구축 환경
- OS : Centos 7.9
- 가상 소프트웨어 : Virtual Box
- 리눅스서버 : 192.168.56.10
- 윈도우서버 : 125.141.76.147
Samba
★Samba [SMB]에 대한 설명
1. Window서버와 LInux/Unix 서버 간의 파일 공유를 위해서 개발된 프로토콜
2. Linux에서 Window 또는 Window에서 Linux로 자원을 공유하여 사용하는 방식일 때 사용
3. 즉 SMB는 네트워크 상 존재하는 노드들 간에 자원을 공유할 수 있도록 설계된 프로토콜
Samba 설치
[root@tiberovm ~]# yum install -y samba
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.kakao.com
* extras: mirror.kakao.com
* updates: mirror.kakao.com
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
updates/7/x86_64/primary_db | 19 MB 00:00:02
Resolving Dependencies
--> Running transaction check
---> Package samba.x86_64 0:4.10.16-20.el7_9 will be installed
--> Processing Dependency: samba-libs = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: samba-common-tools = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: samba-common-libs = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: samba-common = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: samba-common = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: samba-client-libs = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libwbclient = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libwbclient = 4.10.16-20.el7_9 for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so(SAMBA_4.10.16)(64bit) for package: samba-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libxattr-tdb-samba4.so()(64bit) for package: samba-4.10.16-20.el7_9.x86_64
--> Running transaction check
---> Package libwbclient.x86_64 0:4.10.16-5.el7 will be updated
--> Processing Dependency: libwbclient = 4.10.16-5.el7 for package: libsmbclient-4.10.16-5.el7.x86_64
---> Package libwbclient.x86_64 0:4.10.16-20.el7_9 will be an update
---> Package samba-client-libs.x86_64 0:4.10.16-5.el7 will be updated
---> Package samba-client-libs.x86_64 0:4.10.16-20.el7_9 will be an update
---> Package samba-common.noarch 0:4.10.16-5.el7 will be updated
---> Package samba-common.noarch 0:4.10.16-20.el7_9 will be an update
---> Package samba-common-libs.x86_64 0:4.10.16-5.el7 will be updated
---> Package samba-common-libs.x86_64 0:4.10.16-20.el7_9 will be an update
---> Package samba-common-tools.x86_64 0:4.10.16-20.el7_9 will be installed
---> Package samba-libs.x86_64 0:4.10.16-20.el7_9 will be installed
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)(64bit) for package: samba-libs-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)(64bit) for package: samba-libs-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)(64bit) for package: samba-libs-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libpytalloc-util.so.2()(64bit) for package: samba-libs-4.10.16-20.el7_9.x86_64
--> Processing Dependency: libpyldb-util.so.1()(64bit) for package: samba-libs-4.10.16-20.el7_9.x86_64
--> Running transaction check
---> Package libsmbclient.x86_64 0:4.10.16-5.el7 will be updated
---> Package libsmbclient.x86_64 0:4.10.16-20.el7_9 will be an update
---> Package pyldb.x86_64 0:1.5.4-2.el7 will be installed
--> Processing Dependency: libldb(x86-64) = 1.5.4-2.el7 for package: pyldb-1.5.4-2.el7.x86_64
--> Processing Dependency: python-tdb(x86-64) >= 1.3.18 for package: pyldb-1.5.4-2.el7.x86_64
---> Package pytalloc.x86_64 0:2.1.16-1.el7 will be installed
--> Running transaction check
---> Package libldb.x86_64 0:1.5.4-1.el7 will be updated
---> Package libldb.x86_64 0:1.5.4-2.el7 will be an update
---> Package python-tdb.x86_64 0:1.3.18-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================================================================
Package Arch Version Repository Size
===================================================================================================================================================================
Installing:
samba x86_64 4.10.16-20.el7_9 updates 720 k
Installing for dependencies:
pyldb x86_64 1.5.4-2.el7 updates 49 k
pytalloc x86_64 2.1.16-1.el7 base 18 k
python-tdb x86_64 1.3.18-1.el7 base 20 k
samba-common-tools x86_64 4.10.16-20.el7_9 updates 467 k
