本文共 5834 字,大约阅读时间需要 19 分钟。
Samba 企业应用案例需求:
1. 所有员工都能够在公司内流动办公,但不管在哪电脑上工作,都要把自己文件存在 Samba 文件服器上.
2. 各部门办公人员拥有各自的主目录,用于存放私有文档(工作相关),其他人禁止访问.
3. 所有的用户都不允许使用服务器的 SHELL(安全考虑).
4. 制造部、财务部、管理部,都有各自的文件目录.
5. 各部门目录下提供“对外”、“公共文档”、“受控文档”三个子目录.
对外: <1>允许公司所有工作人员访问,但不能修改文件.
<2>本部门文员负责维护数据
公共文档:<1>本部门员工可以访问,领导层可以访问,但不能修改.
<2> 本部门文员负责维护数据
受控文档:<1>本部门主管、公司领导可以访问、其他员工禁止.
<2>本部门主管负责维护数据
注:财务部受控文档只允许总经理、财务部总监、主管访问;管理部受控文档只允许总经理、主管访问
6. 公共区域:<1>所有员工均可访问
<2>网络部负责维护
7. 交换区域:<1>所有员工均可读可写,禁止删除其它员工文件.
2>网络部负责维护
#1.创建所需要的目录
1.samba主目录下,五个目录,zhizao caiwu guanli public swap
2.zhizao caiwu guanli三个目录下分别有 duiwai gonggong shoukong
3.修改主目录的安全上下文
[root@xwdzds ~]# mkdir /samba
[root@xwdzds ~]#mkdir /samba/zhizao caiwu guanli public swap
[root@xwdzds ~]# mkdir /samba/zhizao/duiwai gonggong shoukong
[root@xwdzds ~]# mkdir /samba/guanli/duiwai gonggong shoukong
[root@xwdzds ~]# mkdir /samba/caiwu/duiwai gonggong shoukong
[root@xwdzds ~]# setsebool -P samba_enable_home_dirs on
[root@xwdzds ~]# semanage fcontext -a -t samba_share_t ‘/samb(/.*)?’
[root@xwdzds ~]# restorecon -FvvR /samba
#2.创建用户,用户组
用户组五个 1.领导层(lingdaoceng) 2.管理部(guanlibu)
3.财务部(caiwubu) 4.网络部(wangluobu) 5.制造部(zhizaobu)
用户:1.总经理(zjl) 2.财务部总监(cwbzj) 3.制造部主管(zzbzg)
4.制造部总监(zzbzj) 5.管理部总监(glbzj) 6.管理部主管(glbzg)
7.财务部主管(cwbzg) 8.管理部员工(glbyg) 9.制造部员工(zzbyg)
10.财务部员工(cwbyg)
总经理分到领导层组,各部门的部员分到各自部门组
[root@xwdzds samba]# groupadd lingdaoceng
[root@xwdzds samba]# groupadd guanlibu
[root@xwdzds samba]# groupadd caiwubu
[root@xwdzds samba]# groupadd wangluobu
[root@xwdzds samba]# groupadd zhizaobu
[root@xwdzds samba]# useradd -G lingdaoceng zjl
[root@xwdzds samba]# useradd -G guanlibu glbzj
[root@xwdzds samba]# useradd -G guanlibu glbyg
[root@xwdzds samba]# useradd -G guanlibu glbzg
[root@xwdzds samba]# useradd -G zhizaobu zzbzj
[root@xwdzds samba]# useradd -G zhizaobu zzbzg
[root@xwdzds samba]# useradd -G zhizaobu zzbyg
[root@xwdzds samba]# useradd -G caiwubu cwbzj
[root@xwdzds samba]# useradd -G caiwubu cwbzg
[root@xwdzds samba]# useradd -G caiwubu cwbyg
所有用户不能使用shell
[root@xwdzds samba]# usermod -s /bin/false zzbyg
[root@xwdzds samba]# usermod -s /bin/false zzbzg
[root@xwdzds samba]# usermod -s /bin/false zzbzj
[root@xwdzds samba]# usermod -s /bin/false glbyg
[root@xwdzds samba]# usermod -s /bin/false glbzg
[root@xwdzds samba]# usermod -s /bin/false glbzj
[root@xwdzds samba]# usermod -s /bin/false cwbz
[root@xwdzds samba]# usermod -s /bin/false cwbzg
[root@xwdzds samba]# usermod -s /bin/false cwbzj
[root@xwdzds samba]# usermod -s /bin/false cwbyg
[root@xwdzds samba]# usermod -s /bin/false zjl
创建samba用户
[root@xwdzds samba]# smbpasswd -a zjl
[root@xwdzds samba]# smbpasswd -a zzbyg
[root@xwdzds samba]# smbpasswd -a zzbzg
[root@xwdzds samba]# smbpasswd -a zzbzj
[root@xwdzds samba]# smbpasswd -a cwbzg
[root@xwdzds samba]# smbpasswd -a cwbzj
[root@xwdzds samba]# smbpasswd -a cwbyg
[root@xwdzds samba]# smbpasswd -a glbyg
[root@xwdzds samba]# smbpasswd -a glbzj
[root@xwdzds samba]# smbpasswd -a glbyg
