欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

新秀篇 ##linux中CIFS文件系统##

程序员文章站 2022-05-11 18:06:19
...

CIFS (Common Internet File System)简介:

通用Internet文件系统在windows主机之间进行网络文件共享是通过使用微软公司自己的CIFS服务实现的。CIFS 是一个新提出的协议,它使程序可以访问远程Internet计算机上的文件并要求此计算机的服务。CIFS 使用客户/服务器模式。客户程序请求远在服务器上的服务器程序为它提供服务。服务器获得请求并返回响应。CIFS是公共的或开放的SMB协议版本,并由Microsoft使用。SMB协议现在是局域网上用于服务器文件访问和打印的协议。象SMB协议一样,CIFS在高层运行,而不象TCP/IP协议那样运行在底层。CIFS可以看做是应用程序协议如文件传输协议和超文本传输协议的一个实现。

CIFS (Common Internet File System)功能:

    1.访问服务器本地文件并读写这些文件
    2.与其它用户一起共享一些文件块
    3.在断线时自动恢复与网络的连接
    4.使用西欧字符文件名

  一般来说,CIFS使用户得到比FTP更好的对文件的控制。它提供潜在的更直接地服务器程序接口,这比使用HTTP协议的浏览器更好。CIFS最典型的应用是windows用户能够从“网上邻居”中找到网络中的其他主机并访问其中的共享文件夹.

samba的服务安装以及配置:

1.安装samba服务:
服务端(server虚拟机172.25.254.220):

[root@server ~]# yum install samba samba-client samba-common  -y             ##安装服务(samba服务器应用程序  samba-client客户端应用程序   samba-common是samba的支持文件)
Loaded plugins: langpacks
rhel_dvd                                                 | 4.1 kB     00:00     
(1/2): rhel_dvd/group_gz                                   | 134 kB   00:00     
(2/2): rhel_dvd/primary_db                                 | 3.4 MB   00:00     
Package samba-common-4.1.1-31.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.1.1-31.el7 will be installed
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution
[root@server ~]# systemctl start smb               ##开启服务
[root@server ~]# systemctl enable smb.service          ##开机自动开启
ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service'
[root@server ~]# systemctl stop firewalld                 ##关闭防火墙
[root@server ~]# systemctl disable firewalld             ##开机自动关闭防火墙
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@server ~]# netstat -antlupe | grep smb                      ##查看服务使用的端口445 139
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          59714      3257/smbd           
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          59715      3257/smbd           
tcp6       0      0 :::445                  :::*                    LISTEN      0          59712      3257/smbd           
tcp6       0      0 :::139                  :::*                    LISTEN      0          59713      3257/smbd     

客户端(desktop虚拟机127.25.254.120):

[[email protected] ~]# yum install samba-client -y               ##安装服务
Loaded plugins: langpacks
rhel_dvd                                                 | 4.1 kB     00:00     
(1/2): rhel_dvd/group_gz                                   | 134 kB   00:00     
(2/2): rhel_dvd/primary_db                                 | 3.4 MB   00:00     
Resolving Dependencies
--> Running transaction check
---> Package samba-client.x86_64 0:4.1.1-31.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved
[[email protected] ~]# smbclient -L //172.25.254.220                 ##登陆到服务端的smb
Enter root's password:                      ##此时是非用户登陆,没有密码
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------                             ##里面是空的,什么都没有

2.建立用户登陆:必须是虚拟机里真实存在的用户:
服务端(server虚拟机):

[root@server ~]# id student       ##student是存在的 
uid=1000(student) gid=1000(student) groups=1000(student),10(wheel)
[root@server ~]# useradd westos     ##没有westos用户,需要先在虚拟机里添加用户
[root@server ~]# id westos           ##添加成功
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server ~]# smbpasswd -a student    ##添加smb用户student
New SMB password:
Retype new SMB password:
Added user student.
[root@server ~]# smbpasswd -a westos       ##添加smb用户westos
New SMB password:
Retype new SMB password:
Added user westos.
[root@server ~]# pdbedit -L          ##查看smb用户
student:1000:Student User
westos:1001:                 ##添加用户成功
[root@server ~]# getsebool -a | grep samba          ##查看samba服务接口
samba_create_home_dirs --> off
samba_domain_controller --> off
samba_enable_home_dirs --> off
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_sandbox_use_samba --> off
virt_use_samba --> off
[root@server ~]# setsebool -P samba_enable_home_dirs  on         ##开启samba家目录接口

