Samba是在Linux系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。
sudo apt-get install samba-common samba
sudo mkdir /opt/share
- 关于samba配置文件,smb.conf总共分为两大部分,分别为“全局设置(GIobal Settings)”和“共享定义(Share Definitions)”。全局设置定义于Samba服务器的整体行为,例如,工作组,主机名等方面。共享定义则用于设置的具体的共享目录或者设备中。
- 配置文件绝对路径在:
/etc/samba/smb.conf
unix charset = UTF-8dos charset = cp936security = user这个文件叫做smb.conf(位于/etc或者/etc/samba目录下面),可以用uos系统自带的文本编辑器打开,在末尾输入:
[share] #"[]" 中的文字表示共享目录名字,可以随意设置
comment = Linux Share #comment字段用于设置这个共享目录的描述
path = /opt/share #share指定了共享目录的路径
public = yes #表示在windows的“网上邻居”中可见
writeable = no #writeable表示设置目录是否可写(yes是可写的意思)
browseable = yes #表示在windows的“网上邻居”中可见
guest ok = no #告诉Samba服务器这个共享目录允许匿名访问
sudo useradd smbuser # 新增一个叫smbuser的用户
sudo smbpasswd -a smbuser # 给这个新增用户创建samb共享密码
New SMB password:
Retype new SMB password:
Added user smbuser
后面就可以使用带-U参数的smbpasswd命令修改已经有用户的口令。如果用户希望本地修改服务器上自己的口令,可以使用-r参数。下面的命令用户修改在服务器smbserver上smbuser用户的口令了
smbpasswd -r smbserver -U smbuser
smbuser对共享目录写权限,一下配置需要写成yes
writeable = yes
如果只写writeable = yes是远远不够的,如果服务器上的这么目录本身对smbuser不可写的话,就需要添加以下命令:
sudo chown smbuser:smbuser /opt/share
service smbd startservice smbd stopservice smbd restartservice smbd statusdeepin@wh-k8snode-70:/etc/samba$ service smbd status
● smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-06-20 11:50:46 CST; 1h 57min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Process: 20165 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
Main PID: 20174 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 6 (limit: 4915)
Memory: 26.7M
CGroup: /system.slice/smbd.service
├─ 8209 /usr/sbin/smbd --foreground --no-process-group
├─10619 /usr/sbin/smbd --foreground --no-process-group
├─20174 /usr/sbin/smbd --foreground --no-process-group
├─20176 /usr/sbin/smbd --foreground --no-process-group
├─20177 /usr/sbin/smbd --foreground --no-process-group
└─20178 /usr/sbin/smbd --foreground --no-process-group
在实际修改配置文件过程中,可能在参数后面有一些看不见的字符,会导致服务无法正常启动,最好检查每个修改的参数后面无一些空格或者其他特殊符号。
先断开现有的samba连接:cmd命令行下执行net use * /del /X
再重新选择你要使用的目录,使用对应的用户名进行登录就可以了
主要原因是因为服务器的防火墙没有关,可以选择在文件/etc/security/limits.conf下输入* - nofile 16384,然后shutdown -r now 重启一下就可以了
#chmod 777 FileServer --这种操作就可以让组samba里的用户进行写操作了。[deepin]
create mode =0664
force create mode=0750 #文件新建的权限为750
directory mode=0750 #新建文件夹的权限只有组里的用户查看,其他组里的用户都没有权限进入
vsftpd 是Linus上非常安全好用的ftp服务,只需要简单的安装后就可以搭建起ftp服务;
该服务主要的配置文件就是vsftpd.conf ,在deepin/uos系统中的绝对路径是:/etc/vsftpd.conf
只需要简单的进行安装配置即可,前提是你开启了开发者模式我们才能通过终端安装软件
sudo apt install vsftpd
如果提示没有找到对应安装包,则可能是没有进行仓库的更新连接,执行如下命令即可
sudo apt update
service vsftpd start
service vsftpd stop
service vsftpd restart
service vsftpd status
#执行后结果如下:active则表示正常运行,如果失败了则可以通过提示信息查询对应问题
babyfengfjx@babyfengfjx:~$ service vsftpd status
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-10-09 16:22:48 CST; 1s ago
Process: 18334 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
Main PID: 18335 (vsftpd)
Tasks: 1 (limit: 4915)
Memory: 568.0K
CGroup: /system.slice/vsftpd.service
└─18335 /usr/sbin/vsftpd /etc/vsftpd.conf
在使用该服务过程中,主要就是这些配置文件该如何配置,很多同学在实际配置过程中很难一次配置成功,这里就给出一个实际可用的配置参数以供参考
配置文件路径:/etc/vsftpd.conf
配置过程中尽量是将匿名登录关闭,使用本地用户登录,以确保安全。
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# This directive enables listening on IPv6 sockets. By default, listening
