Practical debugging of Samba server-Linux Enterprise Application-Linux server application information. For details, refer to the following section. The pre-installed samba of fedora is samba-3.0.0-15 and has very powerful functions. The focus of our debugging today is not the new function of samba3.0. We should first implement its basic functions, for the file sharing service, I will elaborate on the domain controller function in the future debugging notes.
The environment we want to implement today is: if the company has three departments: finance, technology, and leadership, we have created three user groups: caiwu, network, and lingdao;
There are two users in each of the three departments. The created users are caiwu01, caiwu02, network01, network02, lingdao01, and lingdao02.
Then, we create the corresponding directories and access permissions for the company's specific circumstances. Through the following example, we hope that you can flexibly apply samba security permissions in your work to set up your samba file server.
1. First, the server uses the user authentication method. Each user can access his/her home directory, and only the user can access the home directory with full permissions, others cannot see your home directory.
2. Create a caiwu folder. If you want the caiwu group and lingdao group to be visible, network02 can also be accessed, but only caiwu01 has the write permission.
3. Create a lindao directory. Only the leaders can access and read/write the directory, and network02 can also be accessed, but outsiders cannot see the directory.
4. Create a file exchange directory for everyone to read and write, including guest users, but everyone cannot delete others' files.
5. Create a public read-only folder, and all users read the contents of this folder.
Okay. Let's start with the preliminary work.
Create three groups:
# Groupadd caiwu
# Groupadd network
# Groupadd lingdao
Add a user to the relevant group:
# Useradd caiwu01-g caiwu
# Useradd caiwu02-g caiwu
# Useradd network01-g network
# Useradd network02-g network
# Useradd lingdao01-g lingdao
# Useradd lingdao02-g lingdao
Then we use the smbpasswd-a caiwu01 command to add the six accounts to the samba users respectively.
# Mkdir/home/samba
# Mkdir/home/samba/caiwu
# Mkdir/home/samba/lingdao
# Mkdir/home/samba/exchange
# Mkdir/home/samba/public
To avoid the trouble, we can set the permissions of all the above folders to 777 here. We can set the above 5 requirements through flexible samba permission management.
The following is my smb. conf configuration file
[Global]
Workgroup = bmit
# My network workgroup
Server string = Frank's Samba File Server
# My Server Name Description
Security = user
# Use User Authentication Mechanism
Encrypt passwords = yes
Smb passwd file =/etc/samba/smbpasswd
# The encrypted password mechanism is used in plain text in win95 and winnt.
Others can basically follow the default one.
[Homes]
Comment = Home Directories
Browseable = no
Writable = yes
Valid users = % S
Create mode = 0664
Directory mode = 0775
# The homes segment meets 1st criteria
[Caiwu]
Comment = caiwu
Path =/home/samba/caiwu
Public = no
Valid users = @ caiwu, @ lingdao, network02
Write list = caiwu01
Printable = no
# Caiwu meets our 2nd requirements
[Lingdao]
Comment = lingdao
Path =/home/samba/lingdao
Public = no
Browseable = no
Valid users = @ lingdao, network02
Printable = no
# The exchange segment can basically meet our 4th requirements, but cannot meet the condition that everyone cannot delete others' files, even if mask is set, in fact, this condition only requires unix to set a sticking bit.
Chmod-R 1777/home/samba/exchange
Note that the permission here is 1777. A similar system directory/tmp also has the same permission. This permission allows everyone to write files freely, but cannot delete other people's files.
[Public]
Comment = Read Only Public
Path =/home/samba/public
Public = yes
Read only = yes
# This public segment can meet our 5th requirements.
So far, our settings have met our file sharing requirements. Remember to restart the service.
#/Etc/rc. d/init. d/smb restart
If you do not have winodws, use the samba cilent command to test it.
I will give you a few examples of command usage here.
Smbclient-L Server ip address-N
Check the samba sharing information of your server in the guest account. You can check whether the samba sharing information can be viewed by the guest account in the lingdao directory. Of course, you can also view the information in the name of a user.
Smbclient-L Server ip address-U caiwu01
The system will prompt the password, as long as you enter the smb password.
Smbclient // server ip/caiwu-U caiwu01
# Log on to the caiwu directory in the name of the caiwu01 user
Smbmount // server ip/caiwu/mnt/caiwu-o username = caiwu01
# Map the financial directory of the server to the local/mnt/caiwu directory.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
