[OpenIndiana-discuss] CIFS server on oi_148
Martin Frost
me at cs.Stanford.EDU
Mon Jan 9 21:22:39 UTC 2012
What about restricting who can login to a given share? I have that
capabiity under Samba on Linux, as demonstrated below in the smb.conf
snippet.
Is anyone use CIFS/OI with an smb.conf file?
Martin
> Date: Tue, 3 Jan 2012 23:39:05 +0100
> From: Robin Axelsson <gu99roax at student.chalmers.se>
>
> I guess you have two ways to control user access to different shares,
> one is the Unix style and the other is through ACLs. From my experience
> the kernel-CIFS server has sometimes ignored the Unix/Posix permission
> bits that I set. For example even if I say "chmod 444" a file I can
> still delete the file over the network, I don't remember the specifics
> now but some things worked whereas other did not. But I think you can
> have different shares for different users by chowning the different file
> systems to different users.
>
> Then I started working with the ACL based permission bits and I was more
> successful with that (I never did anything serious with it, I just tried
> it out and saw that it works). To work with ACLs you need to use the
> /bin/ls, /bin/chmod etc and look at the man pages specifically for
> '/bin/ls' for more information on ACLs. My guess is that access control
> using ACLs is what you are looking for and it is a bit different from
> the way you administrate samba configurations, at least so I heard as
> I've never configured a samba server for outbound file sharing.
>
> Managing ACLs on Solaris/OpenSolaris have been reportedly a difficult
> thing to do and get around but maybe things have become easier in the
> development process of OpenIndiana. After all it has been quite a while
> since I looked into ACLs on OpenSolaris.
>
> NFS is beyond my knowledge but I assume that NFS is Linux/Unix only. As
> far as I know there is no support for NFS sharing (or client access
> thereto) on Windows systems. I know that there used to be a Unix for
> Windows package somewhere that Microsoft published (SFU3.5) but I think
> it is only for old 32-bit operating systems.
>
> Robin.
>
> On 2011-12-27 08:20, Martin Frost wrote:
> > We have Windows machines that need to access ZFS filesystems under
> > oi_148 that are also exported via NFS to Linux machines.
> >
> > I need to be able to specify which filesystems each Windows user can
> > see. Below is a sample of what I do on a Linux system to restrict
> > Samba access for a given share to certain users. Can this be done
> > under OI/CIFS?
> >
> > [fin]
> > comment = Fin
> > path = /home/fin
> > valid users = fin,user1,user2,user3
> > create mask = 0770
> > directory mask = 0770
> > force group = fin
> >
> > I'm hoping to use the in-kernel CIFS server, as I assume it provides
> > better performance, but I'm not clear about the configuration
> > differences between the Samba server and the in-kernel CIFS server
> > under OI.
> >
> > I ran:
> >
> > zfs create -o casesensitivity=mixed -o nbmand=on thepool/test1
> > zfs set sharenfs='rw=remotehostfqdn,root=remotehostfqdn thepool/test1
> > zfs set sharesmb=on thepool/test1
> >
> > and that made the test1 filesystem mountable via 'smb:/server/thepool'
> > from Finder on a Mac (so I assume it will work from Windows too).
> >
> > I noticed that the first time I set sharesmb on, /usr/lib/smbsrv/smbd
> > got started up. Is this the non-kernel Samba server??
> >
> > There is no smb.conf file. There is a /etc/samba/smb.conf-example,
> > but nothing like smb.conf shows up in 'strings /usr/lib/smbsrv/smbd'.
> > And 'man smbd' doesn't mention any configuration file. I do see a man
> > page for smb.conf' -- can I use an smb.conf file with the in-kernel
> > CIFS server? If so, would it live in /etc/samba?
> >
> >
> > I've added this to /etc/pam.conf so that users get Samba passwords:
> >
> > other password required pam_smb_passwd.so.1 nowarn
> >
> > Since the OI machine is only a fileserver, I don't want the users to
> > ssh into the machine, so unless there's a better way, I plan to lock
> > the Samba users' passwords in /etc/shadow.
> >
> > Thanks for your help.
> >
> > Martin
More information about the OpenIndiana-discuss
mailing list