blog
Table des matières
- 2026:
- 2025:
4 billet(s) pour mars 2026
| Find list - Trouver des fichiers à partir d'une liste | 2026/03/18 14:32 | Jean-Baptiste |
| AWX inventaire vault | 2026/03/17 18:04 | Jean-Baptiste |
| AWX - Configuration git en local (sans serveur web) | 2026/03/05 16:24 | Jean-Baptiste |
| OpenSMTP | 2026/03/03 16:58 | Jean-Baptiste |
Serveur Samba SMB CIFS
Voir aussi
- ksmbd: un nouveau serveur SMB intégré au noyau (mais problématique de sécurité)
Notes
RHEL6 ne supporte pas le protocole SMB2 et +
Configuration
rlimit_max (1024) below minimum Windows limit (16384)
/etc/security/limits.d/30-samba.conf
root - nofile 16385
Défaut est max open files = 16385
Voir https://www.tecmint.com/install-samba-on-rhel-8-for-file-sharing-on-windows/
/etc/samba/smb.conf
[global] workgroup = WORKGROUP server string = Samba netbios name = SAMBA client ipc min protocol = SMB3 client min protocol = SMB3 server min protocol = SMB2 disable netbios = Yes disable spoolss = Yes domain master = No load printers = No local master = No log file = /var/log/samba/log.%m # Size in KB max log size = 200000 name resolve order = host printcap name = /dev/null security = USER smb ports = 445 idmap config * : backend = tdb passdb backend = tdbsam cups options = raw printing = bsd #log level = 3 #restrict anonymous = 2 #nt pipe support = no #interfaces = eth* lo #bind interfaces only = yes #fstype = Samba host msdfs = no server services = -s3fs, -rpc, -nbt, -wrepl, -ldap, -cldap, -kdc, -drepl, -winbindd, -ntp_signd, -kcc, -dnsupdate, -dns [public] comment = Public read only = Yes path = /data/shared/public [shared] #guest ok = Yes #browseable = No comment = Shared path = /mnt/shared read only = No #force user = jean valid users = jean write list = jean #[IPC$] # hosts allow = 192.168.115.0/24 127.0.0.1 # hosts deny = 0.0.0.0/0
Nul besoin de redémarrer le service, les modifications sont automatiquement prises en compte. Pour vérifier
testparm
Pour tester la connexion
smbclient -N -L 127.0.0.1 smbclient -N //127.0.0.1/shared smbclient -U user%password //127.0.0.1/shared
Si besion modifier /etc/sysconfig/iptables ou firewalld
#iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT
Exemple :
/etc/samba/smb.conf
[partage] comment = Commentaires... path = /var/www force user = web #valid users = web browseable = yes writable = yes
Valider la configuration
testparm
Reload de la conf sans redémarrer
smbcontrol all reload-config
Redémarrer le service
systemctl restart smb
Faire un include d'un fichier de config.
C'est une fausse bonne idée car pas de reload automatique
/etc/samba/smb.conf
[global] path = /dev/null [includes] available = No include = /etc/samba/smb.d/shared.conf
/etc/samba/smb.d/shared.conf
[shared] comment = Shared path = /mnt/shared read only = No
Authentification / comptes
Comment c'est configuré
testparm -sv /dev/null | grep auth testparm -s '--parameter-name=server role'
Autoriser un utilisateur / définition du MDP
#pdbedit -a utilisateur smbpasswd -a utilisateur
Les utilisateurs à ajouter doivent exister au préalable dans /etc/passwd.
Cette option (et les suivantes) n'est disponible que lorsque smbpasswd est exécuté en tant que root
Supprimer un compte (retour arrière à précédent)
smbpasswd -x supervision
Désactiver un compte
smbpasswd -d supervision
Liste tous les comptes
pdbedit -L
Vérif l’existence de l'utilisateur pirate
pdbedit -u pirate
Dans un script shell
$ echo -n "P@ssw0rd" | base64 UEBzc3cwcmQ=
Duplication de l'entrée standard avec tee
# tee /dev/stdout echo "UEBzc3cwcmQ=" | ( base64 -di ; echo ) | tee >(echo "$(</dev/stdin)") | smbpasswd -as user_samba
Désactiver l'impression
/etc/samba/smb.conf
[global] load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes
Source : http://mugurel.sumanariu.ro/linux/linux-how-to-disable-printing-in-samba/
Debug
/etc/samba/smb.conf
[global] log level = 3
Pas besoin de redémarrer le service, le reload est auto
Notes
smbstatus
Pb
Receiving SMB: Server stopped responding - Call returned zero bytes (EOF) opening remote
smb: \> get plop Receiving SMB: Server stopped responding Call returned zero bytes (EOF) opening remote file \plop
Solution
Le pb venait du fait que la partition /var était pleine.