# on the IPv6 "any" address (::) will accept connections from both IPv6
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
# sockets. If you want that (perhaps because you want to listen on specific
# addresses) then you must run two copies of vsftpd with two configuration
# files.
listen_ipv6=NO
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
# chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
# the user does not have write access to the top level directory within the
# chroot)
# chroot_local_user=YES
# chroot_list_enable=YES
# (default follows)
# chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES
按照如下简单的配置就可以通过本地用户进行访问了
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
sudo groupadd sftp
cat /etc/group # 确认组新建成功
sudo vim /etc/group #修改 sftp:x:1002:
sudo useradd -g sftp -s /bin/false mysftp
sudo passwd mysftp # 设置新密码为服务器访问密码
sudo mkdir -p /data/sftp/mysftp
sudo usermod -d /data/sftp/mysftp mysftp
sudo vim /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server # 该行原本配置,需要手动注释掉
并在文件最后面添加如下几行内容然后保存
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /data/sftp/%u
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
sudo chown root:sftp /data/sftp/mysftp
sudo chmod 755 /data/sftp/mysftp
sudo mkdir /data/sftp/mysftp/upload
sudo chown mysftp:sftp /data/sftp/mysftp/upload
sudo chmod 755 /data/sftp/mysftp/upload
sudo systemctl restart sshd.service # 重启服务时如果提示服务不存在,则先添加如下服务
systemctl enable ssh.service
# 再执行:
sudo systemctl restart sshd.service
进入文件管理器或我的电脑
输入---例如sftp://10.20.32.** (根据实际服务端IP输入,并键如账号密码,即可访问)
sudo apt-get install nfs-kernel-server # 安装 NFS服务器端
sudo mkdir /home/deepin-server/nfs # 路径可以根据自己需要设置
sudo chmod -R 777 /home/deepin-server/nfs # 设置共享目录权限
vim /etc/exports
配置文件虽然只有一句,但是其中还是有很多讲究;
共享文件可执行权限有:
ro 只读访问
rw 读写访问
sync 所有数据在请求时写入共享
hide 在NFS共享目录中不共享其子目录
no_hide 共享NFS目录的子目录
all_squash 共享文件的UID和GID映射匿名用户anonymous,适合公用目录。
no_all_squash 保留共享文件的UID和GID(默认)
root_squash root用户的所有请求映射成如anonymous用户一样的权限(默认)
no_root_squas root用户具有根目录的完全管理访问权限
ip配置一般需要进行限定,最好不要使用* ,不然存在安全问题,可以限定具体ip或者ip段才能挂载。
deepin-server@deepin-server-PC:~$ cat /etc/exports
# /etc/exports: the access control list for filesystems which may be exported
# to NFS clients. See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
# Example for NFSv4:
# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check)
/home/deepin-server/nfs 10.20.*(rw)#此处ip只做了部分限制,圆括号里面就是配置权限的。
systemctl start rpcbind nfs-server
deepin-server@deepin-server-PC:~$ sudo systemctl status rpcbind nfs-server
● rpcbind.service - RPC bind portmap service
Loaded: loaded (/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2022-01-05 11:53:19 CST; 1h 56min ago
Docs: man:rpcbind(8)
Main PID: 19304 (rpcbind)
Tasks: 1 (limit: 19660)
Memory: 608.0K
CGroup: /system.slice/rpcbind.service
└─19304 /sbin/rpcbind -f -w
1月 05 11:53:19 deepin-server-PC systemd[1]: Starting RPC bind portmap service...
