新秀篇 ##linux中CIFS文件系统##
程序员文章站
2022-05-11 18:06:19
...
CIFS (Common Internet File System)简介:
通用Internet文件系统在windows主机之间进行网络文件共享是通过使用微软公司自己的CIFS服务实现的。CIFS 是一个新提出的协议,它使程序可以访问远程Internet计算机上的文件并要求此计算机的服务。CIFS 使用客户/服务器模式。客户程序请求远在服务器上的服务器程序为它提供服务。服务器获得请求并返回响应。CIFS是公共的或开放的SMB协议版本,并由Microsoft使用。SMB协议现在是局域网上用于服务器文件访问和打印的协议。象SMB协议一样,CIFS在高层运行,而不象TCP/IP协议那样运行在底层。CIFS可以看做是应用程序协议如文件传输协议和超文本传输协议的一个实现。
CIFS (Common Internet File System)功能:
1.访问服务器本地文件并读写这些文件
2.与其它用户一起共享一些文件块
3.在断线时自动恢复与网络的连接
4.使用西欧字符文件名
一般来说,CIFS使用户得到比FTP更好的对文件的控制。它提供潜在的更直接地服务器程序接口,这比使用HTTP协议的浏览器更好。CIFS最典型的应用是windows用户能够从“网上邻居”中找到网络中的其他主机并访问其中的共享文件夹.
samba的服务安装以及配置:
1.安装samba服务:
服务端(server虚拟机172.25.254.220):
[root@server ~]# yum install samba samba-client samba-common -y ##安装服务(samba服务器应用程序 samba-client客户端应用程序 samba-common是samba的支持文件)
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
Package samba-common-4.1.1-31.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
[root@server ~]# systemctl start smb ##开启服务
[root@server ~]# systemctl enable smb.service ##开机自动开启
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl stop firewalld ##关闭防火墙
[root@server ~]# systemctl disable firewalld ##开机自动关闭防火墙
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@server ~]# netstat -antlupe | grep smb ##查看服务使用的端口445 139
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 59714 3257/smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 59715 3257/smbd
tcp6 0 0 :::445 :::* LISTEN 0 59712 3257/smbd
tcp6 0 0 :::139 :::* LISTEN 0 59713 3257/smbd 客户端(desktop虚拟机127.25.254.120):
[[email protected] ~]# yum install samba-client -y ##安装服务
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
Resolving Dependencies
--> Running transaction check
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
[[email protected] ~]# smbclient -L //172.25.254.220 ##登陆到服务端的smb
Enter root's password: ##此时是非用户登陆,没有密码
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- ------- ##里面是空的,什么都没有
2.建立用户登陆:必须是虚拟机里真实存在的用户:
服务端(server虚拟机):
[root@server ~]# id student ##student是存在的
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@server ~]# useradd westos ##没有westos用户,需要先在虚拟机里添加用户
[root@server ~]# id westos ##添加成功
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server ~]# smbpasswd -a student ##添加smb用户student
New SMB password:
Retype new SMB password:
Added user student.
[root@server ~]# smbpasswd -a westos ##添加smb用户westos
New SMB password:
Retype new SMB password:
Added user westos.
