Samba based on virtual user's production environment configuration

A while ago, I joined a laboratory in the school. Later seniors let our team Build a virtual user-based Samba sharing service within 5 days. The requirement is that members of the lab's three teams have access to all shared data, but cannot be uploaded and deleted. Each group leader can upload and delete this group of materials. You also need to use virtual user implementations. At first, everyone was a little confused, and then on the Internet to find information, and finally basically determined a realization plan.

Just started to give a server installed, at first glance, this server has a year, big box like, is the tide of a relatively old machine, 04 into the school, antique-level, haha. As a result, our group of people began to set up, but encountered a lot of problems in the middle. Careful study, this thing still does not support USB (originally intended to use a U disk installed), and try the CD, or not. Finally helpless chose the network installs, builds the PXE installs. Later found that its CPU does not support the 64-bit system, and then made a 32-bit installed. Behold the system is not installed in the first disk, we put the fourth disk in the first card slot (only the fourth disk when the indicator light on), this machine is good. It was a real hassle. At this time, the head felt that the machine was too old to use this machine. Gave us a Dell 6850 machine. The machine is good and loose. However, this machine is supposed to boot the USB stick as a local hard drive (it can be set in the BIOS). Now let's talk about the specific configuration of samba:

Lab Environment: Rhel Enterprise 6.5

SELinux disabled

First, download the installation package

Yum Install-y Samba Samba-common samba-client

Second, the configuration file

vim/etc/samba/smb.conf # # # comment out a shared directory that you do not need homes,printers

650) this.width=650; "Width=" 569 "height=" 585 "src="/e/u261/themes/default/images/spacer.gif "style=" background : URL ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "alt=" Spacer.gif "/>  

[Global]

...

username map =/etc/samba/smbusers # # enabled Samba User Mapping File

###The following are the optimization parameters, see here for details Http://www.arm9home.net/simpl e/index.php?t22607.html or Http://cubie.cc/forum.php?mod=viewthrea d&tid=3714

Socket options = Tcp_nodelay Iptos_lowdelay so_rcvbuf=1048576 so_sndbuf=1048576

AIO Read size = 65536 aio Write size = 65536 Aio Write behind = True

Write Cache size = 2097152 Max XMit = 65536

Large ReadWrite = yes

650) this.width=650; "Width=" 569 "height=" 459 "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "alt=" Spacer.gif "/>

Use Sendfile = yes

Min receivefile size = 16384 GETWD cache = True

Follow symlinks = no wide links = no

Log level = 0

[Share]

Comment = Infor Center path =/data

writable = yes Guest OK = no

vim/etc/samba/smbusers # # # Add Samba User Mappings

650) this.width=650; "Width=" 569 "height=" 168 "src="/e/u261/themes/default/images/spacer.gif "style=" background : URL ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "alt=" Spacer.gif "/>  

system = Vsystem Net = vnet

Deve = Vdeve

Common = User1 user2 user3 user4

Create a shared directory

Mkdir/data

mkdir / data/(develop,system,network)  chown system:system /data/system chown network:network  /data/network chown develop:develop /data/develop

usermod  system net deve respectively as     add-on group plus go to

Useradd -M (System, NET, Deve, common)-s/sbin/nologin

smbpasswd -A (System,net,deve,common) # # Add Samba User Information

Third, set up the firewall

Iptables-f;iptables-x ; Iptables-z # # Clear Firewall Rules

To set a default rule:

Iptables-p INPUT DROP iptables-p OUTPUT Accept iptables-p FORWARD Accept iptables-a input-i lo-j Accept

Set Open ports

Iptables-a input-p TCP--dport 139-j accept iptables-a input-p TCP--dport 445-j accept iptables-a input-p UDP--d Port 137-j Accept iptables-a input-p UDP--dport 138-j Accept

iptables-a input-p tcp--dport 510-j ACCEPT # # will be SSH Port is set to 510 and open to prevent security hazards

Vim/etc/ssh/sshd_config

650) this.width=650, "width=" 569 "height=" "src=", "/e/u261/themes/default/images/spacer.gif", "style=" background: URL ("/e/u261/lang/zh-cn/images/localimage.png") no-repeat center;border:1px solid #ddd; "alt=" Spacer.gif "/>  

PORT 510

Permitrootlogin No # # # # prohibited Root Login

Turn on all services

/etc/init.d/sshd restart

/etc/init.d/iptables Save

/etc/init.d/iptables Restart # # Save firewall Rules

/ETC/INIT.D/SMB Start # # # Open Service

/ETC/INIT.D/NMB Start # # # Open Service

This article is from "Rookie Start" blog, please be sure to keep this source http://ssnail.blog.51cto.com/10273810/1726616

Samba based on virtual user's production environment configuration