debian samba文件夹共享服务配置

debian开启samba文件夹共享服务,配置用户/密码。

1.安装samba服务

apt-get install samba

2.创建用户
useradd -m smb
设置密码
passwd xxxxx

3.设置samba访问共享账户密码,会要求你输入samba帐户的密码
smbpasswd -a smb

New SMB password:
Retype new SMB password:

列出现有的Samba用户列表:
pdbedit -w -L

4.修改/etc/samba/smb.conf,配置共享文件夹属性,在末尾处添加:

[smb name xxx]
path = /mnt/xxxxxxxx
writable = yes
guest ok = yes
write list = smb
valid users = smb
display charset = UTF-8
unix charset = UTF-8
dos charset = cp936

5.重启samba服务
systemctrl restart smbd

适配局域网小米电视配置的SMB

#
# Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which 
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
#  - When such options are commented with ";", the proposed setting
#    differs from the default Samba behaviour
#  - When commented with "#", the proposed setting is the default
#    behaviour of Samba but the option is considered important
#    enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic 
# errors. 

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

#### Networking ####

# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
;   interfaces = 127.0.0.0/8 eth0

 hosts allow = 192.168.     //只允许192.168.0.0的网段访问

# Only bind to the named interfaces and/or networks; you must use the
# 'interfaces' option above to use this.
# It is recommended that you enable this feature if your Samba machine is
# not protected by a firewall or is a firewall itself.  However, this
# option cannot handle dynamic or non-broadcast interfaces correctly.
;   bind interfaces only = yes

#### Debugging/Accounting ####

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Cap the size of the individual log files (in KiB).
   max log size = 1000

# We want Samba to only log to /var/log/samba/log.{smbd,nmbd}.
# Append syslog@1 if you want important messages to be sent to syslog too.
   logging = file

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

# Server role. Defines in which mode Samba will operate. Possible
# values are "standalone server", "member server", "classic primary
# domain controller", "classic backup domain controller", "active
# directory domain controller". 
#
# Most people will want "standalone server" or "member server".
# Running as "active directory domain controller" will require first
# running "samba-tool domain provision" to wipe databases and create a
# new domain.
   server role = standalone server

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# username map = /etc/samba/smbusers  //用来定义用户名映射,比如可以将root换成administrator、admin等

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user

########## Domains ###########

#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap config * :              backend = tdb
;   idmap config * :              range   = 3000-7999
;   idmap config YOURDOMAINHERE : backend = tdb
;   idmap config YOURDOMAINHERE : range   = 100000-999999
;   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 means that usershare is disabled.
#   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================

[homes]
   comment = Home Directories
   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin

security = share

[tv]
path = /mnt/downloads
writable = yes
guest ok = yes
#write list = tv
#valid users = tv
display charset = UTF-8
unix charset = UTF-8
dos charset = cp936

samba配置详解

第一部分:Samba服务的控制选项(用户控制、访问控制)

1 用户控制

public = no 不允许匿名用户访问
browseable = yes 不隐藏目录(知道目录同样可以访问) (系统默认yes,可以不写)
valid users = 用户或列表或@用户组
writable = yes 可写(目录本身要可写)
writable list = 用户或列表或@用户组
readonly = yes 是否设置只读(系统默认yes,可以不写)
create mask = 0744 控制客户机创建文件的权限(系统默认0744)
directory mask = 0744 控制客户机创建目录的权限(系统默认0755)

2,访问控制

max connections = 最大连接数目
deadtime = 断掉连接时间(分钟)0为不限制

注:在全局里增加

hosts deny = .sale.com .net free 表示禁止.sale.com域和.net域及主机名为free的客户端访问
hosts deny = All 表示所有客户端,并不是说允许主机名为ALL的客户端可以访问。常用的通配符还有“*”,“?”,“LOCAL”等
hosts allow = 192.168.0. EXCEPT 192.168.0.100 192.168.0.78 表示允许192.168.0.0网段IP地址访问,但是192.168.0.100和192.168.0.78除外

注:在可在全局与局部里增加

注::允许优先

第二部分:几个关键字段

根据需要增加在全局里面。虽然简单,但功能不简单,大家在用到的时候慢慢来体会。

include = /etc/samba/%G.smb.conf   调用用户组相关 的配置文件
include = /etc/samba/%U.smb.conf   调用用户相关的配置文件
username map = /etc/samba/smbusers  调用映射用户账号的配置文件

第三部分:和Samba有关的一些命令

批量增加SMB用户

复制代码代码示例:

# for user in 用户列表
do
useradd -g group -s shell $user
smbpasswd -a $user
done

编辑SMB的用户账号相关命令

smbpasswd
smbpasswd -a 增加一个账号
smbpasswd -d 禁用一个账号
smbpasswd -e 启用一个账号
smbpasswd -x 删除一个账号
smbpasswd 更改用户密码

pdbedit

pdbedit -L 列出SMB中的账号
pdbedit -a 增加一个账号
pdbedit -x 删除一个账号

注:上面两个命令,大家根据需要选择

Linux客户端的访问工具

smbtree 显示局域网中的所有共享主机和目录列表
smbtree -D 只显示局域网中的工作组或域名。后面可以加上-U username%passwd ,则表示是相关用户的访问权限

nmblookup 某个主机的netbios主机名或工作组。 # 显示相应的IP

smbclient命令格式
smbclient -L //主机名或IP地址 -U 登录用户名  # 列出目标主机共享资源列表
smbclient  //主机名或IP地址/共享目录名 -U 登录用户名 # 使用共享资源

mount命令格式

mount //目标IP地址或主机名/共享目录名称 挂载点 -o username=用户名 # 挂载共享
umount 挂载点 # 卸载共享
smbtar -s server –u user –p passwd –x shareneam –t output.tar # 把远程 的内容备份到本地
tar tvf *.tar # 查看TAR文件包里面的的内容

第四部分:实例详解

  • 例1,员工可以在公司内流动办公,无论在任何一台机器上工作,都能把自己的文件放到服务器里,同时不能使用服务器上的SHELL。(注解:SMB中有关于用户家目录的默共享
    设置,我们只要 设置USER级别,然后再增加用户和指定不可用的SHELL)
    smb.conf配置文件更改的内容如下

复制代码代码示例:

security = user
[homes]
comment = Home Directories
browseable = no

writable = yes
valid users = %S

配置好后,就重新启动SMB服务

复制代码代码示例:

useradd user -s /dev/null
smbpasswd -a user

增加好用户和密码后,直接测试!
不用重新启动SMB服务!

  • 例2,建立共享目录student,它的本机路径为“/home/student”,只有teachers组的用户可以读写该目 录,students用户组只能读取。(注解:这个关键是不同组对同一个目
    录的权限设置,student这 个目录属于students用户组,并设置他的OTHER 权限为7,我们通过这个OTHER权限来实现teachers组对student目录的访问,通过SMB的配置文件来
    限制用户访问)

复制代码代码示例:

mkdir /home/student
groupadd students
groupadd teachers
useradd -g students user
useradd -g teachers user
smbpasswd -a user
chgrp students /home/student
chmod 757 /home/student
chmod g+s /home/student

smb.conf配置文件更改的内容如下

复制代码代码示例:

security = user
[student]
 path = /home/student
 comment = student
 write list = @teachers
 valid users = @teachers @students

重新启动SMB服务,进行测试。

  • 例3,公司有二个部门( sales market ),销售部和市场部有自己单独的共享目录,只可以总经理和相应部门员工访问,并且公司员工禁止访问非本部门的共享目录。(注
    解:这一个内容与第二个类似,只是用户组变成用户,多了一个用户组,只需要把文件夹所有者给总经理,所属组为用户 组就OK)

复制代码代码示例:

mkdir /home/sales
mkdir /home/market
groupadd sales
groupadd market
useradd -g sales user
useradd -g market user
smbpasswd -a user
chgrp sales /home/sales
chgrp market /home/market
chown ceo /home/sales
chown ceo /home/market
chmod 770 /home/sales
chmod 770 /home/market
chmod g+s /home/sales
chmod g+s /home/market

smb.conf配置文件更改的内容如下

复制代码代码示例:

security = user
[sales]
 path = /home/sales
 comment = sales
 write list = @sales ceo
 valid users = @sales ceo
 create mask = 0770
 directory mask = 0770
[market]
 path = /home/market
 comment = market
 write list = @market ceo
 valid users = @market ceo
 create mask = 0770
 directory mask = 0770

重新启动SMB服务,进行测试。

  • 例4,实现在登陆的时候只能看到自己的共享目录,没有权限访问的看不到。

(注解:其实实现这个主要靠加载独立的配置文件来实现,只要把独立的文件设置好相应的权限就 OK,SMB主配置文件中加入独立的配置文件,其他不用设置)
关于用户的增加我这里 就不写出来了,和上面的没有区别。(略过)

首先,把源始的smb.conf COPY 出来,后面加上相应的用户或者组, 如:smb.conf.user smb.conf.group
然后,配置各己的配置文件。

