模拟案列:
ABC公司有4个部门:sales+design+develop+ops
现在要分别给这四个部门设立各自独立的共享文件夹和一个都能读写的share文件夹
考虑到误删或者恶意删除同部门其他员工的文件,需要用到sticky属性,sticky一般作用在目录上,一旦作用了,那么这么目录下的文件只能由文件创始人或者root删除。
开干!
Step1 创建目录结构
mkdir -p /ABC/{design,sales,develop,ops,share{design,sales,develop,ops}} [[email protected] ABC]# tree /ABC/ /ABC/ |-- design |-- develop |-- ops |-- sales `-- share |-- design |-- develop |-- ops `-- sales
Step2 添加账户
我们为每个部门创建2个用户,编写脚本user.sh
#/bin/bash # DEPART=(sales design develop ops) for g in ${DEPART[@]};do groupadd $g for i in $(seq 1 2);do useradd -M -s /sbin/nologin -g ${g} ${g}$i done done
Step3 配置smb.conf
#======================= Global Settings ===================================== [global] workgroup = SAMBA server string = Samba Server netbios name = SAMBA # --------------------------- Logging Options ----------------------------- # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 # ----------------------- Standalone Server Options ------------------------ security = user passdb backend = tdbsam load printers = yes cups options = raw #============================ Share Definitions ============================== ;[homes] ; comment = Home Directory ; browseable = no ; writeable = no [sales] comment = sales share path = /ABC/sales browsable = yes guest ok = no writable = no write list = @sales [design] comment = design share path = /ABC/design browsable = yes guest ok = no writable = no write list = @design [develop] comment = develop share path = /ABC/develop browsable = yes guest ok = no writable = no write list = @sales [ops] comment = ops share path = /ABC/ops browsable = yes guest ok = no writable = no write list = @sales [share] comment = public share path = /ABC/share browsable = yes guest ok = no writable = yes
Step4.设定权限
chown :design /ABC/design
chown :sales /ABC/sales
chown :develop /ABC/develop
chown :ops /ABC/ops
chown :design /ABC/share/design
chown :sales /ABC/share/sales
chown :develop /ABC/share/develop
chown :ops /ABC/share/ops
chmod 1770 /ABC/{design,sales,ops,develop}
chmod 775 /ABC/share
chmod 1775 /ABC/share/{design,sales,ops,develop}
最后阶段:测试效果
以sales1用户为例,
相对根目录:sales1无法进入除了sales和share文件夹以外的其他目录。
相对sales目录:sales1可以新建,删除自己的文件。但无法删除sales2建立的文件(sticky起作用了)
相对share目录:sales1可以访问所有目录但只在sales目录内有写权限,同样由于设置了sticky权限,sales1无法删除sales2建立的文件。
至此,完成