{"id":3191,"date":"2018-10-23T14:59:20","date_gmt":"2018-10-23T14:59:20","guid":{"rendered":"https:\/\/tst-amo.net.ua\/blog\/?p=3191"},"modified":"2018-12-31T05:28:06","modified_gmt":"2018-12-31T05:28:06","slug":"samba-%d1%88%d0%b0%d1%80%d1%8b-%d1%81-%d0%bf%d1%80%d0%be%d1%81%d1%82%d1%8b%d0%bc-%d0%bf%d0%b0%d1%80%d0%be%d0%bb%d1%8c%d0%bd%d1%8b%d0%bc-%d0%b4%d0%be%d1%81%d1%82%d1%83%d0%bf%d0%be%d0%bc","status":"publish","type":"post","link":"https:\/\/tst-amo.net.ua\/blog\/?p=3191","title":{"rendered":"Samba – \u0448\u0430\u0440\u044b \u0441 \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u043f\u0430\u0440\u043e\u043b\u044c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c"},"content":{"rendered":"

1. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430<\/p>\n

# yum install -y samba samba-client cifs-utils vim mc<\/pre>\n
2. \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0433\u0440\u0443\u043f\u043f\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435<\/p>\n
# for i in user1 user2 user3; do useradd -M -s \/sbin\/nologin $i; done\n# groupadd sambagroup\n# for i in user1 user2 user3; do usermod -aG sambagroup $i; done<\/pre>\n
3. \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 \u0434\u043b\u044f \u0448\u0430\u0440 \u0438 \u0440\u0430\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439<\/p>\n
# mkdir -p \/home\/sambashare\n# chgrp sambagroup \/home\/sambashare\n# chmod 2775 \/home\/sambashare\n# chmod g+w \/home\/sambashare<\/pre>\n
4. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 smb.conf \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 samba<\/p>\n
# cd \/etc\/samba\/\n# cp\u00a0smb.conf.example smb.conf\n<\/pre>\n
# vim smb.conf\n\n[global]\n \u00a0 workgroup = WORKGROUP\n \u00a0 server string = Samba Server Version %v\n \u00a0 netbios name = SDATA\n\n \u00a0 interfaces = lo enp64s0\n \u00a0 hosts allow = 127. 10.8.0. 192.168.113. 10.0.0.\n\n \u00a0 # \u0414\u043b\u044f \u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WinXP\n \u00a0 #ntlm auth = yes\n\n\u00a0\u00a0 log file = \/var\/log\/samba\/log.%m\n\u00a0 \u00a0# maximum size of 50KB per log file, then rotate:\n\u00a0 \u00a0max log size = 50\n\n\u00a0 \u00a0security = user\n\u00a0 \u00a0passdb backend = tdbsam\n\n\u00a0 \u00a0# \u041f\u0440\u0438\u043d\u0442\u0435\u0440\u044b \u043d\u0435 \u043d\u0443\u0436\u043d\u044b\n\u00a0 \u00a0#load printers = yes\n\u00a0 \u00a0#cups options = raw\n\n#[printers]\n#\u00a0 \u00a0comment = All Printers\n#\u00a0 \u00a0path = \/var\/spool\/samba\n#\u00a0 \u00a0browseable = no\n#\u00a0 \u00a0 guest ok = no\n#\u00a0 \u00a0 writable = no\n#\u00a0 \u00a0 printable = yes\n\n[sambashare]\n\u00a0 \u00a0 comment = Docs\n\u00a0 \u00a0 path = \/home\/sambashare\n\u00a0 \u00a0 write list = @sambagroup\n\n#[ramdisk]\n   #comment = RAM\n   #path = \/home\/ramdisk\n   #browseable = no\n   #guest ok = no\n   #write list = @sambagroup<\/pre>\n
# for i in user1 user2 user3; do smbpasswd -a $i; done<\/pre>\n
\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c<\/p>\n
# pdbedit -L\nuser1:1001:\nuser2:1002:\nuser3:1003:\n<\/pre>\n
5. \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0438 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u043c<\/p>\n
# testparm\n# systemctl enable {smb,nmb}\n# systemctl start {smb,nmb}\n# systemctl status {smb,nmb}<\/pre>\n
6. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Firewall<\/p>\n
# firewall-cmd --get-services\n# firewall-cmd --add-service=samba --permanent\n# firewall-cmd --reload\n# firewall-cmd --list-all<\/pre>\n
7. \u0412\u044b\u043a\u043b\u044e\u0447\u0438\u043c \u043d\u0430 \u0432\u0440\u0435\u043c\u044f SELinux \u0438 \u043f\u0440\u043e\u0431\u0443\u0435\u043c \u0441\u043e\u0435\u0434\u0435\u043d\u0438\u0442\u044c\u0441\u044f<\/p>\n
# getenforce\n# setenforce 0\n\n#\u00a0mount -o username=user1 \/\/localhost\/sambashare \/mnt\nPassword for user1@\/\/localhost\/sambashare: *\n# mount | grep sambashare\n\/\/localhost\/sambashare on \/mnt type cifs (rw,relatime,vers=1.0,cache=strict,username=user1,domain=,uid=0,noforceuid,gid=0,noforcegid,addr=0000:0000:0000:0000:0000:0000:0000:0001,soft,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,echo_interval=60,actimeo=1)<\/pre>\n
# smbstatus\n\nSamba version 4.7.1\nPID        Username Group     Machine                   Protocol Version Encryption Signing \n----------------------------------------------------------------------------------------------------------------------------------------\n1749       user1    user1     ::1 (ipv6:::1:51708)      NT1              -          -\n\nService     pid     Machine   Connected at                     Encryption  Signing \n---------------------------------------------------------------------------------------------\nIPC$       1749     ::1       Tue Oct 23 07:10:11 PM 2018 EEST -           - \nsambashare 1749     ::1       Tue Oct 23 07:10:11 PM 2018 EEST -           -<\/pre>\n
8. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 SELinux \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 man-\u043e\u0432<\/p>\n
