标签:system 权限设计 size 市场总监 sea vpd lis root roc
#Samba实验内容#权限分配示例图
#权限设计
[[homes]
all
[public]
xzb:rwx
other:r-x
[财务报表]
zjb:r-x
cwb:rwx
[工资表]
zjb:r--
cwb:rwx
xzb:rwx
[设计原型]
yf:r-x
sj:rwx
[开发文档]
yf:rwx
[客服文档]
zjb:r-x
kf:rwx
[录音]
zjb:r-x
kf:rwx
[市场推广]
zjb:r-x
scb:r-x
sczj:rwx#用户
总经办:zjb
财务部:cwb
行政部:xzb
设计:sj
研发:yf
运维:yw
客服:kf
市场部:scb
市场总监:sczj#目录
财务报表:cwbb
工资表:gzb
设计原型:sjyx
开发文档:kfwd
客服文档:wd
录音:ly
市场推广:sctg#创建系统用户
sudo useradd -g samba -s /sbin/nologin zjb
sudo useradd -g samba -s /sbin/nologin cwb
sudo useradd -g samba -s /sbin/nologin xzb
sudo useradd -g samba -s /sbin/nologin sj
sudo useradd -g samba -s /sbin/nologin yf
sudo useradd -g samba -s /sbin/nologin yw
sudo useradd -g samba -s /sbin/nologin kf
sudo useradd -g samba -s /sbin/nologin scb
sudo useradd -g samba -s /sbin/nologin sczj#创建samba用户
pdbedit -a -u zjb
pdbedit -a -u cwb
pdbedit -a -u xzb
pdbedit -a -u sj
pdbedit -a -u yf
pdbedit -a -u yw
pdbedit -a -u kf
pdbedit -a -u scb
pdbedit -a -u sczj#新建目录
mkdir -p /data/share;cd /data/share
mkdir cwbb gzb sjyx kfwd wd ly sctg
#修改权限
chown -R samba.samba cwbb gzb sjyx kfwd wd ly sctg
chmod 700 cwbb gzb sjyx kfwd wd ly sctg
chmod 750 public
#配置文档
vim /etc/samba/smb.conf
[global]
workgroup = Samba
server string = Samba server
max log size = 50
log file = /var/log/samba/log.%m
security = user
passdb backend = tdbsam
username map = /etc/samba/smbusers
[homes]
comment = Home Dirctories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[public]
comment = public share
path = /data/share/public
guest ok = yes
browseable = yes
write list = xzb
[财务报表]
comment = cwbb
path = /data/share/cwbb
browseable = yes
writable = yes
[工资表]
comment = gzb
path = /data/share/gzb
browseable = yes
writable = yes
[设计原型]
comment = sjyx
path = /data/share/sjyx
browseable = yes
writable = yes
[开发文档]
comment = kfwd
path = /data/share/kfwd
browseable = yes
writable = yes
[客服文档]
comment = wd
path = /data/share/wd
browseable = yes
writable = yes
[录音]
comment = ly
path = /data/share/ly
browseable = yes
writable = yes
[市场推广]
comment = sctg
path = /data/share/sctg
browseable = yes
writable = yes#测试配置是否有问题,通过。。ok
[root@elk-master share]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[public]"
Processing section "[财务报表]"
Processing section "[工资表]"
Processing section "[设计原型]"
Processing section "[开发文档]"
Processing section "[客服文档]"
Processing section "[录音]"
Processing section "[市场推广]"
Loaded services file OK.
Server role: ROLE_STANDALONE
下面省略。。#重启
systemctl restart nmb
systemctl restart smb
#使用acl设置权限
setfacl -m u:zxb:rwx /data/share/public
setfacl -m u:cwb:rws /data/share/cwbb
setfacl -m u:zjb:r-x /data/share/cwbb
setfacl -m u:zjb:r-x /data/share/gzb
setfacl -m u:cwb:r-x /data/share/gzb
setfacl -m u:zxb:rwx /data/share/gzb
setfacl -m u:yf:r-x /data/share/sjyx
setfacl -m u:sj:rwx /data/share/sjyx
setfacl -m u:yf:rwx /data/share/kfwd
setfacl -m u:kf:rwx /data/share/wd
setfacl -m u:zjb:r-x /data/share/wd
setfacl -m u:kf:rwx /data/share/ly
setfacl -m u:zjb:r-x /data/share/ly
setfacl -m u:sczj:rwx /data/share/sctg
setfacl -m u:zjb:r-x /data/share/sctg
setfacl -m u:scb:r-x /data/share/sctg→→完成,自己折腾下自己,做个笔记,用户多就需要写脚本了。
标签:system 权限设计 size 市场总监 sea vpd lis root roc
原文地址:http://blog.51cto.com/hongdouzi555/2161271
