[OpenIndiana-discuss] CIFS server on oi_148

Gordon Ross gordon.w.ross at gmail.com
Wed Jan 18 03:21:32 UTC 2012 

If you're logged in with appropriate privileges (i.e. root or some
account that's a member of the Administrators group) then
you can right click on the share in Windows and edit the
share connect security settings.

On Mon, Jan 9, 2012 at 4:22 PM, Martin Frost <me at cs.stanford.edu> wrote:
> What about restricting who can login to a given share?  I have that
> capabiity under Samba on Linux, as demonstrated below in the smb.conf
> snippet.
>
> Is anyone use CIFS/OI with an smb.conf file?
>
> Martin
>
>  > Date: Tue, 3 Jan 2012 23:39:05 +0100
>  > From: Robin Axelsson <gu99roax at student.chalmers.se>
>  >
>  > I guess you have two ways to control  user access to different shares,
>  > one is the Unix style and the other is through ACLs. From my experience
>  > the kernel-CIFS server has sometimes ignored the Unix/Posix permission
>  > bits that I set. For example even if I say "chmod 444" a file I can
>  > still delete the file over the network, I don't remember the specifics
>  > now but some things worked whereas other did not. But I think you can
>  > have different shares for different users by chowning the different file
>  > systems to different users.
>  >
>  > Then I started working with the ACL based permission bits and I was more
>  > successful with that (I never did anything serious with it, I just tried
>  > it out and saw that it works). To work with ACLs you need to use the
>  > /bin/ls, /bin/chmod etc and look at the man pages specifically for
>  > '/bin/ls' for more information on ACLs. My guess is that access control
>  > using ACLs is what you are looking for and it is a bit different from
>  > the way you administrate samba configurations, at least so I heard as
>  > I've never configured a samba server for outbound file sharing.
>  >
>  > Managing ACLs on Solaris/OpenSolaris have been reportedly a difficult
>  > thing to do and get around but maybe things have become easier in the
>  > development process of OpenIndiana. After all it has been quite a while
>  > since I looked into ACLs on OpenSolaris.
>  >
>  > NFS is beyond my knowledge but I assume that NFS is Linux/Unix only. As
>  > far as I know there is no support for NFS sharing (or client access
>  > thereto) on Windows systems. I know that there used to be a Unix for
>  > Windows package somewhere that Microsoft published (SFU3.5) but I think
>  > it is only for old 32-bit operating systems.
>  >
>  > Robin.
>  >
>  > On 2011-12-27 08:20, Martin Frost wrote:
>  > > We have Windows machines that need to access ZFS filesystems under
>  > > oi_148 that are also exported via NFS to Linux machines.
>  > >
>  > > I need to be able to specify which filesystems each Windows user can
>  > > see.  Below is a sample of what I do on a Linux system to restrict
>  > > Samba access for a given share to certain users.  Can this be done
>  > > under OI/CIFS?
>  > >
>  > >      [fin]
>  > >         comment = Fin
>  > >         path = /home/fin
>  > >         valid users = fin,user1,user2,user3
>  > >         create mask = 0770
>  > >         directory mask = 0770
>  > >         force group = fin
>  > >
>  > > I'm hoping to use the in-kernel CIFS server, as I assume it provides
>  > > better performance, but I'm not clear about the configuration
>  > > differences between the Samba server and the in-kernel CIFS server
>  > > under OI.
>  > >
>  > > I ran:
>  > >
>  > >     zfs create -o casesensitivity=mixed -o nbmand=on thepool/test1
>  > >     zfs set sharenfs='rw=remotehostfqdn,root=remotehostfqdn thepool/test1
>  > >     zfs set sharesmb=on thepool/test1
>  > >
>  > > and that made the test1 filesystem mountable via 'smb:/server/thepool'
>  > > from Finder on a Mac (so I assume it will work from Windows too).
>  > >
>  > > I noticed that the first time I set sharesmb on, /usr/lib/smbsrv/smbd
>  > > got started up.  Is this the non-kernel Samba server??
>  > >
>  > > There is no smb.conf file.  There is a /etc/samba/smb.conf-example,
>  > > but nothing like smb.conf shows up in 'strings /usr/lib/smbsrv/smbd'.
>  > > And 'man smbd' doesn't mention any configuration file.  I do see a man
>  > > page for smb.conf' -- can I use an smb.conf file with the in-kernel
>  > > CIFS server?  If so, would it live in /etc/samba?
>  > >
>  > >
>  > > I've added this to /etc/pam.conf so that users get Samba passwords:
>  > >
>  > >    other password required pam_smb_passwd.so.1 nowarn
>  > >
>  > > Since the OI machine is only a fileserver, I don't want the users to
>  > > ssh into the machine, so unless there's a better way, I plan to lock
>  > > the Samba users' passwords in /etc/shadow.
>  > >
>  > > Thanks for your help.
>  > >
>  > > Martin
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss

More information about the OpenIndiana-discuss mailing list