功能描述
需求:
1,账号建立:产研部门所有人员,产品、前端、后端、测试;
2,目录建立:各二级部门分别建立以部门名称为文件夹的目录;
3,初步权限管理:各部门成员对本部门目录有读写权限,对其他部门目录有读权限;
4,建立共享目录,所有人有增删权限
5,部门目录结构自行定义
创建文件夹
sudo mkdir -p /home/smbshare/public_share
sudo mkdir -p /home/smbshare/tech_front_share
sudo mkdir -p /home/smbshare/tech_java_share
sudo mkdir -p /home/smbshare/tech_test_share
sudo mkdir -p /home/smbshare/tech_op_share
sudo mkdir -p /home/smbshare/pm_share
sudo mkdir -p /home/smbshare/operation_share
sudo mkdir -p /home/smbshare/idea_share
sudo mkdir -p /home/smbshare/product_share
设置用户与密码
a.创建每个部门的用户组
sudo groupadd yilian
sudo groupadd ceshi
sudo groupadd chanpin
sudo groupadd java
sudo groupadd qianduan
sudo groupadd chuangyi
sudo groupadd shangpin
sudo groupadd yunying
sudo groupadd yunwei
b.先创建系统用户,并加入自己的用户组
sudo useradd -g yilian -s /sbin/nologin yladmin
sudo useradd -g yilian -s /sbin/nologin yilian
sudo useradd -g chanpin -s /sbin/nologin chanpinadmin
sudo useradd -g chanpin -s /sbin/nologin chanpin
sudo useradd -g ceshi -s /sbin/nologin ceshiadmin
sudo useradd -g ceshi -s /sbin/nologin ceshi
sudo useradd -g java -s /sbin/nologin javaadmin
sudo useradd -g java -s /sbin/nologin java
sudo useradd -g qianduan -s /sbin/nologin qianduanadmin
sudo useradd -g qianduan -s /sbin/nologin qianduan
sudo useradd -g chuangyi -s /sbin/nologin chuangyiadmin
sudo useradd -g chuangyi -s /sbin/nologin chuangyi
sudo useradd -g shangpin -s /sbin/nologin shangpinadmin
sudo useradd -g shangpin -s /sbin/nologin shangpin
sudo useradd -g yunwei -s /sbin/nologin yunweiadmin
sudo useradd -g yunwei -s /sbin/nologin yunwei
sudo useradd -g yunying -s /sbin/nologin yunyingadmin
sudo useradd -g yunying -s /sbin/nologin yunying
c.创建samba用户并给每个用户设置密码,要在系统创建完后才可以创建samba用户 (smbpasswd -a $username命令是用于创建用户和更改密码的命令)
sudo smbpasswd -a yladmin
sudo smbpasswd -a yilian
sudo smbpasswd -a chanpinadmin
sudo smbpasswd -a chanpin
sudo smbpasswd -a ceshiadmin
sudo smbpasswd -a ceshi
sudo smbpasswd -a javaadmin
sudo smbpasswd -a java
sudo smbpasswd -a qianduanadmin
sudo smbpasswd -a qianduan
sudo smbpasswd -a chuangyiadmin
sudo smbpasswd -a chuangyi
sudo smbpasswd -a shangpinadmin
sudo smbpasswd -a shangpin
sudo smbpasswd -a yunyingadmin
sudo smbpasswd -a yunying
sudo smbpasswd -a yunweiadmin
sudo smbpasswd -a yunwei
密码表
| 所属部门 | 用户名 | 密码 |
|---|---|---|
| 公司公共 | yilian | yl |
| 产品设计 | chanpin | cp3721 |
| 研发测试 | ceshi | cs3721 |
| 研发后端 | java | java9981 |
| 研发前端 | qianduan | qd001 |
| 品牌策划 | chuangyi | cy666 |
| 运营中心 | yunying | yy3721 |
| 技术运维 | yunwei | yw3721 |
| 商品中心 | shangpin | sp888 |
依次创建每个团队的用户
sudo smbpasswd -a chanpin
sudo smbpasswd -a javaadmin
sudo smbpasswd -a java
sudo smbpasswd -a qianduanadmin
sudo smbpasswd -a qianduan
sudo smbpasswd -a ceshiadmin
sudo smbpasswd -a ceshi
sudo smbpasswd -a yunying
sudo smbpasswd -a yunwei
d.创建目录,更改属主
sudo chown ceshiadmin.ceshi ceshi
修改配置
sudo vim /etc/samba/smb.conf
配置文件内容
[公共文件夹]
comment = 公共共享文件夹
browseable = yes
path = /home/smbshare/public_share
create mask = 0774
directory mask = 0700
admin users = @yilian,@qianduan,@shangpin,@chuangyi,@chanpin,@java,@ceshi
valid users = @yilian,@qianduan,@shangpin,@chuangyi,@chanpin,@java,@ceshi
public = yes
available = yes
writable = yes
guest ok=yes
[研发前端]