Pb de connection depuis windows err NT_STATUS_WRONG_PASSWORD
Solution 1 (insecure)
/etc/samba/smb.conf
[global] ntlm auth = yes #client ntlmv2 auth = yes
Exemple de conf
Install sous RedHat / CentOS
cp -p /etc/samba/smb.conf /etc/samba/smb.conf.bak egrep -v '^$|^#|^;' /etc/samba/smb.conf.bak > /etc/samba/smb.conf
/etc/samba/smb.conf
[global] workgroup = WORKGROUP dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = standalone server passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [tmp] path = /tmp comment = TEMP browseable = yes read only = no create mask = 0660 directory mask = 0770 guest ok = yes [partage] comment = Partage path = /data/ force user = utilisateur1 #public = yes valid users = @groupe1, jean write list = @groupe1, jean browseable = yes writable = yes read only = no
Autres
Pour conteneurs
/usr/sbin/smbd -F -S
Remplacer uuencode/uudecode par openssl
Voir aussi :
- base58
Exemple
$ echo -n "Test" | openssl base64 VGVzdA==
$ echo "VGVzdA==" |openssl base64 -d Test
En encore
cat /usr/share/doc/systemd/LICENSE.LGPL2.1 |head -12 |gzip |openssl base64
H4sIAAsBF1cAA2VRwW7CMAy95yvecZO6ijLtwBFQQUgdQnTsMu2Qti6NVhKUuCD+ fg6MHTYrOdh+7/nJBv7Gcr1DkZdlvsUyX+fbaYHNblas5pCfr8tc/aPc4p18MM5i nGYJFlT5QfsLsslkohTm7njxZt8xHuaPsSiY2MLCE6F0LZ+1JyzcYBvNIpNgZetU 4SUTiLZfvbEoWcAs4qblDoveOZ9g5gJH+OsUGI2zbPSUPY8yYFdOFfIT+YuzBBNw JH8wzNSAHWrxA20bNCawN9XABMFWMvsQm4aCgmvBnTB7U5MNhMbVw4GsOBA86k7b vbF7GI7y1jF037szNalSH2+RKI87Qmt8YHjqSQcZf/pZ1FWeUFAI5LHcFCmwiiIh +hssiwV9UwhDXQvM+TvpeiVT+bjizVCJQ0mvLpNf/XGCjmxN6sq4V+1wqGScXCn9 VOob+cnrRwACAAA=
( cat <<EOF H4sIAAsBF1cAA2VRwW7CMAy95yvecZO6ijLtwBFQQUgdQnTsMu2Qti6NVhKUuCD+ fg6MHTYrOdh+7/nJBv7Gcr1DkZdlvsUyX+fbaYHNblas5pCfr8tc/aPc4p18MM5i nGYJFlT5QfsLsslkohTm7njxZt8xHuaPsSiY2MLCE6F0LZ+1JyzcYBvNIpNgZetU 4SUTiLZfvbEoWcAs4qblDoveOZ9g5gJH+OsUGI2zbPSUPY8yYFdOFfIT+YuzBBNw JH8wzNSAHWrxA20bNCawN9XABMFWMvsQm4aCgmvBnTB7U5MNhMbVw4GsOBA86k7b vbF7GI7y1jF037szNalSH2+RKI87Qmt8YHjqSQcZf/pZ1FWeUFAI5LHcFCmwiiIh +hssiwV9UwhDXQvM+TvpeiVT+bjizVCJQ0mvLpNf/XGCjmxN6sq4V+1wqGScXCn9 VOob+cnrRwACAAA= EOF ) | openssl base64 -d | gzip -d > plop.txt
Base64 sans line return : \ Utilisez '-A' Exemple
cat plop.sh |openssl base64 |tr -d '\n' |openssl base64 -A -d
Alternatives
Base45 :
Utiliser Git pour vos logos en SVG
Voir http://w.xuv.be/projects/design_with_git
Faire du diffing graphique (oui ! pas en texte) avec Git sur des images vectorielle en SVG
compare.py
#!/usr/bin/env python import sys, os inkscape = "inkscape" local = sys.argv[1] remote = sys.argv[2] tempdir = "/home/markv/gittemp/" localpng = tempdir+"local.png" remotepng = tempdir+"remote.png" if(not (remote.endswith(".svg") and (local != "/dev/null"))): os.system("xxdiff %s %s" % (local, remote)) else: os.system(inkscape+" "+local+" --export-png="+localpng+" -w600 -h900 -C -bffffff -y1.0") os.system(inkscape+" "+remote+" --export-png="+remotepng+" -w600 -h900 -C -bffffff -y1.0") os.system("compare "+localpng+" "+remotepng+" - | display") os.remove(localpng) os.remove(remotepng)
Ajoutez dans votre .gitconfig (adapter le chemin)
~/.gitconfig
[difftool "compare"] cmd = "/home/USER/bin/compare.py $LOCAL $REMOTE - | display"
Puis par exemple
git difftool -y -t compare
Note commande unzip zip
unzip
$ unzip -l plop.zip
Archive: plop.zip
Length Date Time Name
--------- ---------- ----- ----
39 2015-01-22 17:27 mimetype
273 2015-01-22 17:27 layout-cache
921513 2015-01-22 17:27 ObjectReplacements/Obj101
921513 2015-01-22 17:27 ObjectReplacements/Obj100
10265 2015-01-22 17:27 ObjectReplacements/Object 1