客户端(desktop虚拟机):

[[email protected] ~]# smbclient //172.25.254.220/student -U student          ##使用student用户登陆服务端的smb
Enter student's password:                     ##输入刚才设置的密码
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls                               ##可以查看student用户共享的家目录                                                        
NT_STATUS_ACCESS_DENIED listing \*               ##这个报错是在selinux开启的情况下,无法看到用户里面共享的文件,需要在服务端开启服务接口
smb: \> ls

  .                                   D        0  Thu Jul 10 19:06:52 2014
  ..                                  D        0  Fri Jun  1 21:46:23 2018
  .bash_logout                        H       18  Wed Jan 29 07:45:18 2014
  .bash_profile                       H      193  Wed Jan 29 07:45:18 2014
  .bashrc                             H      231  Wed Jan 29 07:45:18 2014
  .ssh                               DH        0  Thu Jul 10 18:19:10 2014
  .config                            DH        0  Thu Jul 10 19:06:53 2014

        40913 blocks of size 262144. 28597 blocks available                 

3.上传文件实用samba服务进行共享:
客户端(desktop虚拟机):

第一种挂载方式:
[root@client ~]# vim /etc/fstab               ##编辑文件进行挂载
写入://172.25.254.220/student /mnt  cifs defaults,username=student,password=redhat 0 0
[root@client ~]# mount -a          ##挂载
Filesystem               1K-blocks    Used Available Use% Mounted on
/dev/vda1                 10473900 3182012   7291888  31% /
devtmpfs                    469344       0    469344   0% /dev
tmpfs                       484932      84    484848   1% /dev/shm
tmpfs                       484932   12788    472144   3% /run
tmpfs                       484932       0    484932   0% /sys/fs/cgroup
/dev/mapper/vg0-vo          483670    2339    451840   1% /home
//172.25.254.220/student  10473900 3157052   7316848  31% /mnt               ##挂载成功
[root@client ~]# cd /mnt       ##移动路径
[root@client mnt]# touch file{1..8}                   ##建立文件
[root@client mnt]# ls               ##查看
file1  file2  file3  file4  file5  file6  file7  file8
第二种挂载方式:
[root@client ~]# vim /etc/rc.d/rc.local          ##编辑文件进行挂载
写入:mount //172.25.254.220/student /mnt/ -o username=student,password=redhat
[root@client ~]# chmod -x /etc/rc.d/rc.local        ##给一个可执行权限
[root@client ~]# reboot               ##重启虚拟机
Connection to 172.25.254.120 closed by remote host.
Connection to 172.25.254.120 closed.
[kiosk@foundation20 Desktop]$ ssh root@172.25.254.120       ##用真机连接
reroot@172.25.254.120's password: 
[[email protected] ~]# df                  ##查看挂载
Filesystem               1K-blocks    Used Available Use% Mounted on
/dev/vda1                 10473900 3180840   7293060  31% /
devtmpfs                    469344       0    469344   0% /dev
tmpfs                       484932      80    484852   1% /dev/shm
tmpfs                       484932   12764    472168   3% /run
tmpfs                       484932       0    484932   0% /sys/fs/cgroup
/dev/mapper/vg0-vo          483670    2339    451840   1% /home
//172.25.254.220/student  10473900 3157032   7316868  31% /mnt                   ##开机自动挂载成功
[[email protected] mnt]# touch file{1..8}                   ##建立文件
[[email protected] mnt]# ls               ##查看
file1  file2  file3  file4  file5  file6  file7  file8
服务端(server虚拟机):
[[email protected] ~]# cd /home/student                ##移动路径
[[email protected] student]# ls                ##可以查看到在客户端用student建立的文件
file1  file2  file3  file4  file5  file6  file7  file8

