May 24, 2021 That's what Linux should learn
The main profile of the Samba service provider is similar to the Apache service that was learned earlier, including global configuration parameters and zone configuration parameters. T he global configuration parameters are used to set up the overall resource sharing environment, which is valid for each individual shared resource inside. Z one configuration parameters are used to set up a separate shared resource and are valid only for that resource. Creating a shared resource is simple, as long as the parameters in Table 12-2 are written to the main profile of the Samba service provider and the service is restarted.
Table 12-2 sets the parameters and functions of the Samba service program
Parameters Act as database comment , Do not arbitrarily modify the database file warns users not to modify the database path at will . . . / home/database share directory for / home / database public . I n the RHEL 7 system, the Samba service program uses the user password authentication mode by default. T his authentication model ensures that only password-based and trusted users have access to shared resources, and the authentication process is simple. H owever, the user password authentication mode can only be used after the account information database has been established. In addition, the Samba service provider's database requires that the account already exists in the current system, otherwise creating the file in the future will result in confusion of the file's permission properties, resulting in an error.
The pdbedit command is used to manage the SMB service provider's database of account information in the format of "pdbedit (Options) Account". T he -a parameter is required for the first time account information is written to the database, and is no longer needed later when performing actions such as changing passwords, deleting accounts, etc. The parameters used in the pdbedit command and their function are shown in Table 12-3.
Table 12-3 is used for the parameters and effects of the pdbedit command
Parameter Action -a User Name Establish Samba User -x User Name Delete Samba User -L List of Users - Lv List of User Details - root@linuxprobe . 0 (linuxprobe) (root@linuxprobe linuxprobe) s pdbedit -a -u linuxprobe new password: enter the password of the account in the Samba service database here retype new password: enter the password again to confirm Unix username: linuxprobe userNTname: Account Flags: S S-1-5-21-507407404-3243012849-3065158664-1000 Primary Group SID: S-1-5-21-507407404-3243012849-3065158664-513 Full Name: linuxprobe Home Directory: \localhost\linuxprobe HomeDir Drive: Logon Script: Profile Path: \localhost\linuxprobe\profile Domain: LOCALHOST Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 10:06:39 EST Kickoff t ime: Wed, 06 Feb 2036 10:06:39 EST Password last set: Mon, 13 Mar 2017 04:22:25 EDT Password can change: Mon, 13 Mar 2017 04:22:25 EDT must Password change: Never bad password: 0 Bad password count: 0 0 logon hours: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF W hen creating, consider not only the file read and write permissions, but also the limitations of the SELinux security context applied to the directory because the /home directory is the home directory of the average user in the system. W hen filtering the comment information in the Samba service provider profile, the filtered information contains instructions on the SELinux security context policy, which we simply modify by following the value given in the description in the filtered information about the SELinux security context policy. After the modification is complete, the restorecon command is executed so that the new SELinux security context applied to the directory takes effect immediately.
[root@linuxprobe ~]# mkdir /home/database [root@linuxprobe ~]# chown -Rf linuxprobe:linuxprobe /home/database [root@linuxprobe ~]# semanage fcontext -a -t samba_share_t /home/database [root@linuxprobe ~]# restorecon -Rv /home/database restorecon reset /home/database context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:samba_share_t:s0 S tep 3: Set up the SELinux service and policy so that it allows access to the normal user's home directory through the Samba service provider. Execute the getsebool command, filter out all SELinux domain policies related to the Samba service program, and select the correct policy entry based on the name (and experience) of the policy to open:
[root@linuxprobe ~]# getsebool -a | g rep samba samba_create_home_dirs --> off samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> off samba_export_all_rw --> off samba_portmapper --> off samba_run_unconfined --> off samba_share_fusefs --> off samba_share_nfs --> off sanlock_use_samba --> off use_samba_home_dirs --> off virt_sandbox_ u se_samba -- off virt_use_samba -- off ( root@linuxprobe . samba_enable_home_dirs . I n the original configuration file, the home parameter shared information for the visiting user's home directory, and the printers parameter shared printer devices. If these two items are not needed in future work, they can be removed manually like Mr. Liu Wei, which is no problem.
(root@linuxprobe.) vim /etc/samba/smb.conf (global) workgroup s MYGROUP server string s samba Server Version %v log file s /var/log/samba/log.m max log size s 50 security s user pass db backend s tdbsam load printers s yes cups options s raw sbs s Next, restart the smb service (samba service program in Linux system name smb) and empty the iptables firewall, and then you can verify the configuration effect.
[root@linuxprobe ~]# systemctl restart smb [root@linuxprobe ~]# systemctl enable smb ln -s '/usr/lib/systemd/system/smb.service' '/etc/systemd/system/multi-user.target.wants/smb.service' [root@linuxprobe ~]# iptables -F [root@linuxprobe ~]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]