comment = 研发中心前端共享文件夹
browseable = yes
path = /home/smbshare/tech_front_share
create mask = 0774
directory mask = 0700
admin users = qianduanadmin,@qianduan
valid users = @qianduan,@chanpin,@ceshi,@java
public = yes
available = yes
writable = yes
[研发JAVA后端]
comment = 研发中心JAVA共享文件夹
browseable = yes
path = /home/smbshare/tech_java_share
create mask = 0774
directory mask = 0700
admin users = javaadmin,@java
valid users = @java,@qianduan,@ceshi,@chanpin,@yunwei
public = yes
available = yes
writable = yes
[研发测试]
comment = 研发中心共享文件夹
browseable = yes
path = /home/smbshare/tech_test_share
create mask = 0774
directory mask = 0700
admin users = testadmin,@test
valid users = @test,@qianduan,@java,@chanpin
public = yes
available = yes
writable = yes
[研发运维]
comment = 研发中心运维共享文件夹
browseable = yes
path = /home/smbshare/tech_op_share
create mask = 0774
directory mask = 0700
admin users = yunweiadmin,@yunwei
valid users = @yunwei
public = yes
available = yes
writable = yes
[产品设计]
comment = 产品与设计共享文件夹
browseable = yes
path = /home/smbshare/pm_share
create mask = 0774
directory mask = 0700
admin users = chanpinadmin,@chanpin
valid users = @chanpin,@ceshi,@qianduan,@java,@chuangyi
public = yes
available = yes
writable = yes
[运营中心]
comment = 运营中心共享文件夹
browseable = yes
path = /home/smbshare/operation_share
create mask = 0774
directory mask = 0700
admin users = yunyingadmin,@yunying
valid users = @yunying,@chuangyi,@chanpin,@java
public = yes
available = yes
writable = yes
[品牌策划]
comment = 产品与设计共享文件夹
browseable = yes
path = /home/smbshare/idea_share
create mask = 0774
directory mask = 0700
admin users = chuangyiadmin,@chuangyi
valid users = @chuangyi,@chanpin,@yunying,@qianduan,@java
public = yes
available = yes
writable = yes
[商品中心]
comment = 商品中心共享文件夹
browseable = yes
path = /home/smbshare/product_share
create mask = 0774
directory mask = 0700
admin users = shangpinadmin,@shangpin
valid users =@shangpin,@yunying,@chanpin,@chuangyi
public = yes
available = yes
writable = yes
开放端口
1 )端口137 (UDP )- NetBIOS名称服务; 美国全国广播公司
2 ) port138(UDP )- NetBIOS数据报服务
3 )端口139 (TCP ) -共享文件和打印; 它基于smbd(SMB ) servermessageblock协议,主要用于局域网,文件共享协议) ) )。
4 )用于端口389 (TCP )-LDAP (活动目录模式)
5 )端口445 (TCP )- NetBIOS服务在windos 2000或更高版本上使用此端口。 (CIFS、公共互联网文件系统,它将SMB协议扩展到internet,然后实现internet文件共享。 ) ) ) ) ) ) ) ) )。
6 )用于端口901 (TCP ) SWAT,用于web管理Samba
启动与重启服务
sudo samba restart
sudo systemctl restart smbd
使用
清楚缓存
切换账户测试的时候,Windows会有samba缓存自动登录原来的账户,需要清理一下
清除方法:
右击计算机--管理--服务和应用程序--服务--Workstation 重启服务清除缓存。
频繁切换账户可能会出现短时间内无法访问的情况,会提示网络问题导致无法访问,此时可以换台PC测试或者多等待一下。
(使用 SMB 协议创建并维护客户端网络与远程服务器之间的连接。如果此服务已停止,这些连接将无法使用。如果此服务已禁用,任何明确依赖它的服务将无法启动。)
windows10 访问需要开启SMB1x协议,默认是关闭的,在控制面板--程序--服务里面配置
cmd
net use 192.168.1.200IPC$ /delete
klist purge
cmdkey /delete:192.168.1.200
删除账户
例如删除账号joe
sudo smbpasswd -x joe
sudo userdel -r joe
sudo smbpasswd -x shangpinuser
sudo userdel -r shangpinuser
sudo smbpasswd -x ceshiuser
sudo userdel -r ceshiuser
sudo smbpasswd -x javauser
sudo userdel -r javauser
sudo smbpasswd -x chuangyiuser
sudo userdel -r chuangyiuser
sudo smbpasswd -x chanpinuser
sudo userdel -r chanpinuser
sudo smbpasswd -x qianduanuser
sudo userdel -r qianduanuser
sudo smbpasswd -x qianduanuser
sudo userdel -r qianduanuser