1月 05 11:53:19 deepin-server-PC systemd[1]: Started RPC bind portmap service.
● nfs-server.service - NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2022-01-05 11:53:21 CST; 1h 56min ago
Process: 19319 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 19320 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Main PID: 19320 (code=exited, status=0/SUCCESS)
1月 05 11:53:20 deepin-server-PC systemd[1]: Starting NFS server and services...
1月 05 11:53:20 deepin-server-PC exportfs[19319]: exportfs: /etc/exports [1]: Neither 'subtree_check' or 'no_subtree_check' specified for export "10.20.*:/home/deepin-server/Documents/NFS文件目录for-test".
1月 05 11:53:20 deepin-server-PC exportfs[19319]: Assuming default behaviour ('no_subtree_check').
1月 05 11:53:20 deepin-server-PC exportfs[19319]: NOTE: this default has changed since nfs-utils version 1.0.x
1月 05 11:53:21 deepin-server-PC systemd[1]: Started NFS server and services.
deepin-server@deepin-server-PC:~$
至此服务端算是配置完成了。
客户端主要就是挂载操作,不过挂载nfs的时候同样需要安装客户端软件
sudo apt-get install nfs-common
showmount -e 10.20.13.152
babyfengfjx@babyfengfjx:~$ showmount -e 10.20.13.152
Export list for 10.20.13.152:
/home/deepin-server/Documents/NFS文件目录for-test 10.20.*
babyfengfjx@babyfengfjx:~$
随便在本地客户端创建一个目录作为NFS挂载目录即可
sudo mkdir /home/babyfengfjx/Documents/nfsfile/
将服务端的NFS共享目录,挂载到本地客户端对应目录即可
sudo mount -t nfs 10.20.13.152:/home/deepin-server/Documents/NFS文件目录for-test /home/babyfengfjx/Documents/nfsfile/
上述操作完成后,此时就可以在客户端对应目录使用NFS存储了,上传新建文件均可以随心所欲。
写入fstab方法并不推荐,如果NFS挂载失败可能会影响设备正常启动
echo "10.20.13.152:/home/deepin-server/Documents/NFS文件目录for-test /home/babyfengfjx/Documents/nfsfile/ nfs4 defaults 0 0" >> /etc/fstab
mount -av
原理如下:
新建 /etc/rc.local 文件
这种方法的原理是系统开机后会自动启动 rc-local 服务;
rc-local 服务启动后就会自动执行 /etc 目录下的 rc.local 脚本;
该方法的优点就是不存在第一种方法的三个缺点,脚本执行失败不会出现黑屏弹窗、sleep 不会造成开机黑屏以及执行脚本的用户是 root 用户。
主要步骤:
#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.
01.LitterScript/02.bbsmonitor/bbsmonitor.py >bbs.log 2>&1 &
# 因为该命令本身就是会以root权限执行,所以不用加sudo
sleep 5;mount -t nfs 10.20.13.152:/home/deepin-server/Documents/NFS文件目录for-test /home/babyfengfjx/Documents/nfsfile/
exit 0
1、执行脚本的用户不一致
由于 rc.local 开机自启的时候是以 root 用户执行的,这里很多人会忽略了一个问题,很多情况下你的命令是必须要普通用户执行的。比如 conky 和虚拟机(用户A建立的VBox和VM Ware虚拟机用户B无法访问)等。
假设用户 lolimay 在终端用 VBoxHeadless -s aikuai & 后台启动了虚拟机名 aikuai,那么我们在 rc.local 文件应该用下面这种方式写:
su - lolimay -c "VBoxHeadless -s aikuai &" # 以 lolimay 用户执行该命令
2、多余的 sudo
前面已经提到 rc.local 开机时是以 root 用户启动的,所以写在 rc.local 文件中命令不需要带有 sudo 前缀(实际上就算你带有了 sudo 前缀也不会产生错误)。
3、最佳实践
个人建议每当往 rc.local 文件中添加了一个需要自启的命令时,可以先用 sudo /etc/rc.local 命令模拟一下看看是否能够执行成功(如果执行失败也能够直观地看到出错的原因),这样能够有效减少你重启电脑来调试的次数。