# man sepolicy\n# yum provides *\/sepolicy\n# yum install -y policycoreutils-devel\n# man sepolicy\n# man sepolicy-manpage\n# sepolicy manpage -a -p \/usr\/share\/man\/man8\n# mandb -c\n# semanage fcontext -a -t samba_share_t \"\/home\/sambashare(\/.*)?\"\n# restorecon -Rv \/home\/sambashare\/\n# cd \/home\/sambashare\/\n# ls -Zd\ndrwxrwxr-x. root sambagroup unconfined_u:object_r:samba_share_t:s0<\/pre>\n
\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043e\u0431\u0440\u0430\u0442\u043d\u043e SELinux<\/p>\n
# setenforce 1<\/pre>\n
\u0414\u043b\u044f \u043e\u0431\u043b\u0435\u0433\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u0438 \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u043a\u0430\u0441\u0430\u044e\u0449\u0438\u0445\u0441\u044f SELinux, \u043d\u0443\u0436\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 setroubleshoot-server:<\/p>\n
# yum install -y\u00a0setroubleshoot-server<\/pre>\n
\u0422\u0435\u043f\u0435\u0440\u044c \u0443\u0437\u043d\u0430\u0442\u044c \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u044b \u0440\u0435\u0448\u0435\u043d\u0438\u044f \u043c\u043e\u0436\u043d\u043e \u043f\u043e \u043a\u043e\u043c\u0430\u043d\u0434\u0435:<\/p>\n
# sealert -a \/var\/log\/audit\/audit.log<\/pre>\n
\u0438 \u0441\u043b\u0435\u0434\u0443\u044f \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u0430\u043c. \u0414\u043b\u044f \u0443\u0441\u043a\u043e\u0440\u0435\u043d\u0438\u044f \u043f\u043e\u0438\u0441\u043a\u0430 \u043c\u043e\u0436\u043d\u043e \u043e\u0431\u043d\u0443\u043b\u0438\u0442\u044c audit.log:<\/p>\n
# cd \/var\/log\/audit\/ && sort audit.log > audit.log<\/pre>\n
\u041f\u0440\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0438 testparm \u0432\u044b\u043b\u0435\u0437\u043b\u043e \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435:<\/p>\n
[root@smb home]# testparm\nLoad smb config files from \/etc\/samba\/smb.conf\nrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)<\/pre>\n
\u0412 \u043a\u043e\u043d\u0446\u0435 \u0444\u0430\u0439\u043b\u0430 \u0434\u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c:<\/p>\n
# vim\u00a0\/etc\/security\/limits.conf\n\n## For Samba\n*          -          nofile         16384<\/pre>\n
\"image_pdf\"<\/a>\"image_print\"<\/a><\/div>","protected":false},"excerpt":{"rendered":"
1. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 # yum install -y samba samba-client cifs-utils vim mc 2. \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0433\u0440\u0443\u043f\u043f\u044b \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 # for i in user1 user2 user3; do useradd -M -s \/sbin\/nologin $i; done # groupadd sambagroup # for i in user1 user2 user3; do usermod -aG sambagroup $i; done 3. \u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0438\u0439 \u0434\u043b\u044f \u0448\u0430\u0440 \u0438 \u0440\u0430\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 …<\/p>\n
Continue reading ‘Samba – \u0448\u0430\u0440\u044b \u0441 \u043f\u0440\u043e\u0441\u0442\u044b\u043c \u043f\u0430\u0440\u043e\u043b\u044c\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c’ »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,47,76,181],"tags":[],"class_list":["post-3191","post","type-post","status-publish","format-standard","hentry","category-firewall","category-linux","category-samba","category-selinux"],"_links":{"self":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3191"}],"collection":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3191"}],"version-history":[{"count":10,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3191\/revisions"}],"predecessor-version":[{"id":3455,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=\/wp\/v2\/posts\/3191\/revisions\/3455"}],"wp:attachment":[{"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tst-amo.net.ua\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}