samba-libs x86_64 4.10.16-20.el7_9 updates 271 k
Updating for dependencies:
libldb x86_64 1.5.4-2.el7 updates 149 k
libsmbclient x86_64 4.10.16-20.el7_9 updates 146 k
libwbclient x86_64 4.10.16-20.el7_9 updates 117 k
samba-client-libs x86_64 4.10.16-20.el7_9 updates 5.0 M
samba-common noarch 4.10.16-20.el7_9 updates 216 k
samba-common-libs x86_64 4.10.16-20.el7_9 updates 183 k
Transaction Summary
===================================================================================================================================================================
Install 1 Package (+5 Dependent packages)
Upgrade ( 6 Dependent packages)
Total size: 7.3 M
Total download size: 1.5 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/updates/packages/pyldb-1.5.4-2.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY0 B/s | 0 B --:--:-- ETA
Public key for pyldb-1.5.4-2.el7.x86_64.rpm is not installed
(1/6): pyldb-1.5.4-2.el7.x86_64.rpm | 49 kB 00:00:02
Public key for python-tdb-1.3.18-1.el7.x86_64.rpm is not installed
(2/6): python-tdb-1.3.18-1.el7.x86_64.rpm | 20 kB 00:00:02
(3/6): pytalloc-2.1.16-1.el7.x86_64.rpm | 18 kB 00:00:02
(4/6): samba-4.10.16-20.el7_9.x86_64.rpm | 720 kB 00:00:03
(5/6): samba-common-tools-4.10.16-20.el7_9.x86_64.rpm | 467 kB 00:00:00
(6/6): samba-libs-4.10.16-20.el7_9.x86_64.rpm | 271 kB 00:00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 458 kB/s | 1.5 MB 00:00:03
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
Userid : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
Package : centos-release-7-9.2009.0.el7.centos.x86_64 (@anaconda)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : libldb-1.5.4-2.el7.x86_64 1/18
Updating : samba-common-4.10.16-20.el7_9.noarch 2/18
Updating : libwbclient-4.10.16-20.el7_9.x86_64 3/18
Updating : samba-common-libs-4.10.16-20.el7_9.x86_64 4/18
Updating : samba-client-libs-4.10.16-20.el7_9.x86_64 5/18
Installing : python-tdb-1.3.18-1.el7.x86_64 6/18
Installing : pyldb-1.5.4-2.el7.x86_64 7/18
Installing : pytalloc-2.1.16-1.el7.x86_64 8/18
Installing : samba-libs-4.10.16-20.el7_9.x86_64 9/18
Installing : samba-common-tools-4.10.16-20.el7_9.x86_64 10/18
Installing : samba-4.10.16-20.el7_9.x86_64 11/18
Updating : libsmbclient-4.10.16-20.el7_9.x86_64 12/18
Cleanup : libsmbclient-4.10.16-5.el7.x86_64 13/18
Cleanup : libwbclient-4.10.16-5.el7.x86_64 14/18
Cleanup : samba-client-libs-4.10.16-5.el7.x86_64 15/18
Cleanup : samba-common-libs-4.10.16-5.el7.x86_64 16/18
Cleanup : samba-common-4.10.16-5.el7.noarch 17/18
Cleanup : libldb-1.5.4-1.el7.x86_64 18/18
Verifying : libsmbclient-4.10.16-20.el7_9.x86_64 1/18
Verifying : pyldb-1.5.4-2.el7.x86_64 2/18
Verifying : libldb-1.5.4-2.el7.x86_64 3/18
Verifying : libwbclient-4.10.16-20.el7_9.x86_64 4/18
Verifying : samba-libs-4.10.16-20.el7_9.x86_64 5/18
Verifying : samba-common-libs-4.10.16-20.el7_9.x86_64 6/18
Verifying : samba-common-tools-4.10.16-20.el7_9.x86_64 7/18
Verifying : samba-common-4.10.16-20.el7_9.noarch 8/18
Verifying : pytalloc-2.1.16-1.el7.x86_64 9/18
Verifying : python-tdb-1.3.18-1.el7.x86_64 10/18
Verifying : samba-client-libs-4.10.16-20.el7_9.x86_64 11/18
Verifying : samba-4.10.16-20.el7_9.x86_64 12/18
Verifying : samba-client-libs-4.10.16-5.el7.x86_64 13/18
Verifying : libwbclient-4.10.16-5.el7.x86_64 14/18
Verifying : libldb-1.5.4-1.el7.x86_64 15/18
Verifying : libsmbclient-4.10.16-5.el7.x86_64 16/18
Verifying : samba-common-4.10.16-5.el7.noarch 17/18
Verifying : samba-common-libs-4.10.16-5.el7.x86_64 18/18
Installed:
samba.x86_64 0:4.10.16-20.el7_9
Dependency Installed:
pyldb.x86_64 0:1.5.4-2.el7 pytalloc.x86_64 0:2.1.16-1.el7 python-tdb.x86_64 0:1.3.18-1.el7 samba-common-tools.x86_64 0:4.10.16-20.el7_9
samba-libs.x86_64 0:4.10.16-20.el7_9
Dependency Updated:
libldb.x86_64 0:1.5.4-2.el7 libsmbclient.x86_64 0:4.10.16-20.el7_9 libwbclient.x86_64 0:4.10.16-20.el7_9
samba-client-libs.x86_64 0:4.10.16-20.el7_9 samba-common.noarch 0:4.10.16-20.el7_9 samba-common-libs.x86_64 0:4.10.16-20.el7_9
Complete!
