document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

finished translation and review

Browse Source
This commit is contained in:
wwy-hust 2015-05-22 12:34:30 +08:00
parent 7032e9ed05
commit 9622b4e010
2 changed files with 144 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

146
sources/tech/20150318 How to share a directory with Samba on Fedora or CentOS.md
View File

@ -1,146 +0,0 @@
translating by wwy-hust
How to share a directory with Samba on Fedora or CentOS
================================================================================
Nowadays sharing data across different computers is not something new at home or many work places. Riding on this trend, modern operating systems make it easy to share and exchange data transparently across computers via network file systems. If your work environment involves a mix of Microsoft Windows and Linux computers, one way to share files and folders among them is via SMB/CIFS, a cross-platform network file sharing protocol. Windows Microsoft natively supports SMB/CIFS, while Linux offers free software implementation of SMB/CIFS network protocol in Samba.
In this article, we will demonstrate **how to share a directory using Samba**. The Linux platform we will use is **Fedora or CentOS**. This article is dividied into four parts. First, we will install Samba under Fedora/CentOS environment. Next, we discuss how to adjust SELinux and firewall configurations to allow file sharing with Samba. Finally, we cover how to enable Samba to share a directory.
### Step One: Install Samba on Fedora or CentOS ###
First thing first. Let's install Samba and configure basic settings.
Check whether Samba application is already installed on your system by running:
$ rpm -q samba samba-common samba-client
If the above command doesn't show anything at all, it means that Samba is not installed. In that case, install Samba using the command below.
$ sudo yum install samba samba-common samba-client
Next, creates a local directory which will share data over network. This directory will be exported to remote users as a Samba share. In this tutorial, we will create this directory in the top-level directory '/', so make sure that you have the privileges to do it.
$ sudo mkdir /shared
If you want to create a shared directory inside your home directory (e.g., ~/shared), you must activate Samba home directory sharing in the SELinux options, which will be described below in more detail.
After creating /shared directory, set the privileges of the directory so other users can access it.
$ sudo chmod o+rw /shared
If you don't want other users to be able to have write to the directory, just remove the 'w' option in chmod command as follows.
$ sudo chmod o+r /shared
Next, create one empty file as a test. This file will be used to verify that he Samba share is mounted properly.
$ sudo touch /shared/file1
### Step Two: Configure SELinux for Samba ###
Next, we need to re-configure SELinux which is enabled by default in Fedora and CentOS distributions. SELinux allows Samba to read and modify files or directories only when they have the right security context (e.g., labeled with the 'samba_share_t' attribute).
The following command adds the necessary label to file-context configuration:
$ sudo semanage fcontext -a -t samba_share_t "<directory>(/.*)?"
Replace the <directory> with the local directory we created earlier for Samba share (e.g., /shared):
$ sudo semanage fcontext -a -t samba_share_t "/shared(/.*)?"
To activate the label change, we then must run the restorecon command like below.
$ sudo restorecon -R -v /shared
![](https://farm9.staticflickr.com/8584/16652774078_2055f45f70_b.jpg)
To share a directory inside our home directory via Samba, we must enable sharing home directory option in SELinux because it is disabled by default. The following command achieves the desired effect. Skip this step if you are not sharing your home directory.
$ sudo setsebool -P samba_enable_home_dirs 1
### Step Three: Configure Firewall for Samba ###
The next step is to open necessary TCP/UDP ports in the firewall settings for Samba to operate.
If you are using firewalld (e.g., on Fedora or CentOS 7), the following command will take care of permanent firewall rule change for Samba service.
$ sudo firewall-cmd --permanent --add-service=samba
If you are using iptables for your firewall (e.g., CentOS 6 or earlier), use the following commands to open up necessary Samba ports to the world.
$ sudo vi /etc/sysconfig/iptables
----------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
Then restart iptables service:
$ sudo service iptables restart
### Step Four: Change Samba Configuration ###
The last step is to configure Samba to export a created local directory as a Samba-share.
Open the Samba configuration file with a text editor, and add the following lines at the bottom of the file.
$ sudo nano /etc/samba/smb.conf
----------
[myshare]
comment=my shared files
path=/shared
public=yes
writeable=yes
In the above the text inside a pair of brackets (e.g., "myshare") is the name of the Samba-shared resource, which will be used to access the Samba share from a remote host.
Create a Samba user account which is required to mount and export the Samba file system. To create a Samba user, use the smbpasswd tool. Note that the Samba user account must be the same as any existing Linux user. If you try to add a non-existing user with smbpasswd, it will give an error message.
If you don't want to use any existing Linux user as a Samba user, you can create a new dedicated user in your system. For safety, set the new user's login shell to /sbin/nologin, and do not create its home directory.
In this example, we are creating a new user named "sambaguest" as follows.
$ sudo useradd -M -s /sbin/nologin sambaguest
$ sudo passwd sambaguest
![](https://farm9.staticflickr.com/8702/16814479366_53f540d3ba_b.jpg)
After creating a new user, add the user as a Samba user using smbpasswd command. When this command asks a password, you can type a different password than the user's password.
$ sudo smbpasswd -a sambaguest
4. Activate the Samba service, and check whether the Samba service is running or not.
$ sudo systemctl enable smb.service
$ sudo systemctl start smb.service
$ sudo systemctl is-active smb
![](https://farm8.staticflickr.com/7607/16652984770_622f24bccc_b.jpg)
To see the list of shared directories in Samba, type the following command.
$ smbclient -U sambaguest -L localhost
![](https://farm8.staticflickr.com/7281/16220411103_06bf585901_b.jpg)
The following is a screenshot of accessing the Samba-shared directory on Thunar file manager, and doing copy-paste of file1. Note that the Samba share is accessible via "smb://<samba-server-IP-address>/myshare" address on Thunar.
![](https://farm8.staticflickr.com/7644/16218011174_c8b34fcedc_b.jpg)
--------------------------------------------------------------------------------
via: http://xmodulo.com/share-directory-samba-fedora-centos.html
作者:[Kristophorus Hadiono][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/kristophorus

