Saita Samba da Sanya FirewallD da SELinux don Ba da izinin Rarraba Fayil akan Linux/Abokan Windows - Sashe na 6

Tunda kwamfutoci ba safai suke aiki a matsayin keɓantaccen tsarin, ana tsammanin a matsayinka na mai kula da tsarin ko injiniya, ka san yadda ake kafawa da kula da hanyar sadarwa tare da nau'ikan sabobin.

A cikin wannan labarin da kuma na gaba na wannan silsilar za mu shiga cikin mahimman abubuwan kafa sabar Samba da NFS tare da abokan cinikin Windows/Linux da Linux, bi da bi.

Tabbas wannan labarin zai zo da amfani idan an kira ku don saita sabar fayil a cikin kamfanoni ko masana'antu inda za ku iya samun tsarin aiki da nau'ikan na'urori daban-daban.

Tun da za ku iya karantawa game da baya da fasaha na Samba da NFS a duk faɗin Intanet, a cikin wannan labarin da na gaba za mu yanke daidai da abin da ke hannun.

Mataki 1: Shigar da Samba Server

Yanayin gwajin mu na yanzu ya ƙunshi akwatunan RHEL 7 guda biyu da injin Windows 8 guda ɗaya, a cikin wannan tsari:

1. Samba / NFS server [box1 (RHEL 7): 192.168.0.18], 
2. Samba client #1 [box2 (RHEL 7): 192.168.0.20]
3. Samba client #2 [Windows 8 machine: 192.168.0.106]

A kan akwatin 1, shigar da fakiti masu zuwa:

# yum update && yum install samba samba-client samba-common

A cikin akwatin 2:

# yum update && yum install samba samba-client samba-common cifs-utils

Da zarar an gama shigarwa, muna shirye don saita rabonmu.

Mataki 2: Saita Raba Fayil Ta Samba

Ɗaya daga cikin dalilin da ya sa Samba ya dace da shi shine saboda yana ba da fayil da kuma buga ayyuka ga abokan ciniki na SMB/CIFS, wanda ke sa waɗancan abokan cinikin su ga uwar garken kamar tsarin Windows ne (dole ne in yarda cewa na yi jin daɗin ɗanɗano kaɗan yayin da. rubuta game da wannan batu kamar yadda shine saitin farko na a matsayin sabon mai kula da tsarin Linux wasu shekaru da suka wuce).

Don ba da izinin haɗin gwiwar ƙungiya, za mu ƙirƙiri ƙungiyar mai suna kuɗi tare da masu amfani biyu (mai amfani1 da mai amfani2) tare da umarnin useradd da kundin adireshi/kudi a cikin akwatin1.

Za mu kuma canza mai rukunin wannan kundin adireshi don samun kuɗi da saita izini zuwa 0770 (karanta, rubuta, da izinin aiwatarwa ga mai shi da mai ƙungiyar):

# groupadd finance
# useradd user1
# useradd user2
# usermod -a -G finance user1
# usermod -a -G finance user2
# mkdir /finance
# chmod 0770 /finance
# chgrp finance /finance

Mataki 3: Saita SELinux da Firewalld

A cikin shirye-shiryen saita/kuɗi azaman rabon Samba, za mu buƙaci ko dai mu kashe SELinux ko saita madaidaicin boolean da ƙimar mahallin tsaro kamar haka (in ba haka ba, SELinux zai hana abokan ciniki samun damar rabon):

# setsebool -P samba_export_all_ro=1 samba_export_all_rw=1
# getsebool –a | grep samba_export
# semanage fcontext –at samba_share_t "/finance(/.*)?"
# restorecon /finance

Bugu da kari, dole ne mu tabbatar da cewa an ba da izinin zirga-zirgar Samba ta hanyar wuta.

# firewall-cmd --permanent --add-service=samba
# firewall-cmd --reload

Mataki 4: Sanya Samba Share

Yanzu lokaci ya yi da za a nutse cikin fayil ɗin sanyi /etc/samba/smb.conf kuma ƙara sashin don rabonmu: muna son membobin ƙungiyar kuɗi su sami damar bincika abubuwan da ke cikin /finance, da adanawa/ƙirƙirar fayiloli ko subdirectories a ciki (waɗanda ta tsohuwa za a saita ragowar izinin su zuwa 0770 kuma kuɗi zai zama mai ƙungiyar su):

[finance]
comment=Directory for collaboration of the company's finance team
browsable=yes
path=/finance
public=no
valid [email 
write [email 
writeable=yes
create mask=0770
Force create mode=0770
force group=finance

Ajiye fayil ɗin sannan gwada shi tare da mai amfani na testparm. Idan akwai wasu kurakurai, fitowar umarni mai zuwa zai nuna abin da kuke buƙatar gyara. In ba haka ba, zai nuna bita na daidaitawar sabar Samba ku:

Idan kuna son ƙara wani rabo wanda ke buɗewa ga jama'a (ma'ana ba tare da wani tabbaci ba komai), ƙirƙirar wani sashe a /etc/samba/smb.conf kuma ƙarƙashin sabon sunan share kwafi sashin da ke sama, kawai canza jama'a=a'a zuwa jama'a = eh kuma baya haɗa da ingantattun masu amfani da rubuta umarnin jeri.

