一、samba 要求
公司有財務,技術,領導3個部門,我們分別為3個部門建立3個用戶組為caiwu,network,lingdao;
三個部門里各有2個用戶,我們建用戶分別為 caiwu01,caiwu02,network01,network02,lingdao01,lingdao02
Samba權限划分:
1,每個用戶可以訪問自己的宿主目錄,並且只有該用戶能訪問宿主目錄,並具有完全的權限,而其他人不能看到你的宿主目錄。
2,建立一個caiwu的目錄,caiwu組和lingdao組的人能看到,但是只有caiwu01有寫權限,network02有訪問權限。
3,建立一個領導目錄,只有領導組的人可以訪問並讀寫或指定network02可以訪問,但外人看不到。
4,建立一個共享目錄exchange,所有人都能讀寫,但每個人不能刪除別人的文件。
5,建立一個只讀目錄public,所有人只能讀這個目錄的內容。
二、操作
#sudo groupadd caiwu
#sudo groupadd network
#sudo groupadd lingdao
#sudo useradd caiwu01 -g caiwu
#sudo useradd caiwu02 -g caiwu
#sudo useradd network01 -g network
#sudo useradd network02 -g network
#sudo useradd lingdao01 -g lingdao
#sudo useradd lingdao02 -g lingdao
然后我們編輯用戶密碼
sudo smbpasswd -a caiwu01
sudo smbpasswd -a caiwu02
sudo smbpasswd -a network01
sudo smbpasswd -a network02
sudo smbpasswd -a lingdao01
sudo smbpasswd -a lingdao02
刪除用戶
sudo smbpasswd -x username
創建用戶的自己目錄
sudo mkdir /home/caiwu01
sudo mkdir /home/caiwu02
sudo mkdir /home/lingdao01
sudo mkdir /home/lingdao02
sudo mkdir /home/network01
sudo mkdir /home/network02
修改用戶目錄權限
sudo chmod -R 777 /home/caiwu01
sudo chmod -R 777 /home/caiwu02
sudo chmod -R 777 /home/lingdao01
sudo chmod -R 777 /home/lingdao02
sudo chmod -R 777 /home/network01
sudo chmod -R 777 /home/network02
創建用戶的共享目錄
#sudo mkdir /home/samba
#sudo mkdir /share/samba/Team-L1
#sudo mkdir /share/samba/Leader
#sudo mkdir /share/samba/exchange
#sudo mkdir /home/samba/public
我們為了避免麻煩可以在這里把上面所有的文件夾的權限都設置成777,我們通過samba靈活的權限管理來設置上面的5點要求。
sudo chmod -R 777 /home/samba
sudo chmod -R 777 /home/samba/*
sudo chmod -R 1777 /home/samba/exchange
注意這里權限是1777,類似的系統目錄/tmp也具有相同的權限,這個權限能實現每個人能自由寫文件,但不能刪除別人的文件
三、sudo vim /etc/samba/smb.conf
[global]
workgroup = WorkGroup
security = user
log file = /var/log/samba/%m.log
passdb backend = tdbsam
log level = 10
printing = cups
printcap name = cups
load printers = yes
cups options = raw
#map to guest = Bad User
server multi channel support = yes
vfs objects = aio_pthread
aio read size = 1
aio write size = 1
strict locking = No
max log size = 10240
#Audit settings
;full_audit:prefix = %u|%I|s
;full_audit:failure = connect
;full_audit:sucess = connect disconnect opendir mkdir rmdir closedir open close fchmod chown fchown chdir
;full_audit:facility = local5
;full_audit:priority = notice
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
#Team-L1,Team-L2,Leader組都可以訪問,但是只有Team-L1組的人有所有權限
[Team-L1]
comment = Shared Folder
path = /share/samba/Team-L1
valid users = @Team-L1,@Team-L2,@Leader
#admin users = @Team-L1,@Leader
browseable = yes
public = yes
writable = no
write list = @Team-L1
printable = no
create mask = 0777
directory mask = 0777
available = yes
#只有@Leader組和L2用戶下的可以訪問,但是只有Leader組下人員有讀寫權限
[Leader]
comment = Shared Folder
path = /share/samba/Leader
valid users = @Leader,L2
browseable = yes
writable = no
write list = @Leader
public = yes
printable = no
create mask = 0777
directory mask = 0777
available = yes
#只讀目錄,所有人都可以訪問沒有其他權限,L2用戶有管理權限
[ReadOnly]
comment = Shared Folder
path = /share/samba/ReadOnly
valid users = @Team-L1,@Team-L2,@Leader
admin users = L2
browseable = yes
public = yes
read only = yes
write list = L1
printable = no
create mask = 0774
directory mask = 0774
available = yes
#共享目錄,所有人都可以訪問讀寫,但是只能讀寫自己創建的目錄或文件,@Leader組下的有管理員權限
[share]
comment = Shared Folder
path = /share/samba/share
valid users = @Team-L2,@Team-L1,@Leader
admin users = @Leader
browseable = yes
public = yes
writable = yes
printable = no
create mask = 1744
directory mask = 1755
available = yes