samba服务配置
# 系统环境
- debian 12
# 安装
apt install samba
# 常用命令
- 查看用户
pdbedit -L
- 为root用户设置smb密码
smbpasswd -a root
# 常用配置
/etc/samba/smb.conf,增强安全性设置
# global不要修改
[global]
workgroup = WORKGROUP
interfaces = <IP>
bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = standalone server
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
#==========安全===========
map to guest = Never
usershare allow guests = no
# 禁用共享列表浏览
browseable = no
# 防止匿名枚举共享(增强安全)
restrict anonymous = 2
# 可选:限制仅允许认证用户访问元数据
access based share enum = yes
# 禁用 NetBIOS 服务
disable netbios = yes
# 强制仅使用 SMB over TCP(端口 445)
smb ports = 445
#==========优化===========
# 禁用过时的 SMB1,强制使用 SMB3
min protocol = SMB3
server min protocol = SMB3
client min protocol = SMB3
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288
read raw = yes
write raw = yes
getwd cache = yes
# 关闭打印服务(若不需要)
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# 减少日志级别
log level = 1
[back]
path = <SHARE PATH>
# 设置只读
writeable=no
writeable = no
read only = yes
create mask=0777
directory mask=0777
create mask = 0777
directory mask = 0777
valid users = root
guest ok = no
# 增强安全性
- 关闭
nmbd服务
systemctl disable nmbd
systemctl stop nmbd
上次更新: 2025/03/22, 03:52:10