144
translated/tech/20150318 How to share a directory with Samba on Fedora or CentOS.md Normal file
View File

@ -0,0 +1,144 @@
如何在Fedora或CentOS上使用Samba共享文件夹
================================================================================
如今无论在家里或者是办公场所不同的电脑之间共享文件夹已不是什么新鲜事了。在这种趋势下现代操作系统通过网络文件系统的方式使得电脑间数据的交换变得简单而透明。如果您工作的环境中既有微软的Windows又有Linux那么一个共享文件及目录的方式便是通过一个跨平台网络文件共享协议,SMB/CIFS。Windows天然的支持SMB/CIFSLinux也通过开源的软件Samba实现了SMB/CIFS协议。
在这篇文章中,我们将展示**如何使用Samba共享文件夹**。我们使用的Linux平台是**Fedora或CentOS**。这篇文章分为四部分。首先我们在Fedora/CentOS环境下安装Sambe。接着我们讨论如何调整SELinux和防火墙配置以允许Samba的文件共享。最后我们介绍如何使用Samba来共享文件夹。
### 步骤1在Fedora和CentOS上安装Samba ###
首先安装Samba以及进行一些基本的配置。
检验Samba是否已经安装在您的系统中
$ rpm -q samba samba-common samba-client
如果上面的命令没有任何输出这意味着Samba并未安装。这时应使用下面的命令来安装Samba。
$ sudo yum install samba samba-common samba-client
接下来创建一个用于在网络中共享的本地文件夹。这个文件夹应该以Samba共享的方式导出到远程的用户。在这个指南中我们会在顶层文件夹'/'中创建这个文件夹,因此,请确保您有相应的权限。
$ sudo mkdir /shared
如果您想在您的home文件夹内创建共享文件夹例如~/shared您必须激活SELinux中Samba的home文件夹共享选项具体将在后面提到。
在创建/shared文件夹后设置文件夹权限以保证其余用户可以访问它。
$ sudo chmod o+rw /shared
如果您不想其他用户对该文件夹拥有写权限,您需要移除命令中的'w'选项。
$ sudo chmod o+r /shared
接下来创建一个空文件来测试。这个文件可以被用来验证Samba的共享已经被挂载。
$ sudo touch /shared/file1
### 步骤2为Samba配置SELinux ###
接下来我们需要再次配置SELinux。在Fedora和CentOS发行版中SELinux是默认开启的。SELinux仅在正确的安全配置下才允许Samba读取和修改文件或文件夹。例如加上'samba_share_t'属性标签)。
下面的命令为文件的配置添加必要的标签:
$ sudo semanage fcontext -a -t samba_share_t "<directory>(/.*)?"
<directory>替换为我们之前为Samba共享创建的本地文件夹例如/shared
$ sudo semanage fcontext -a -t samba_share_t "/shared(/.*)?"
我们必须执行restorecon命令来激活修改的标签命令如下
$ sudo restorecon -R -v /shared
![](https://farm9.staticflickr.com/8584/16652774078_2055f45f70_b.jpg)
为了通过Samba共享在我们home文件夹内的文件夹我们必须在SELinux中开启共享home文件夹的选项该选项默认被关闭。下面的命令能达到该效果。如果您并未共享您的home文件夹那么您可以跳过该步骤。
$ sudo setsebool -P samba_enable_home_dirs 1
### 步骤3为Samba配置防火墙 ###
下面的命令用来打开防火墙中Samba为共享需要的TCP/UDP端口。