1655 2015-01-22 17:27 meta.xml
233249 2015-01-22 17:27 content.xml
931840 2015-01-22 17:27 Obj100
135587 2015-01-22 17:27 styles.xml
899 2015-01-22 17:27 manifest.rdf
10111 2015-01-22 17:27 settings.xml
0 2015-01-22 17:27 Configurations2/toolpanel/
0 2015-01-22 17:27 Configurations2/statusbar/
0 2015-01-22 17:27 Configurations2/popupmenu/
0 2015-01-22 17:27 Configurations2/images/Bitmaps/
0 2015-01-22 17:27 Configurations2/toolbar/
0 2015-01-22 17:27 Configurations2/progressbar/
0 2015-01-22 17:27 Configurations2/floater/
0 2015-01-22 17:27 Configurations2/accelerator/current.xml
0 2015-01-22 17:27 Configurations2/menubar/
931840 2015-01-22 17:27 Obj101
3765 2015-01-22 17:27 Thumbnails/thumbnail.png
0 2015-01-22 17:27 Object 1/Configurations2/menubar/
0 2015-01-22 17:27 Object 1/Configurations2/statusbar/
0 2015-01-22 17:27 Object 1/Configurations2/toolbar/
0 2015-01-22 17:27 Object 1/Configurations2/progressbar/
0 2015-01-22 17:27 Object 1/Configurations2/images/Bitmaps/
0 2015-01-22 17:27 Object 1/Configurations2/popupmenu/
0 2015-01-22 17:27 Object 1/Configurations2/accelerator/current.xml
0 2015-01-22 17:27 Object 1/Configurations2/floater/
0 2015-01-22 17:27 Object 1/Configurations2/toolpanel/
3711 2015-01-22 17:27 Object 1/settings.xml
10400 2015-01-22 17:27 Object 1/content.xml
7579 2015-01-22 17:27 Object 1/styles.xml
2455 2015-01-22 17:27 META-INF/manifest.xml
--------- -------
4126694 35 files
$ unzip -Z1 plop.zip mimetype layout-cache ObjectReplacements/Obj101 ObjectReplacements/Obj100 ObjectReplacements/Object 1 meta.xml content.xml Obj100 styles.xml manifest.rdf settings.xml Configurations2/toolpanel/ Configurations2/statusbar/ Configurations2/popupmenu/ Configurations2/images/Bitmaps/ Configurations2/toolbar/ Configurations2/progressbar/ Configurations2/floater/ Configurations2/accelerator/current.xml Configurations2/menubar/ Obj101 Thumbnails/thumbnail.png Object 1/Configurations2/menubar/ Object 1/Configurations2/statusbar/ Object 1/Configurations2/toolbar/ Object 1/Configurations2/progressbar/ Object 1/Configurations2/images/Bitmaps/ Object 1/Configurations2/popupmenu/ Object 1/Configurations2/accelerator/current.xml Object 1/Configurations2/floater/ Object 1/Configurations2/toolpanel/ Object 1/settings.xml Object 1/content.xml Object 1/styles.xml META-INF/manifest.xml
Vérifier l'intégrité
unzip -t plop.zip unzip -qt plop.zip
Décompression
unzip plop.zip
zip
Créer une archive / compresser un dossier
zip -r plop.zip dir1/ dir2/
Comparaison /diff
zipcmp file1.zip file2.zip
pkgdiff -hide-unchanged file1.zip file2.zip
Un MakeFile pour rpmbuild
Voir aussi :
- Python invoke https://www.pyinvoke.org/
- o-task https://taskfile.dev/
- Make.rules
Makefile
clean: SHELL:=/bin/bash build: SHELL:=/bin/bash FicSpec = $(shell echo *.spec) RpmName = $(shell grep -e '^%define name' $(FicSpec) |awk '{print $$3}') RpmVersion = $(shell grep -e '^%define version' $(FicSpec) |awk '{print $$3}') RpmRelease = $(shell grep -e '^%define release' $(FicSpec) |awk '{print $$3}') StringRpmFullname = $(RpmName)-$(RpmVersion)-$(RpmRelease).$(shell uname -m) all: build clean clean: rm -rf $$HOME/rpmbuild cleanall: clean rm -f *.rpm copy: cleanall mkdir -p $$HOME/rpmbuild/{BUILDROOT,SPECS} mkdir -p $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname) cp -a ROOT/* $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname) cp -p $(FicSpec) ~/rpmbuild/SPECS/ build: copy rpmbuild -bb ~/rpmbuild/SPECS/*.spec mv ~/rpmbuild/RPMS/*/*.rpm .
