学习linux从实践做起。
实验环境:vmware,cenots 6,xshell
注意:使用vmware 时,网络连接设置成桥接,和宿主机位于同一个网段。
实验需求:模拟实际公司文件服务器。 新建SHARE 文件夹,权限所有人公开
新建IT 文件夹,只对IT部门员工开放
新建DE文件夹,对于DE部门员工开放
实验步骤:
1:由于selinux设置不懂,和iptables 只了解皮毛,为了不必要的麻烦:
关闭selinux :
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
关闭iptables:
[root@localhost ~]# service iptables stop;chkconfig iptables off;chkconfig --list | grep iptables
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables :off :off :off :off :off :off :off
2:reboot,查看并且确保生效
[root@localhost ~]# reboot
之后,继续查看
[root@localhost ~]# chkconfig --list | grep iptables
iptables :off :off :off :off :off :off :off
3:新建SHARE,IT,DE文件夹并设置权限
[root@localhost ~]# mkdir -m /home/SHARE /home/IT /home/DE
[root@localhost ~]# ls -l /home/
total
drwxrwx---. root root Dec : DE
drwxrwx---. root root Dec : IT
drwxrwx---. root root Dec : SHARE
4:新建用户组SHARE,IT,DE,新建IT1,IT2用户,新建DE1,DE2用户(IT1,IT2,DE1,DE2属于SHARE组,IT1,IT2属于IT组,DE1,DE2属于IT组)
[root@localhost ~]# groupadd SHARE;groupadd IT;groupadd DE
[root@localhost ~]# cat /etc/group
...
SHARE:x::
IT:x::
DE:x::
[root@localhost ~]# useradd IT1;usermod -s /sbin/nologin IT1 ;gpasswd -a IT1 IT; useradd IT2;usermod-s /sbin/nologin IT2 ;gpasswd -a IT2 IT; useradd DE1;usermod -s /sbin/nologin DE1 ;gpasswd -a DE1 DE;useradd DE2 ;usermod -s /sbin/nologin DE2 ;gpasswd -a DE2 DE; gpasswd -a IT1 SHARE ;gpasswd -a IT2 SHARE;gpasswd -a DE1 SHARE; gpasswd -a DE2 SHARE [root@localhost ~]# cat /etc/group
...
public:x::IT1,IT2,DE1,DE2
IT:x::IT1,IT2
DE:x::DE1,DE2
IT1:x::
IT2:x::
DE1:x::
DE2:x::
5:安装samba
[root@localhost ~]# yum -y install samba samba-client samba-swat
[root@localhost ~]# rpm -qa | grep samba
samba-winbind-clients-3.6.-.el6_7.x86_64
samba-swat-3.6.-.el6_7.x86_64
samba-client-3.6.-.el6_7.x86_64
samba-3.6.-.el6_7.x86_64
samba-winbind-3.6.-.el6_7.x86_64
samba-common-3.6.-.el6_7.x86_64
6:备份smb.conf
[root@localhost ~]# cp /etc/samba/smb.conf /etc/samba/smb.conf.bk
7:将用户账户添加到samba账户
[root@localhost ~]# smbpasswd -a IT1
New SMB password:
Retype new SMB password:
Added user IT1.
[root@localhost ~]# smbpasswd -a IT2
New SMB password:
Retype new SMB password:
Added user IT2.
[root@localhost ~]# smbpasswd -a DE1
New SMB password:
Retype new SMB password:
Added user DE1.
[root@localhost ~]# smbpasswd -a DE2
New SMB password:
Retype new SMB password:
Added user DE2.
查看samba服务中,注册了哪些用户
[root@localhost ~]# pdbedit -L
IT1::
DE1::
IT2::
DE2::
8:修改smb.conf配置文件
[SHARE]
comment = share
path = /home/SHARE
valid users = @SHARE
read only = No
create mask =
directory mask = [IT]
comment = IT
path = /home/IT
valid users = @IT
read only = No
create mask = [DE]
comment = DE
path = /home/DE
valid users = @DE
read only = No
create mask =
directory mask =
9:重启samba服务:
[root@supker ~]# service smb restart
Shutting down SMB services: [ OK ]
Starting SMB services: [ OK ]
[root@supker ~]# service nmb restart
Shutting down NMB services: [ OK ]
Starting NMB services: [ OK ]
《此处,请允许我感慨一声,真是日了狗了,测试半天,都是没有权限新建文件,然而reboot一下,就可以了!》
10:测试结果展示:
提示:断开共享盘连接的windows CMD命令:net use * /del /y