如果您在使用firewalld例如在Fedora和CentOS7下接下来的命令将会永久的修改Samba相关的防火墙规则。
$ sudo firewall-cmd --permanent --add-service=samba
如果您在防火墙中使用iptables例如CentOS6或者更早的版本可以使用下面的命令来打开Samba必要的向外的端口。
$ sudo vi /etc/sysconfig/iptables
----------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
然后重启iptables服务
$ sudo service iptables restart
### 步骤4更改Samba配置 ###
后面的步骤用来配置Samba以将本地文件夹导出为Samba共享文件夹。
使用文件编辑器打开Samba配置文件并将下面的行添加到文件的末尾。
$ sudo nano /etc/samba/smb.conf
----------
[myshare]
comment=my shared files
path=/shared
public=yes
writeable=yes
上面在括号内的文本(例如,"myshare"是Samba共享的资源的名字它被用来从远程主机存取Samba共享。
创建Samba用户帐户这是挂载和导出Samba文件系统所必须的。我们可以使用smbpasswd工具来创建一个Samba用户。注意Samba用户帐户必须是Linux用户管理中已存在的。如果您尝试使用smbpasswd添加一个不存在的用户它会返回一个错误的消息。
如果您不想使用任何已存在的Linux用户作为Samba用户您可以在您的系统中创建一个新的用户。为安全起见设置新用户的登录脚本为/sbin/nologin并且不创建该用户的home文件夹。
在这个例子中,我们正在创建一个名叫"sambaguest"的用户,如下:
$ sudo useradd -M -s /sbin/nologin sambaguest
$ sudo passwd sambaguest
![](https://farm9.staticflickr.com/8702/16814479366_53f540d3ba_b.jpg)
在创建一个新用户后使用smbpasswd命令添加Samba用户。当这个命令询问一个密码时您可以键入一个不同于该用户的密码。
$ sudo smbpasswd -a sambaguest
4. 激活Samba服务并检测Samba服务是否在运行。
$ sudo systemctl enable smb.service
$ sudo systemctl start smb.service
$ sudo systemctl is-active smb
![](https://farm8.staticflickr.com/7607/16652984770_622f24bccc_b.jpg)
使用下面的命令来查看Samba中共享的文件夹列表。
$ smbclient -U sambaguest -L localhost
![](https://farm8.staticflickr.com/7281/16220411103_06bf585901_b.jpg)
接下来是在Thunar文件管理器中存取Samba共享文件夹以及对file1进行拷贝复制的截图。注意Samba的共享内容可以通过在Thunar中通过"smb://<samba-server-IP-address>/myshare"这个地址来存取。
![](https://farm8.staticflickr.com/7644/16218011174_c8b34fcedc_b.jpg)
--------------------------------------------------------------------------------
via: http://xmodulo.com/share-directory-samba-fedora-centos.html
作者:[Kristophorus Hadiono][a]
译者:[wwy-hust](https://github.com/wwy-hust)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/kristophorus