4.改变工作组名称:
客户端(desktop虚拟机):

[[email protected] ~]# smbclient -L //172.25.254.220          ##查看基本信息
Enter root's password: 
Anonymous login successful
Domain=[MYGROUP]  【工作组】 OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

服务端(server虚拟机):

[root@server ~]# rpm -qc samba-common           ##查看samba的系统文件
/etc/logrotate.d/samba
/etc/samba/lmhosts
/etc/samba/smb.conf
/etc/sysconfig/samba
[root@server ~]# vim /etc/samba/smb.conf            ##编辑文件
89         workgroup = WESTOS              ##改变工作组名称
[root@server ~]# systemctl restart smb.service         ##重启服务

客户端(desktop虚拟机):

[[email protected] ~]# smbclient -L //172.25.254.220          ##查看基本信息
Enter root's password: 
Anonymous login successful
Domain=[WESTOS]  【工作组】 OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

5.建立黑白名单:
【白名单】:在服务端配置文件,添加白名单用户,然后再客户端与真机进行测试
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf    ##编辑文件,添加白名单
 98 hosts allow = 172.25.254.120              ##添加172.25.254.120可以访问
[root@server ~]# systemctl restart smb.service    ##重启服务

进行测试:

客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220            ##登入测试
Enter root's password: 
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------                        ##允许访问
真机端(172.25.254.20):
[[email protected] Desktop]$ smbclient -L //172.25.254.220           ##登入测试
Enter kiosk's password: 
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE        ##禁止访问

【黑名单】:在服务端配置文件,添加黑名单用户,然后再客户端与真机进行测试
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf    ##编辑文件,添加黑名单
 98 hosts deny = 172.25.254.120              ##添加172.25.254.120不可以访问
[root@server ~]# systemctl restart smb.service    ##重启服务

进行测试:

客户端(desktop虚拟机):
[[email protected] ~]# smbclient -L //172.25.254.220             ##登入测试
Enter root's password: 
protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE ##禁止访问
真机端(172.25.254.20):
[[email protected] Desktop]$ smbclient -L //172.25.254.220       ##登入测试
Enter kiosk's password: 
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------                      ##允许访问

6.共享自己建立的目录:
服务端(server虚拟机):

[[email protected]server ~]# mkdir /westos                    ##在根下建立一个目录,用于共享 
[[email protected]server ~]# semanage fcontext -a -t samba_share_t '/westos(/.*)?'           ##修改自建目录的安全上下文
[[email protected]server ~]# restorecon -RvvF /westos                 ##刷新安全上下文
restorecon reset /westos context unconfined_u:object_r:default_t:s0->system_u:object_r:samba_share_t:s0
[[email protected]server ~]# vim /etc/samba/smb.conf             ##编辑文件
321         [DIR]
322         comment= westos dir
323         path = /westos
[[email protected]server ~]# systemctl restart smb.service               ##重启smb服务

客户端(desktop虚拟机):

[[email protected] ~]# smbclient //172.25.254.220/DIR -U student    ##登录进去
Enter student's password: 
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls                                   ##查看共享的自件文件
  .                                   D        0  Sat Jun  2 01:46:21 2018
  ..                                  D        0  Sat Jun  2 01:46:21 2018

        40913 blocks of size 262144. 28578 blocks available

7.共享系统文件:
服务端(server虚拟机):

[[email protected]server ~]# vim /etc/samba/smb.conf           ##编辑文件
325         [mnt]
326         comment= /mnt dir
327         path  =  /mnt
[[email protected]server ~]# systemctl restart smb.service            ##重启smb服务
[[email protected]server ~]# touch  /mnt/file{1..5}               ##在/mnt下建立5个文件
[[email protected]server ~]# ls /mnt                        ##查看建立结果
file1  file2  file3  file4  file5
[[email protected]server ~]# setenforce 0                   ##
[[email protected]server ~]# setsebool -P samba_export_all_ro on          ##开启samba中的读写共享

客户端(desktop虚拟机):