[root@server ~]# pdbedit -L ##查看smb用户
student:1000:Student User
westos:1001: ##添加用户成功
[root@server ~]# getsebool -a | grep samba ##查看samba服务接口
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@server ~]# setsebool -P samba_enable_home_dirs on ##开启samba家目录接口客户端(desktop虚拟机):
[[email protected] ~]# smbclient //172.25.254.220/student -U student ##使用student用户登陆服务端的smb
Enter student's password: ##输入刚才设置的密码
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls ##可以查看student用户共享的家目录
NT_STATUS_ACCESS_DENIED listing \* ##这个报错是在selinux开启的情况下,无法看到用户里面共享的文件,需要在服务端开启服务接口
smb: \> ls
. D 0 Thu Jul 10 19:06:52 2014
.. D 0 Fri Jun 1 21:46:23 2018
.bash_logout H 18 Wed Jan 29 07:45:18 2014
.bash_profile H 193 Wed Jan 29 07:45:18 2014
.bashrc H 231 Wed Jan 29 07:45:18 2014
.ssh DH 0 Thu Jul 10 18:19:10 2014
.config DH 0 Thu Jul 10 19:06:53 2014
40913 blocks of size 262144. 28597 blocks available 3.上传文件实用samba服务进行共享:
客户端(desktop虚拟机):
第一种挂载方式:
[root@client ~]# vim /etc/fstab ##编辑文件进行挂载
写入://172.25.254.220/student /mnt cifs defaults,username=student,password=redhat 0 0
[root@client ~]# mount -a ##挂载
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3182012 7291888 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 84 484848 1% /dev/shm
tmpfs 484932 12788 472144 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.220/student 10473900 3157052 7316848 31% /mnt ##挂载成功
[root@client ~]# cd /mnt ##移动路径
[root@client mnt]# touch file{1..8} ##建立文件
[root@client mnt]# ls ##查看
file1 file2 file3 file4 file5 file6 file7 file8第二种挂载方式:
[root@client ~]# vim /etc/rc.d/rc.local ##编辑文件进行挂载
写入:mount //172.25.254.220/student /mnt/ -o username=student,password=redhat
[root@client ~]# chmod -x /etc/rc.d/rc.local ##给一个可执行权限
[root@client ~]# reboot ##重启虚拟机
Connection to 172.25.254.120 closed by remote host.
Connection to 172.25.254.120 closed.
[kiosk@foundation20 Desktop]$ ssh root@172.25.254.120 ##用真机连接
reroot@172.25.254.120's password:
[[email protected] ~]# df ##查看挂载
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3180840 7293060 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12764 472168 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2339 451840 1% /home
//172.25.254.220/student 10473900 3157032 7316868 31% /mnt ##开机自动挂载成功
[[email protected] mnt]# touch file{1..8} ##建立文件
[[email protected] mnt]# ls ##查看
file1 file2 file3 file4 file5 file6 file7 file8
服务端(server虚拟机):
[[email protected] ~]# cd /home/student ##移动路径
[[email protected] student]# ls ##可以查看到在客户端用student建立的文件
file1 file2 file3 file4 file5 file6 file7 file84.改变工作组名称:
客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220 ##查看基本信息
Enter root's password:
Anonymous login successful
Domain=[MYGROUP] 【工作组】 OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------服务端(server虚拟机):
[root@server ~]# rpm -qc samba-common ##查看samba的系统文件
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf
/etc/sysconfig/samba
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件
89 workgroup = WESTOS ##改变工作组名称
[root@server ~]# systemctl restart smb.service ##重启服务
客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220 ##查看基本信息
Enter root's password:
Anonymous login successful
Domain=[WESTOS] 【工作组】 OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------5.建立黑白名单:
【白名单】:在服务端配置文件,添加白名单用户,然后再客户端与真机进行测试
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件,添加白名单
98 hosts allow = 172.25.254.120 ##添加172.25.254.120可以访问
[root@server ~]# systemctl restart smb.service ##重启服务进行测试:
客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220 ##登入测试
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- ------- ##允许访问
真机端(172.25.254.20):
[[email protected] Desktop]$ smbclient -L //172.25.254.220 ##登入测试
Enter kiosk's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE ##禁止访问【黑名单】:在服务端配置文件,添加黑名单用户,然后再客户端与真机进行测试
