我们最近有一位客户要求这样做;我不确定他们将来是否会要求多个用户访问此文件共享,因此我已将其设置为组。您能否仔细检查一下此设置,看看我是否遗漏了任何明显的问题,或者是否可以以更安全的方式做任何事情?HOWTO 脚本适用于同事。谢谢。
WINDOWS - do this first:
Create shared folder <newshare>
Create fileshare user <newuser>
Share permissions on <newshare>:
<newuser> read/write
Advanced sharing | permissions - change, read.
Security:
uncheck 'Full control' for <newuser>
Linux
sudo to root [$sudo -s]
Create new group - e.g. windowshare [$groupadd windowshare]
Create new folder - e.g. /mounts/windows
Create new user and add to new group - e.g. customeruser [$useradd -m -d /home/customeruser -s /bin/bash -G windowshare -U customeruser]
Create folder 'cifs' in /etc
Change permissions on folder to 600 (user root)
Create .smbcredentials file in /etc/cifs with <newuser> windows credentials with user=<newuser> CR password=<password>
Create new line in /etc/fstab: //WINDOWSSERVER/share$ /mounts/windows cifs gid=windowshare,credentials=/etc/cifs/.smbcredentials,iocharset=utf8,sec=ntlm,file_mode=0770,dir_mode=0770 0 0
Put 'mount /mounts/windows' in /etc/rc.local to ensure shares mount at boot time if necessary.
run 'mount -a' as root
check customeruser user permissions on share:
$su - customeruser [enter password]
$cd /mounts/windows
$touch testfile.txt [should see file appear on windows share]
$mkdir testfilectory
$rm -rf testfilectory
$rm testfile.txt
$exit