[[email protected] ~]# smbclient //172.25.254.220/mnt -U student               ##登陆
Enter student's password: 
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
  .                                   D        0  Sat Jun  2 02:08:19 2018
  ..                                  D        0  Sat Jun  2 01:46:21 2018
  file1                               N        0  Sat Jun  2 02:08:19 2018
  file2                               N        0  Sat Jun  2 02:08:19 2018
  file3                               N        0  Sat Jun  2 02:08:19 2018
  file4                               N        0  Sat Jun  2 02:08:19 2018
  file5                               N        0  Sat Jun  2 02:08:19 2018                      ##可以看到/mnt中建立的文件

        40913 blocks of size 262144. 28578 blocks available
smb: \> quit

8.隐藏共享文件:
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf       ##编辑文件
321         [DIR]
322         comment= westos dir
323         path = /westos
324         browseable = no                   ##不可被浏览
[root@server ~]# systemctl restart smb.service            ##重启服务

客户端(desktop虚拟机):

[[email protected] ~]# smbclient -L //172.25.254.220             ##查看
Enter root's password: 
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Sharename       Type      Comment
    ---------       ----      -------
    mnt             Disk      /mnt dir
    IPC$            IPC       IPC Service (Samba Server Version 4.1.1)              ##发现DIR被隐藏
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

9.共享文件中可写:
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf       ##编辑文件
321         [DIR]
322         comment= westos dir
323         path = /westos
324         browseable = yes
325         writable = yes

[root@server ~]# systemctl restart smb.service             ##开启服务
[root@server ~]# chmod 777 /westos/            ##给一个读写权限

客户端(desktop虚拟机):

[root@client ~]# mount //172.25.254.200/DIR /mnt -o username=student,password=redhat               ##进行挂载
mount: //172.25.254.200/DIR is write-protected, mounting read-only
mount: cannot mount //172.25.254.200/DIR read-only
[root@client ~]# cd /mnt
[root@client mnt]# touch filekk            ##建立目录
[root@client mnt]# ll /mnt
total 0
-rw-r--r-- 1 student student 0 Jun  2 02:42 filekk                ##建立成功

10.限制用户共享文件可写:
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf     ##编辑配置文件
321         [DIR]
322         comment= westos dir
323         path = /westos
324         browseable = yes
325         #writable = yes
326         write list = student
[root@server ~]# systemctl restart smb.service             ##重启服务
[root@server ~]# chmod 777 /westos/              ##加权限

客户端(desktop虚拟机):

[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat          ##westos用户不可写
[root@client ~]# touch /mnt/file1
touch: cannot touch ‘/mnt/file1’: Permission denied
[root@client ~]# umount /mnt/
[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=student,password=redhat          ##student用户可写
[root@client ~]# touch /mnt/file1
[root@client ~]# umount /mnt

11.限制组用户共享文件可写:
服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf 
321         [DIR]
322         comment= westos dir
323         path = /westos
324         browseable = yes
325         #writable = yes
326         write list = @student
[root@server ~]# systemctl restart smb.service 
[root@server ~]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server ~]# usermod -G student westos                 ##把westos加到student组中
[root@server ~]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos),1000(student)    ##已经添加进去

客户端(desktop虚拟机):

[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat     ##进行挂载
[root@client ~]# touch /mnt/file2                   ##在student组中的westos用户也可写入
[root@client ~]# umount /mnt

12.用samba提高用户权限:
服务端(server虚拟机):

[root@server ~]# chmod 755 /westos/           ##首先降低/westos目录权限
[root@server ~]# ls -ld /westos/
drwxr-xr-x. 2 root root 30 Jun  2 03:04 /westos/
[root@server ~]# vim /etc/samba/smb.conf               ##编辑文件
321         [DIR]
322         comment= westos dir
323         path = /westos
324         browseable = yes
325         writable = yes
326         #write list = @student
327         admin users = westos
[root@server ~]# systemctl restart smb.service         ##重启服务

客户端(desktop虚拟机):