Selinux 설정
- Linux의 보안을 강화해 주는 보안 강화 커널
- zero-day 공격 및 buffer overflow 등 어플리케이션 취약점으로 인한 해킹을 방지해 주는 핵심 구성요소
- disabled 보다 permissive 추천
[root@tiberovm ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
#SELINUX=enforcing
SELINUX=permissive
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
공유 폴더 생성
[root@tiberovm ~]# mkdir /shared
[root@tiberovm ~]# chmod 777 /shared/
Sambagroup 생성
[root@tiberovm ~]# groupadd sambagroup
유저 생성
[root@tiberovm ~]# useradd -G sambagroup educafe
[root@tiberovm ~]# cat /etc/group | grep -i sambagroup
sambagroup:x:1001:educafe
Samba 사용자 추가 (네트워크 연결시 사용할 유저)
[root@tiberovm ~]# smbpasswd -a educafe
New SMB password: edu
Retype new SMB password: edu
Added user educafe.
Samba 설정
경로 : vi /etc/samba/smb.conf
[root@tiberovm ~]# vi /etc/samba/smb.conf
# See smb.conf.example for a more detailed config file or
# read the smb.conf manpage.
# Run 'testparm' to verify the config is correct after
# you modified it.
[global]
workgroup = sambagroup <<추가
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @printadmin root
force group = @printadmin
create mask = 0664
directory mask = 0775
[Shared] <<추가 #공유되는 디렉토리에 대한 설명
comment = First Shared Folder #해당 공유디렉토리의 네임
path = /shared #물리적인 디렉토리
public = yes #여러사람들이 파일을 공유할 목적으로 사용할지 여부
browsable = yes #디렉토리를 보여
writable = yes #쓰기가 가능하도록 여부
write list = educafe #쓰기 허용할 계정
create mask = 0777 #생성되는 파일 권한
directory mask = 0777 #생성되는 폴더 권한
valid users = @sambagroup #허용되는 유저가 소속된 그룹
guest ok = no #다른사용자도 사용하게 할지 여부-올바르게 작성되었는니 체크
[root@tiberovm ~]# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
printcap name = cups
security = USER
workgroup = SAMBAGROUP
idmap config * : backend = tdb
cups options = raw
[homes]
browseable = No
comment = Home Directories
inherit acls = Yes
read only = No
valid users = %S %D%w%S
[printers]
browseable = No
comment = All Printers
create mask = 0600
path = /var/tmp
printable = Yes
[print$]
comment = Printer Drivers
create mask = 0664
directory mask = 0775
force group = @printadmin
path = /var/lib/samba/drivers
write list = @printadmin root
[Shared]
comment = First Shared Folder
create mask = 0777
directory mask = 0777
path = /shared
read only = No
valid users = @sambagroup
write list = educafe-samba 재기동
[root@tiberovm ~]# systemctl restart smb
[root@tiberovm ~]# systemctl enable nmb
Created symlink from /etc/systemd/system/multi-user.target.wants/smb.service to /usr/lib/systemd/system/smb.service.
'OS > Linux' 카테고리의 다른 글
| [SCHEDULER] CRONTAB 설정 관련 (0) | 2023.03.14 |
|---|---|
| [SHELL] 쉘스크립트_sql문 실행 (0) | 2023.03.09 |
| [SHELL] 쉘 스크립트_프로세스 상태 확인 (0) | 2023.03.09 |
| [OS] 커널 부팅 순서 변경하기 (0) | 2023.02.13 |
| [ADMIN] Centos7.x sudo 권한 부여 (0) | 2023.01.25 |