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件,添加黑名单
98 hosts deny = 172.25.254.120 ##添加172.25.254.120不可以访问
[root@server ~]# systemctl restart smb.service ##重启服务进行测试:
客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220 ##登入测试
Enter root's password:
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE ##禁止访问
真机端(172.25.254.20):
[[email protected] Desktop]$ smbclient -L //172.25.254.220 ##登入测试
Enter kiosk's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- ------- ##允许访问
6.共享自己建立的目录:
服务端(server虚拟机):
[[email protected]server ~]# mkdir /westos ##在根下建立一个目录,用于共享
[[email protected]server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?' ##修改自建目录的安全上下文
[[email protected]server ~]# restorecon -RvvF /westos ##刷新安全上下文
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[[email protected]server ~]# vim /etc/samba/smb.conf ##编辑文件
321 [DIR]
322 comment= westos dir
323 path = /westos
[[email protected]server ~]# systemctl restart smb.service ##重启smb服务客户端(desktop虚拟机):
[[email protected] ~]# smbclient //172.25.254.220/DIR -U student ##登录进去
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls ##查看共享的自件文件
. D 0 Sat Jun 2 01:46:21 2018
.. D 0 Sat Jun 2 01:46:21 2018
40913 blocks of size 262144. 28578 blocks available7.共享系统文件:
服务端(server虚拟机):
[[email protected]server ~]# vim /etc/samba/smb.conf ##编辑文件
325 [mnt]
326 comment= /mnt dir
327 path = /mnt
[[email protected]server ~]# systemctl restart smb.service ##重启smb服务
[[email protected]server ~]# touch /mnt/file{1..5} ##在/mnt下建立5个文件
[[email protected]server ~]# ls /mnt ##查看建立结果
file1 file2 file3 file4 file5
[[email protected]server ~]# setenforce 0 ##
[[email protected]server ~]# setsebool -P samba_export_all_ro on ##开启samba中的读写共享客户端(desktop虚拟机):
[[email protected] ~]# smbclient //172.25.254.220/mnt -U student ##登陆
Enter student's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 2 02:08:19 2018
.. D 0 Sat Jun 2 01:46:21 2018
file1 N 0 Sat Jun 2 02:08:19 2018
file2 N 0 Sat Jun 2 02:08:19 2018
file3 N 0 Sat Jun 2 02:08:19 2018
file4 N 0 Sat Jun 2 02:08:19 2018
file5 N 0 Sat Jun 2 02:08:19 2018 ##可以看到/mnt中建立的文件
40913 blocks of size 262144. 28578 blocks available
smb: \> quit
8.隐藏共享文件:
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件
321 [DIR]
322 comment= westos dir
323 path = /westos
324 browseable = no ##不可被浏览
[root@server ~]# systemctl restart smb.service ##重启服务客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220 ##查看
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Sharename Type Comment
--------- ---- -------
mnt Disk /mnt dir
IPC$ IPC IPC Service (Samba Server Version 4.1.1) ##发现DIR被隐藏
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
Server Comment
--------- -------
Workgroup Master
--------- -------9.共享文件中可写:
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件
321 [DIR]
322 comment= westos dir
323 path = /westos
324 browseable = yes
325 writable = yes
[root@server ~]# systemctl restart smb.service ##开启服务
[root@server ~]# chmod 777 /westos/ ##给一个读写权限客户端(desktop虚拟机):
[root@client ~]# mount //172.25.254.200/DIR /mnt -o username=student,password=redhat ##进行挂载
mount: //172.25.254.200/DIR is write-protected, mounting read-only
mount: cannot mount //172.25.254.200/DIR read-only
[root@client ~]# cd /mnt
[root@client mnt]# touch filekk ##建立目录
[root@client mnt]# ll /mnt
total 0
-rw-r--r-- 1 student student 0 Jun 2 02:42 filekk ##建立成功
10.限制用户共享文件可写:
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑配置文件
321 [DIR]
322 comment= westos dir
323 path = /westos
324 browseable = yes
325 #writable = yes
326 write list = student
[root@server ~]# systemctl restart smb.service ##重启服务
[root@server ~]# chmod 777 /westos/ ##加权限客户端(desktop虚拟机):
[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat ##westos用户不可写
[root@client ~]# touch /mnt/file1
