搭建一个Linux文件服务器

简介

日常工作中,我们常常遇到客户需要搭建一个文件服务器,来提供各种类型的文件保存之用。本篇是介绍如何在CentOS上搭建文件服务器系列文章的第一篇,主要是介绍搭建一个基于Samba协议的文件共享服务器,以及Linux桌面如何连接这些文件共享。

安装Samba

我们按照最小配置安装CentOS7,接着安装必须的软件。

sudo yum -y install epel-release
sudo yum install -y nano samba samba-client

然后我们启用Samba。

sudo systemctl enable smb
sudo systemctl enable nmb
sudo systemctl start smb
sudo systemctl start nmb

开启防火墙,samba使用TCP端口139和445,NetBIOS(nmb)使用UDP端口137,CentOS预定义了samba服务,包括这两项配置。

sudo firewall-cmd --permanent --zone=public --add-service=samba
sudo firewall-cmd --reload

开放共享文件夹

开放共享文件夹,允许任何用户,无需账户和密码,就可以访问此只读资源。

我们首先创建一个用户群sharegroup,后续的文件夹权限和共享用户都要用到。

sudo groupadd smbuser

接下来在根目录创建一个开放共享文件夹, /shared/public,并且把group owner设置为刚才我们新增的smbuser,并且设置相应的群组继承属性,以后在shared目录下新建的文件和文件夹,都会自动继承smbuser为group owner。

sudo mkdir -p /shared/public
sudo chgrp -R smbuser /shared
sudo chmod -R 2775 /shared

CentOS缺省启用了SELinux,因此需要设置相应的SELinux策略。但是SELinux的context非常复杂繁琐,因此我们呢直接关闭了SELinux.

sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
sudo setenforce 0

如果你不想禁用SELinux,可以按照以下方法配置SELinux策略。不过需要先要装一个应用semanage。

sudo yum install policycoreutils-python
sudo semanage fcontext -a -t samba_share_t "/shared/public(/.*)?"
sudo restorecon -R -v /shared/public/

为了方便管理,我们专门创建了一个不能登录shell的账户sadmin, 专门用于上传文件之用。

sudo useradd -M -s /usr/sbin/nologin -G smbuser sadmin
sudo smbpasswd -a sadmin
sudo smbpasswd -e sadmin

现在我们可以设置samba配置文件。照惯例,我们先备份它,然后直接用你熟悉的编辑器修改其内容。

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
sudo nano /etc/samba/smb.conf

在配置文件中,增加以下内容:

[global]
        workgroup = WORKGROUP
        netbios name = filer
        map to guest = Bad User
        log file = /var/log/samba/%m
        log level = 1
        security = user
        passdb backend = tdbsam
        
[public]
        # This share allows anonymous (guest) access
        # without authentication!
        comment = Public folder
        path = /shared/public
        read only = yes
        guest ok = yes
        browseable = yes
        write list = sadmin
说明:
  1. netbios name,是你网络上看到的服务器名称
  2. map to guest = Bad User: 匹配任何不存在的用户为访客。这里我们设置共享文件为只读。
  3. write list = smbadmin: 仅限特定用户或者特定用户群组(@起头),用逗号间隔开

在重启smb服务前,可以用testparm检查配置是否合法。然后重启服务让新的配置生效。

sudo testparm
sudo systemctl restart smb

最后, 在使用客户端做第一次连接之前,我们可以使用smbclient程序在本机进行测试。下面两个命令供参考,第二个“-U”选项是用于指定登录账户,拿掉后可以匿名访问。

smbclient -L localhost
smbclient \\\\localhost\\public -U sadmin

Home文件夹共享

如果需要允许用户访问自己在Linux服务器上的Home文件夹,可以在smb.conf配置文件中增加一个share,如下所示。”valid users”限制了只有本人才能访问相应的Home文件夹。

#
[homes]
       	comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

启用SELinux的客户,还需要以下额外配置。

setsebool -P use_samba_home_dirs 1

Linux客户端挂载共享文件夹

Windows和MAC下挂载共享文件夹非常方便,网上也有很多资源,我们就不赘述了。这里只单独介绍一下如何在Linux下加载共享文件夹。

首先,安装相应的软件包。

sudo yum install samba-client cifs-utils -y

测试一下文件夹访问是否正常。

smbclient \\\\samba_hostname_or_server_ip\\sharename -U username

创建一个加载位置。

sudo mkdir /mnt/smbmount

挂载到上面创建的文件夹。

sudo mount -t cifs -o user=username,password=password, \
//samba_hostname_or_server_ip/sharename /mnt/smbmount

如果想要每次重启自动挂载,编辑/etc/fstab文件,在文件尾添加以下行。 

//SERVER/sharename /mnt/smbmount cifs _netdev,user=username,password=password, 0 0

搭建一个Linux文件服务器》有50个想法

  1. zovre lioptor

    I have been browsing on-line more than three hours these days, yet I by no means discovered any fascinating article like yours. It?¦s lovely worth sufficient for me. Personally, if all web owners and bloggers made excellent content material as you probably did, the web shall be a lot more useful than ever before.

    回复
  2. agen judi bola

    Excellent post. I was checking continuously this blog and I’m
    impressed! Extremely helpful info particularly the last part 🙂 I care for such information a lot.

    I was looking for this certain info for a long time.
    Thank you and good luck.

    回复
  3. Odette

    always i used to read smaller articles or reviews that
    also clear their motive, and that is also happening with this piece of
    writing which I am reading here.

    回复
  4. plumbing system

    I’m very happy to iscover this page. I need to to thank you for ones time just for this fantastic read!
    I definitely really liked every little bbit of it
    and I have you bookmarked to check out new things in your blog.

    回复
  5. Sammy

    Its like you read my mind! You seem to know a lot
    about this, like you wrote the book in it or something.
    I think that you could do with some pics to drive the message home a bit, but instead of that, this is wonderful blog.
    A great read. I will certainly be back.

    Here is my blog; www greatwall99apk; Sammy,

    回复
  6. Ruth

    Attractive section of content. I just stumbled upon your website and in accession capital to assert that I get actually enjoyed account your blog
    posts. Any way I will be subscribing to your feeds and even I
    achievement you access consistently quickly.

    Here is my site :: pussy888 apk – Ruth,

    回复
  7. Lorena

    Hello There. I found your blog using msn. This is an extremely well written article.
    I will make sure to bookmark it and return to read more of your useful info.

    Thanks for the post. I’ll certainly comeback.

    回复
  8. Noella

    I do not even know howw I ended up here, but I thought this pkst wwas great.
    I don’t knoww who you are but certainly you are going to a famous blogger if you are not already 🙂 Cheers!

    回复
  9. Jeannie

    Welll compoeed articles like yours renews my faith in today’s writers.You’ve
    written information I can finally agree on and also use.Many thanks for sharing.

    回复
  10. free dj drops

    Excellent post. I was checking continuouysly this blog and I am
    impressed! Extrejely useful information. I care ffor such information a lot.
    I was looking for this certain information for a very long time.Thank
    yyou and good luck.

    回复

发表评论

邮箱地址不会被公开。