如:smb.conf.ceo

复制代码代码示例:

[sales]
 comment = sales
 path = /home/sales
 writeable = yes
 valid users = ceo
 create mask = 0770
 directory mask = 0770

[markets]
 comment = markets
 path = /home/markets
 writeable = yes
 valid users = ceo
 create mask = 0770
 directory mask = 0770

如:smb.conf.sales

复制代码代码示例:

[sales]
 comment = sales
 path = /home/sales
 writeable = yes
 valid users = @sales
 create mask = 0770
 directory mask = 0770

如:smb.conf.markets

复制代码代码示例:

[markets]
 comment = markets
 path = /home/markets
 writeable = yes
 valid users = @markets
 create mask = 0770
 directory mask = 0770

主配置文件如下:

复制代码代码示例:

security = user
 include = /etc/samba/smb.conf.%G
 include = /etc/samba/smb.conf.%U

其他的不用设置,重新启动SMB服务,然后测试!

第五部分:Samba服务搭建的注意事项
1、防火墙和SELinux
2、主机名
3、建立Samba用户
4、用户的权限
5、目录的权限
6、其他事项

第六部分:Samba服务排错
(1)错误信息
(2)配置文件
(3)日志文件

testparm   #查看配置文件
testparm /etc/samba/smb.conf 主机名 IP  #测试具体机器能否访问及访问的范围
[netstat](http://www.jbxue.com/shouce/linuxcmd/网络通讯/netstat.html) –tlunp | grep service #显示服务的对应端

就是这些了,为大家详细介绍了samba的服务安装与配置、及相关的注意事项,希望对大家有所帮助。

Brompton全车扭矩值

Brompton全车扭矩值

转载,原创:十字南天 (- 北京芳草地Brompton 店长) - 小布折叠车 2020-03-16

  • 2017款以前用△标记

  • 2017款以后用▲标记

  • 特殊扭矩另行标注年份

-2020.3.15修正-

▲把套锁环螺丝 1.5Nm
△ 刹把螺丝 2Nm
▲刹把螺丝 2.5Nm
▲铃螺丝 N/A
▲指拨固定螺丝 N/A
△ 旧款指拨锁环螺丝 5Nm
△▲把横锁固螺丝 18Nm
△ 旧款钢版头管固定螺丝(吊芯)16Nm
△ 旧款钛版头管固定螺丝(吊芯)15Nm
△ 骑行里程足够多,并进行二次拆装时,吊芯 20Nm
▲新款钢版头管固定螺丝(吊芯)30Nm
▲新款钛版头管固定螺丝(吊芯)30Nm
△▲头管卡钳螺丝 9Nm
△▲托座螺丝 4Nm
△▲发电车灯固定螺丝 3Nm
▲前夹器锁固螺母 8Nm
▲前挡泥板支架连接前叉螺丝 N/A
▲挂钩螺丝 3.5 Nm
△▲挡泥板连接支架螺丝 4Nm
△▲超轻前轮/发电轮螺杆 8Nm
△ 普通前轮螺母 15Nm
▲普通前轮螺母 12Nm
△▲座垫转接块螺丝 15Nm
△▲盘钉 10Nm
△▲旧换新盘片后盘钉 12Nm
▲曲柄螺丝 30Nm
△ 旧款一体式盘片曲柄 40Nm
▲脚踏螺丝 30Nm
△▲锁紧状态下座管夹螺母 4Nm-7Nm
△ 旧款膨胀座管塞 拧10圈
△ 避震螺母 与螺丝头平齐
△▲易行轮螺丝 2Nm
△▲蘑菇头迫紧螺丝 8Nm
MK2(2000年3月以前生产)夹器锁固螺母 14Nm
MK3后夹器锁固螺母 10Nm
△▲夹器钢线夹紧螺丝 8Nm
△ 刹车块锁固螺母 8Nm
▲刹车块锁固螺母 6Nm
△▲内变钢线夹紧小链条(线卡) 3Nm
△▲挡泥板(货架)支架固定后叉螺丝 3Nm
▲拨链器螺丝 N/A
△▲张链器螺母 大于手拧的力度且不超过5Nm
▲张链器导轮螺丝 N/A
▲张链器力臂螺丝 N/A
△▲后叉转轴固定螺丝 10Nm
▲单速两速后轮螺母 15Nm
▲三速六速后轮螺母 18Nm

头管的锁固螺丝一定要注意扭矩值,已经出现很多因为错误扭矩导致前叉上管爆裂的例子: