/nologin linuxsir
Why add a user like this? See:
Linux file and directory attributes
Introduction to Linux User management tools
Of course, we have to learn how to use tools to view user information, such as using finger and ID to view user information, mainly to see whether the user is correctly added; for example;SeeLinux user query
[root@localhost ~]# id linuxsir
[root@localhost ~]# finger linuxsir
5.3.3 Add a samba user and set the password;
The method we use is to add users first, but these users are all virtual users, because these users cannot log on to the system through shell; in addition, it is worth noting that the password of the System user is different from that of the samba user. If you have set a system user to be able to log on to the shell, you can set the samba password of the user to be different from the password of the System user to log on through the shell.
We use smbpasswd to add Samba users and Set passwords. The principle is to read the username in the/etc/passwd file.
[Root @ localhost sir01] # smbpasswd-A linuxsir
New smb password: add the password of Samba user linuxsir here;
Retype new smb password: Note: Enter it again;
Use the same method to add passwords for sir01, sir02, sir03, and sir04;
5.3.4 configure the permissions and ownership of related directories;
[root@cuc03 ~]# chmod 755 /opt/linux
[root@cuc03 ~]# chown linuxsir:linuxsir /opt/linuxsir[root@cuc03 ~]# cd /opt/linuxsir
[root@cuc03 ~]# chmod 2770 sir0*
[root@cuc03 ~]# chown sir01.linuxsir sir01
[root@cuc03 ~]# chown sir02.linuxsir sir02
[root@cuc03 ~]# chown sir03.linuxsir sir03
[root@cuc03 ~]# chown sir04.linuxsir sir04
[root@cuc03 ~]# chown linuxsir.sir0104 sir0104rw
[root@cuc03 ~]# chown linuxsir.linuxsir sirshare
[root@cuc03 ~]# chmod 755 sirshare
[root@cuc03 ~]# chown linuxsir:linuxsir sirallrw
[root@cuc03 ~]# chmod 3777 sirallrw
5.4 modify the samba configuration file smb. conf;
The configuration file is as follows. After modifying/etc/samba/smb. conf, do not forget to restart the smbd and nmbd servers;
[Global]
Workgroup = linuxsir
NetBIOS name = linuxsir
Server String = Linux Samba test Server
Security = Share[Linuxsir]
Comment = linuxsiradmin
Path =/opt/linuxsir/
Create mask = 0664
# Create mask is the permission mask used to create files. It is readable and writable to users, readable to user groups, and readable to other users;
Directory mask = 0775
# Directory mask is used to set the permission mask when a user creates a directory, which means that the user and user group can be read and written, and other users can be read and executed;
Writeable = Yes
Valid users = linuxsir
Browseable = Yes
[Sirshare]
Path =/opt/linuxsir/sirshare
Writeable = Yes
Browseable = Yes
Guest OK = Yes
[Sirallrw]
Path =/opt/linuxsir/sirallrw
Writeable = Yes
Browseable = Yes
Guest OK = Yes
[Sir01_rw]
Comment = sir01_rw
Path =/opt/linuxsir/sir01_rw
Create mask = 0664
Directory mask = 0775
Writeable = Yes
Valid users = linuxsir, @ sir0104
# @ Sir0104 is a user group;
Browseable = Yes
[Sir01]
Comment = sir01
Path =/opt/linuxsir/sir01
Create mask = 0664
Directory mask = 0775
Writeable = Yes
Valid users = sir01, @ linuxsir
Browseable = Yes
[Sir02]
Comment = sir02
Path =/opt/linuxsir/sir02
Create mask = 0664
Directory mask = 0775
Writeable = Yes
Valid users = sir02, @ linuxsir
Browseable = Yes
[Sir03]
Comment = sir03
Path =/opt/linuxsir/sir03
Create mask = 0664
Directory mask = 0775
Writeable = Yes
Valid users = sir03, @ linuxsir
Browseable = Yes
[sir04]
comment = sir04
path = /opt/linuxsir/sir04
create mask = 0664
directory mask = 0775
writeable = yes
valid users = sir04,@linuxsir
browseable = yes
5.5 client access;
5.5.1 windows access;
Open Windows's IE browser and access it with an IP address, in the format of // 192.168.1.3. You can also use the shared folder locally. For example, if the sir01 folder is mounted locally, it should be mounted as a sir01 user. The Mount flowchart is as follows;