SambaThe service can not only implement linuxAnd winFile Sharing between linux instances.And linuxSharing between sambaOnly local users on the server are allowed.
The environment in this article is configured when selinux is enabled
Samba service configuration:
Preferred installation of samba software package:
Create a directory to be shared: Modify the directory permission
Create several files in the directory to show the differences:
Install the software package for modifying the Directory Security Context:
Modify the security context of a directory:
You can also useChcon-t samba_share_t/helloStability is not always effective
View the modified directory security context:
Configure the samba server:
Here is an example of parameters:
Restart the service:
Anonymous user test:(Anonymous users cannot useSambaService)
However, anonymous users can view sambaDirectory shared by the server:
Add two samba users:
Log on with a local user: (if you have added a samba user and do not write a directory, the system can log on by default)
Although the write permission is granted to the directory, it is found that the directory cannot be uploaded,Directory permissions andSambaSet the configuration file permissions to the intersection.
Test on the Win client: (as long as we log on to the samba service, we need a user name and password to prevent anonymous users from accessing the service. The linux client can still see the shared directory, win, you only need a password to log on, and you have no permission to view the password, which is stricter)
Log On with samba :(Default Configuration FileSambaThe user's home directory is opened.)
Try to open the westos shared directory: (no problem at all)
Let's create a file. OK? (Prompt no permission)
Let's see if you can use the home directory of lee users :(No. This is because of ourSelinxuThe Boolean value does not open the Home Directory, so it can only be viewed as inaccessible)
The cache of the Win system is well established. As long as we have accessed the samba service, you can access it again within a certain period of time without the user name. The password can be directly entered. Use the following method to disconnect
We re-configure the samba service: public is added, and everyone can see this directory.
Client test :(Anonymous Users can log on) The linux client can be used. windows won't work. You will be prompted to ask for the user name and password as soon as you log on.
Try again for common users:
ConfigurationSambaService:Writeable = yesAll users have write permissions, including anonymous users.
Anonymous user:
You can log in and upload files.
Test Local User: Upload is normal
Win client test:
If you have the write permission, you can delete, create a directory, and upload a file:
Configure the samba service:Write list =Specify that a user has the write permission, but no one else has:
Client test: redhat user
Lee User:
Not OK, no permission
Configure the samba service:@ RedhatThis group can be written, but others cannot.
Add the lee user to the redhat group:
Client test: lee user can write again
Configure the samba service: Hide the westos directory
Test: The westos directory is completely invisible.
The Windows client also tests that samba local users cannot see
Yes, right?
Configure the samba service: Valid users for this directory
Test: inaccessible
Test with win: We found that you still need the password username to enter this directory,
Add an administrator to the samba service:
What does the Administrator think? This is the file we uploaded, the owner, and the owner group, almost all belong to the login user identity. However, when a lee user acts as the administrator, all his actions will be changed to the root identity.
There are many other parameters:
Password server = # other NT servers, or samba servers, but security = The ntbios name of the server or domain
Hosts allow = 192.168.0. # specify which hosts can access
Hosta deny = 192.168.8. # specify which hosts are not accessible
Interfaces = 192.168.0.100/255.255.255.0 # set which network interfaces samba will provide services.
Log file =/var/log/samba/% m. log # log file
Max log size = 0 # log File size
Log level = 0 # log level 0 indicates no, 3 is generally reasonable
Syslog = 2 # syslog Log Level (0, err) (1, warning) (2, notice) (3, ifno) (4 or above, debug)
Syslog only = yes # only Use System logs to disable samba logs