[root@client ~]# mount //172.25.254.220/DIR /mnt -o username=westos,password=redhat      ##进行挂载
[root@client ~]# cd /mnt
[root@client mnt]# touch file4
[root@client mnt]# ll
total 0
-rw-r--r-- 1 student student 0 Jun  2 02:58 file1
-rw-r--r-- 1    1001    1001 0 Jun  2 03:04 file2
-rw-r--r-- 1 root       1001 0 Jun  2 03:10 file4  

13.多用户挂载:
客户端(desktop虚拟机):

[root@client ~]# useradd linux             ##重新建立一个linux用户
[root@client ~]# su - linux              ##切换到linux
[linux@client ~]$ cd /mnt/
[linux@client mnt]$ ls                 ##查看
file1  file2  file4                 ##linux用户是普通新建用户,但是可以看到westos用户建立的东西,不安全
[root@client ~]# vim /root/smbpass                ##编辑文件
username=student
password=redhat                 ##写入smb服务上真实存在的用户和密码                                                                                                                                         [root@client ~]# yum install cifs-utils -y               ##安装在客户端上管理的软件cifs-utils
Loaded plugins: langpacks
Resolving Dependencies                                   
--> Running transaction check
---> Package cifs-utils.x86_64 0:6.2-6.el7 will be installed
--> Finished Dependency Resolution
[root@client ~]# mount -o credentials=/root/smbpass,sec=ntlmssp,multiuser //172.25.254.220/DIR /mnt            ##挂载
[root@client ~]# cd /mnt
[root@client mnt]# ls
file1  file2  file4
[root@client mnt]# su - linux                ##切换到linux用户
Last login: Sat Jun  2 03:29:28 EDT 2018 on pts/0
[linux@client ~]$ cd /mnt
[linux@client mnt]$ ls          ##查看
ls: reading directory .: Permission denied           ##权限不够
[root@client mnt]# su - linux
Last login: Sat Jun  2 03:42:04 EDT 2018 on pts/0
[linux@client ~]$ cifscreds add -u westos 172.25.254.220            ##认证进入
Password: 
[linux@client ~]$ ls /mnt 
file1  file2  file4                             ##可以查看

14.匿名用户登录与挂载:
客户端(desktop虚拟机):

[[email protected] ~]# smbclient //172.25.254.220/DIR   ##匿名用户登录
Enter root's password: 
Anonymous login successful
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED             ##失败

服务端(server虚拟机):

[root@server ~]# vim /etc/samba/smb.conf            ##编辑文件
125         map to guest = bad user
328         guest ok = yes              ##匿名用户可以登录
[root@server ~]# systemctl restart smb.service               ##重启服务

客户端(desktop虚拟机):

[root@client ~]# smbclient //172.25.254.220/DIR          ##重新登录
Enter root's password: 
Domain=[WESTOS] OS=[Unix] Server=[Samba 4.1.1]
smb: \> ls
  .                                   D        0  Sat Jun  2 03:10:13 2018
  ..                                  D        0  Sat Jun  2 01:46:21 2018
  file1                               N        0  Sat Jun  2 02:58:05 2018
  file2                               N        0  Sat Jun  2 03:04:15 2018
  file4                               N        0  Sat Jun  2 03:10:13 2018                ##登录成功

        40913 blocks of size 262144. 28576 blocks available
smb: \> quit
[root@client ~]# mount //172.25.254.200/DIR /mnt -o username=guestr,password=""                   ##进行挂载
[root@client ~]# df
Filesystem           1K-blocks    Used Available Use% Mounted on
/dev/vda1             10473900 3182808   7291092  31% /
devtmpfs                469344       0    469344   0% /dev
tmpfs                   484932      80    484852   1% /dev/shm
tmpfs                   484932   12768    472164   3% /run
tmpfs                   484932       0    484932   0% /sys/fs/cgroup
/dev/mapper/vg0-vo      483670    2356    451823   1% /home
//172.25.254.220/DIR  10473900 3158180   7315720  31% /mnt                             ###挂载成功
[root@client ~]# umount /mnt/                                       ##进行卸载
相关标签: cifs