Le clean se fait bien avant, mais pas après le build.
C'est comme si :
all: build clean
Etait
all: build
Solution :
Makefile
clean: SHELL:=/bin/bash build: SHELL:=/bin/bash FicSpec = $(shell echo *.spec) RpmName = $(shell grep -e '^%define name' $(FicSpec) |awk '{print $$3}') RpmVersion = $(shell grep -e '^%define version' $(FicSpec) |awk '{print $$3}') RpmRelease = $(shell grep -e '^%define release' $(FicSpec) |awk '{print $$3}') StringRpmFullname = $(RpmName)-$(RpmVersion)-$(RpmRelease).$(shell uname -m) all: build cleanagain clean: rm -rf $$HOME/rpmbuild cleanall: clean rm -f *.rpm cleanagain: ${MAKE} clean copy: cleanall mkdir -p $$HOME/rpmbuild/{BUILDROOT,SPECS} mkdir -p $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname) cp -a ROOT/* $$HOME/rpmbuild/BUILDROOT/$(StringRpmFullname) cp -p $(FicSpec) ~/rpmbuild/SPECS/ build: copy rpmbuild -bb ~/rpmbuild/SPECS/*.spec mv ~/rpmbuild/RPMS/*/*.rpm .
Exemple avec le paquet Python mycli
mkdir -p ~/rpm/ROOT cd ~/rpm
Déposez le Makefile dans ~/rpm/
~/rpm/mycli.spec
%define name mycli
%define version 1.21.1
%define release 1
%define debug_package %{nil}
Summary: CLI for MySQL/MariaDB
Name: %{name}
Version: %{version}
Release: %{release}
Vendor: NC
Group: Database
License: MIT License
URL: https://www.mycli.net
Source0: https://github.com/dbcli/mycli
BuildRequires: rpm-build
Requires: python38
#BuildArch: noarch
%description
This is a command line interface for MySQL, MariaDB, and Percona with
auto-completion and syntax highlighting. The CLI is also capable of pretty
printing tabular data.
#%post
#set -e
%doc
#%changelog
%files
%defattr(755,root,root,644)
export http_proxy=http://127.0.0.1:3128 export https_proxy=http://127.0.0.1:3128 pip3 install --user mycli mkdir -p ~/rpm/ROOT/opt/mycli cp -a ~/.local/* ~/rpm/ROOT/opt/mycli/ mkdir -p ~/rpm/ROOT/usr/local/bin/ find /home/etudes/rpm/ROOT/ -type f -name "*.pyc" -delete
~/rpm/ROOT/usr/local/bin/mycli
#!/bin/sh env PYTHONPATH=/opt/mycli/lib/python3.8/site-packages/ /opt/mycli/bin/mycli "$@"
cd ~/rpm/ROOT find . -type f |sed -e 's/^\.//' >> ../mycli.spec cd ~/rpm/ make
Pb
did you mean TAB instead of 8 spaces?
$ make Makefile:18: *** missing separator (did you mean TAB instead of 8 spaces?). Stop.
Solution
sed -i.bak -e 's/^[ ]\+/\t/g' Makefile
blog.txt · Dernière modification : de 127.0.0.1