Mataki 5: Ƙara Masu Amfani da Samba

Na gaba, kuna buƙatar ƙara mai amfani1 da mai amfani2 azaman masu amfani da Samba. Don yin haka, za ku yi amfani da umarnin smbpasswd, wanda ke hulɗa tare da bayanan Samba na ciki. Za a umarce ku don shigar da kalmar sirri wanda za ku yi amfani da ita daga baya don haɗawa da raba:

# smbpasswd -a user1
# smbpasswd -a user2

A ƙarshe, sake kunna Samba, ba da damar sabis ɗin don farawa akan taya, kuma tabbatar cewa rabon yana samuwa ga abokan cinikin cibiyar sadarwa:

# systemctl start smb
# systemctl enable smb
# smbclient -L localhost –U user1
# smbclient -L localhost –U user2

A wannan lokaci, an shigar da uwar garken fayil ɗin Samba da kyau kuma an daidaita shi. Yanzu lokaci ya yi da za a gwada wannan saitin akan abokan cinikinmu na RHEL 7 da Windows 8.

Mataki na 6: Haɗa Samba Share a Linux

Da farko, tabbatar da samun damar rabon Samba daga wannan abokin ciniki:

# smbclient –L 192.168.0.18 -U user2

(maimaita umarnin da ke sama don mai amfani1)

Kamar kowane kafofin watsa labaru na ajiya, zaku iya hawa (da kuma daga baya cire) wannan rabon hanyar sadarwa lokacin da ake buƙata:

# mount //192.168.0.18/finance /media/samba -o username=user1

(inda/kafofin watsa labarai/samba ne directory na yanzu)

ko na dindindin, ta ƙara shigarwar mai zuwa a /etc/fstab fayil:

//192.168.0.18/finance /media/samba cifs credentials=/media/samba/.smbcredentials,defaults 0 0

Inda boye fayil /media/samba/.smbcredentials (wanda aka saita izini da ikonsa zuwa 600 da tushen: tushen, bi da bi) ya ƙunshi layi biyu waɗanda ke nuna sunan mai amfani da kalmar wucewa ta asusun da aka ba da izinin amfani da rabon:

username=user1
password=PasswordForUser1

A ƙarshe, bari mu ƙirƙiri fayil a ciki/kuɗi kuma mu bincika izini da ikon mallaka:

# touch /media/samba/FileCreatedInRHELClient.txt

Kamar yadda kuke gani, an ƙirƙiri fayil ɗin tare da izini 0770 kuma an saita ikon mallakar zuwa mai amfani1: kuɗi.

Mataki 7: Hawan Samba Share a cikin Windows

Don hawa rabon Samba a cikin Windows, je zuwa PC nawa kuma zaɓi Kwamfuta, sannan Taswirar hanyar sadarwa. Bayan haka, sanya wasiƙar don tsara taswirar tuƙi kuma duba Haɗa ta amfani da takaddun shaida daban-daban (hotunan da ke ƙasa suna cikin Mutanen Espanya, yarena na asali):

A ƙarshe, bari mu ƙirƙiri fayil kuma duba izini da ikon mallakar:

# ls -l /finance

Wannan karon fayil ɗin na mai amfani2 ne tunda wannan shine asusun da muka yi amfani da shi don haɗawa daga abokin ciniki na Windows.

Takaitawa

A cikin wannan labarin mun bayyana ba kawai yadda za a kafa uwar garken Samba da abokan ciniki biyu ta amfani da tsarin aiki daban-daban ba, amma har ma SELinux akan uwar garke don ba da damar damar haɗin gwiwar ƙungiyar da ake so.

A ƙarshe, amma ba kalla ba, bari in ba da shawarar karanta shafin mutumin kan layi na smb.conf don bincika wasu ƙa'idodin daidaitawa waɗanda zasu iya dacewa da yanayin ku fiye da yanayin da aka bayyana a cikin wannan labarin.

Kamar koyaushe, jin daɗin sauke sharhi ta amfani da fom ɗin da ke ƙasa idan kuna da wasu sharhi ko shawarwari.