touch: cannot touch ‘/mnt/file1’: Permission denied
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=student,password=redhat ##student用户可写
[root@client ~]# touch /mnt/file1
[root@client ~]# umount /mnt
11.限制组用户共享文件可写:
服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf
321 [DIR]
322 comment= westos dir
323 path = /westos
324 browseable = yes
325 #writable = yes
326 write list = @student
[root@server ~]# systemctl restart smb.service
[root@server ~]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server ~]# usermod -G student westos ##把westos加到student组中
[root@server ~]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos),1000(student) ##已经添加进去
客户端(desktop虚拟机):
[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat ##进行挂载
[root@client ~]# touch /mnt/file2 ##在student组中的westos用户也可写入
[root@client ~]# umount /mnt12.用samba提高用户权限:
服务端(server虚拟机):
[root@server ~]# chmod 755 /westos/ ##首先降低/westos目录权限
[root@server ~]# ls -ld /westos/
drwxr-xr-x. 2 root root 30 Jun 2 03:04 /westos/
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件
321 [DIR]
322 comment= westos dir
323 path = /westos
324 browseable = yes
325 writable = yes
326 #write list = @student
327 admin users = westos
[root@server ~]# systemctl restart smb.service ##重启服务客户端(desktop虚拟机):
[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat ##进行挂载
[root@client ~]# cd /mnt
[root@client mnt]# touch file4
[root@client mnt]# ll
total 0
-rw-r--r-- 1 student student 0 Jun 2 02:58 file1
-rw-r--r-- 1 1001 1001 0 Jun 2 03:04 file2
-rw-r--r-- 1 root 1001 0 Jun 2 03:10 file4 13.多用户挂载:
客户端(desktop虚拟机):
[root@client ~]# useradd linux ##重新建立一个linux用户
[root@client ~]# su - linux ##切换到linux
[linux@client ~]$ cd /mnt/
[linux@client mnt]$ ls ##查看
file1 file2 file4 ##linux用户是普通新建用户,但是可以看到westos用户建立的东西,不安全
[root@client ~]# vim /root/smbpass ##编辑文件
username=student
password=redhat ##写入smb服务上真实存在的用户和密码 [root@client ~]# yum install cifs-utils -y ##安装在客户端上管理的软件cifs-utils
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution
[root@client ~]# mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.220/DIR /mnt ##挂载
[root@client ~]# cd /mnt
[root@client mnt]# ls
file1 file2 file4
[root@client mnt]# su - linux ##切换到linux用户
Last login: Sat Jun 2 03:29:28 EDT 2018 on pts/0
[linux@client ~]$ cd /mnt
[linux@client mnt]$ ls ##查看
ls: reading directory .: Permission denied ##权限不够
[root@client mnt]# su - linux
Last login: Sat Jun 2 03:42:04 EDT 2018 on pts/0
[linux@client ~]$ cifscreds add -u westos 172.25.254.220 ##认证进入
Password:
[linux@client ~]$ ls /mnt
file1 file2 file4 ##可以查看14.匿名用户登录与挂载:
客户端(desktop虚拟机):
[[email protected] ~]# smbclient //172.25.254.220/DIR ##匿名用户登录
Enter root's password:
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED ##失败服务端(server虚拟机):
[root@server ~]# vim /etc/samba/smb.conf ##编辑文件
125 map to guest = bad user
328 guest ok = yes ##匿名用户可以登录
[root@server ~]# systemctl restart smb.service ##重启服务客户端(desktop虚拟机):
[root@client ~]# smbclient //172.25.254.220/DIR ##重新登录
Enter root's password:
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
. D 0 Sat Jun 2 03:10:13 2018
.. D 0 Sat Jun 2 01:46:21 2018
file1 N 0 Sat Jun 2 02:58:05 2018
file2 N 0 Sat Jun 2 03:04:15 2018
file4 N 0 Sat Jun 2 03:10:13 2018 ##登录成功
40913 blocks of size 262144. 28576 blocks available
smb: \> quit
[root@client ~]# mount //172.25.254.200/DIR /mnt -o username=guestr,password="" ##进行挂载
[root@client ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3182808 7291092 31% /
devtmpfs 469344 0 469344 0% /dev
tmpfs 484932 80 484852 1% /dev/shm
tmpfs 484932 12768 472164 3% /run
tmpfs 484932 0 484932 0% /sys/fs/cgroup
/dev/mapper/vg0-vo 483670 2356 451823 1% /home
//172.25.254.220/DIR 10473900 3158180 7315720 31% /mnt ###挂载成功
[root@client ~]# umount /mnt/ ##进行卸载
上一篇: 小程序开发破解教程
下一篇: PiKachu靶场之PHP反序列化漏洞