#3.设置samba配置参数
[root@xwdzds ~]# vim /etc/samba/smb.conf
[samba]
comment = company
path = /samba
writable = yes
[zzb]
path = /samba/zhizao
browseable = yes
admin user = zzbyg
[zzbdw]
path = /samba/zhizao/duiwai
browseable = no
admin user = zzbyg
[zzbgg]
path = /samba/zhizao/gonggong
browseable = no
valid users = @zhizaobu @lingdaoceng
admin users = zzbyg
[zzbsk]
path = /samba/zhizao/shoukong
valid users = @lingdaoceng zzbzg
admin users = zzbzg
[cwb]
path = /samba/caiwu
browseable = yes
admin user = cwbyg
[cwbdw]
path = /samba/caiwu/duiwai
browseable = no
admin user = cwbyg
[cwbgg]
path = /samba/caiwu/gonggong
browseable = no
valid users = @caiwubu @lingdaoceng
admin users = cwbyg
[cwbsk]
path = /samba/caiwu/shoukong
valid users = @lingdaoceng cwbzj cwbzg
admin users = cwbzg
[glb]
path = /samba/guanli
browseable = yes
admin user = glbyg
[glbdw]
path = /samba/guanli/duiwai
browseable = no
admin user = glbyg
[glbgg]
path = /samba/guanli/gonggong
browseable = no
valid users = @guanlibu @lingdaoceng
admin users = glbyg
[glbsk]
path = /samba/guanli/shoukong
valid users = @lingdaoceng glbzg
admin users = glbzg
[public]
path = /samba/public
admin users = @wangluobu
public = yes
[swap]
path = /samba/swap
writable = yes
admin users = @wangluobu
public = yes
:wq
#4.设置目录系统权限
公共 ,交换,制造部的目录权限
[root@xwdzds samba]# chmod 755 /samba/
[root@xwdzds samba]# chmod 1777 /samba/swap/
[root@xwdzds samba]# chmod 775 /samba/public/
[root@xwdzds samba]# chmod 755 /samba/zhizao caiwu/ guanli/
[root@xwdzds samba]# chgrp wangluobu /samba/public/
[root@xwdzds samba]# chgrp wangluobu /samba/swap/
[root@xwdzds samba]# chgrp zhizaobu /samba/zhizao/
[root@xwdzds samba]# chown zzbyg.zhizaobu /samba/zhizao/duiwai/
[root@xwdzds samba]# chmod 755 /samba/zhizao/duiwai
[root@xwdzds samba]# setfacl -m g:lingdaoceng:rx /samba/zhizao/gonggong
[root@xwdzds samba]# chown zzbyg.zhizaobu /samba/zhizao/gonggong
[root@xwdzds samba]# chmod 750 /samba/zhizao/gonggong shoukong
[root@xwdzds samba]# chown zzbzg.lingdaoceng /samba/zhizao/shoukong
财务部的目录权限
[root@xwdzds samba]# chgrp caiwubu /samba/caiwu/
[root@xwdzds samba]# chown cwbyg.caiwubu /samba/caiwu/duiwai/
[root@xwdzds samba]# chmod 755 /samba/caiwu/duiwai
[root@xwdzds samba]# chmod 750 /samba/caiwu/gonggong shoukong
[root@xwdzds samba]# chown cwbyg.caiwubu /samba/caiwu/gonggong
[root@xwdzds samba]# chown cwbzg.lingdaoceng /samba/caiwu/shoukong
[root@xwdzds samba]# setfacl -m u:cwbzj:rx /samba/caiwu/shoukong
管理部的目录权限
[root@xwdzds samba]# chgrp guanlibu /samba/guanli/
[root@xwdzds samba]# chown glbyg.guanlibu /samba/guanli/duiwai
[root@xwdzds samba]# chmod 755 /samba/guanli/duiwai
[root@xwdzds samba]# chmod 750 /samba/guanlli/gonggong /shoukong
[root@xwdzds samba]# chown glbyg.guanlibu /samba/guanli/gonggong
[root@xwdzds samba]# chown glbzg.lingdaocegn /samba/guanli/shoukong
[root@xwdzds samba]# setfacl -m g:lingdaoceng:rx /samba/guanli/gonggong
转载地址:http://pdjyb.baihongyu.com/