Original address: http://www.5ilinux.com/samba.html
Reprint, please indicate the source, thank you!
Fedora pre-installed Samba is already Samba-3.0.0-15, which is very powerful. Today we debug the focus is not new features of Samba 3.0, we will first achieve his basic functions, file sharing services, as for the domain The controller function I will explain in the subsequent debugger.
The environment we have to achieve today is that if the company has financial, technology, leaders, we have established 3 user groups for 3 departments for Caiwu, NetWork, Lingdao;
There are 2 users in the three departments, and our construction users are caiwu01, caiwu02, network01, network02, lingdao01, lingdao02
Then we establish a corresponding directory and access rights on the company's specific situation. By the following examples, I hope that everyone can set your Samba file server in the usual work. SAMBA security permissions.
1. First, the server uses user authentication, each user can access its host directory, and only the user can access the host directory and have full permissions, and others can't see your host directory.
2. Create a CAIWU folder, I hope that the Caiwu group and the lingdao group can see that NetWork02 can also be accessed, but only the CAIWU01 has written permissions.
3. Building a Lindao directory, only the personnel of the leaders can access and read and write, and NetWork02 can also be accessed, but the outsiders can't see that directory.
4. It is recommended that a file exchange directory Exchange, everyone can read and write, including guest users, but everyone can't delete files.
5. It is recommended that a public read-only folder public, everyone reads only the contents of this folder.
Ok, let's first come to the early work.
#groupadd caiwu
#groupadd network
#groupadd lingdao
# useradd caiwu01 -g caiwu
# useradd caiwu02 -g caiwu
# uSERADD NETWORK01 -G NetWork
# useradd network02 -g networkWork
# useradd lingdao01 -g lingdao
# useradd lingdao02 -g lingdao
Then we use the smbpasswd -a caiwu01 command to add 6 accounts to the Samba user.
#mkdir / home / samba
#mkdir / home / samba / caiwu
#mkdir / home / samba / lingdao
#mkdir / home / Samba / Exchange
#mkdir / home / samba / public
In order to avoid trouble, we can set the permissions of all the folders above to 777, and we have set up 5 points above through Samba.
The following is my SMB.conf profile
[global]
Workgroup = BMIT
# My Network Working Group
Server string = frank's Samba File Server
# 我 服务 服务 名 Description
Security = user
# Use the user verification mechanism
Encrypt passwords = yes
SMB Passwd File = / etc / samba / smbpasswd
# Use the encrypted cryptographic mechanism, use it in Win95 and Winnt
Other can basically follow the default.
[homes]
Comment = Home Directories
Browseable = no
Writable = yesvalid users =% s
Create Mode = 0664
Directory mode = 0775
#HOMES to meet the first condition
[caiwu]
Comment = caiwu
Path = / home / samba / caiwu
Public = no
Valid users = @ caiwu, @ lingdao, network02
Write List = caiwu01
Printable = NO
#caiwu Meets to meet our second requirements
[lingdao]
Comment = lingdao
Path = / home / samba / lingdao
Public = no
Browseable = no
Valid users = @ lingdao, network02
Printable = NO
#LINGDAO can meet our third request
[eXchage]
Comment = Exchange File Directory
Path = / home / samba / exchange
Public = yes
Writable = yes
#exchange segment can basically meet our fourth request, but you can't meet this condition of each person who can't delete someone else, even if it sets Mask, it is useless. In fact, this condition will set a sticky bit.
CHMOD -R 1777 / HOME / Samba / Exchange
Note that the permissions are 1777, similar system directory / TMP also has the same permissions, this permission can implement each person's free to write files, but cannot delete this request for others.
[public]
Comment = Read Only public
Path = / home / samba / public
Public = yes
oud all = yes
# This public segment can meet our 5th requirements.
To this, our settings have been able to realize our shared file requirements, remember to restart the service.
# / etc / rc.d / init.d / smb restart
If you don't have WinodWs, you may wish to test it with Samba's Cilent end command.
The usage of orders, I only mention a few examples here, and the specific people go to the test.
SMBCLIENT -L server IP-N
The guest account queries your server's Samba sharing, you can check if the lingdao directory can be seen by the guest account, should not be seen, of course you can view a certain user
SMBCLIENT -L server ip -u caiwu01
The system will prompt the password, just enter the SMB password.
SMBClient // Server IP / CAIWU -U Caiwu01
# Log in to the CAIWU directory in the name of caiwu01 users
SMBMOUNT / / server IP / CAIWU / MNT / CAIWU -O uname = caiwu01
# Map the server's financial directory to the local / MNT / CAIWU directory