forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CIFS/SMB3: Update documentation to reflect SMB3 and various changes
Signed-off-by: Steve French <[email protected]> Reviewed-by: Aurelien Aptel <[email protected]> Reviewed-by: Pavel Shilovsky <[email protected]>
- Loading branch information
Showing
4 changed files
with
91 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,14 @@ | ||
The CIFS VFS support for Linux supports many advanced network filesystem | ||
features such as hierarchical dfs like namespace, hardlinks, locking and more. | ||
This module supports the SMB3 family of advanced network protocols (as well | ||
as older dialects, originally called "CIFS" or SMB1). | ||
|
||
The CIFS VFS module for Linux supports many advanced network filesystem | ||
features such as hierarchical DFS like namespace, hardlinks, locking and more. | ||
It was designed to comply with the SNIA CIFS Technical Reference (which | ||
supersedes the 1992 X/Open SMB Standard) as well as to perform best practice | ||
practical interoperability with Windows 2000, Windows XP, Samba and equivalent | ||
servers. This code was developed in participation with the Protocol Freedom | ||
Information Foundation. | ||
Information Foundation. CIFS and now SMB3 has now become a defacto | ||
standard for interoperating between Macs and Windows and major NAS appliances. | ||
|
||
Please see | ||
http://protocolfreedom.org/ and | ||
|
@@ -15,30 +19,11 @@ for more details. | |
For questions or bug reports please contact: | ||
[email protected] ([email protected]) | ||
|
||
See the project page at: https://wiki.samba.org/index.php/LinuxCIFS_utils | ||
|
||
Build instructions: | ||
================== | ||
For Linux 2.4: | ||
1) Get the kernel source (e.g.from http://www.kernel.org) | ||
and download the cifs vfs source (see the project page | ||
at http://us1.samba.org/samba/Linux_CIFS_client.html) | ||
and change directory into the top of the kernel directory | ||
then patch the kernel (e.g. "patch -p1 < cifs_24.patch") | ||
to add the cifs vfs to your kernel configure options if | ||
it has not already been added (e.g. current SuSE and UL | ||
users do not need to apply the cifs_24.patch since the cifs vfs is | ||
already in the kernel configure menu) and then | ||
mkdir linux/fs/cifs and then copy the current cifs vfs files from | ||
the cifs download to your kernel build directory e.g. | ||
|
||
cp <cifs_download_dir>/fs/cifs/* to <kernel_download_dir>/fs/cifs | ||
|
||
2) make menuconfig (or make xconfig) | ||
3) select cifs from within the network filesystem choices | ||
4) save and exit | ||
5) make dep | ||
6) make modules (or "make" if CIFS VFS not to be built as a module) | ||
|
||
For Linux 2.6: | ||
For Linux: | ||
1) Download the kernel (e.g. from http://www.kernel.org) | ||
and change directory into the top of the kernel directory tree | ||
(e.g. /usr/src/linux-2.5.73) | ||
|
@@ -61,16 +46,13 @@ would simply type "make install"). | |
If you do not have the utility mount.cifs (in the Samba 3.0 source tree and on | ||
the CIFS VFS web site) copy it to the same directory in which mount.smbfs and | ||
similar files reside (usually /sbin). Although the helper software is not | ||
required, mount.cifs is recommended. Eventually the Samba 3.0 utility program | ||
"net" may also be helpful since it may someday provide easier mount syntax for | ||
users who are used to Windows e.g. | ||
net use <mount point> <UNC name or cifs URL> | ||
required, mount.cifs is recommended. Most distros include a "cifs-utils" | ||
package that includes this utility so it is recommended to install this. | ||
|
||
Note that running the Winbind pam/nss module (logon service) on all of your | ||
Linux clients is useful in mapping Uids and Gids consistently across the | ||
domain to the proper network user. The mount.cifs mount helper can be | ||
trivially built from Samba 3.0 or later source e.g. by executing: | ||
|
||
gcc samba/source/client/mount.cifs.c -o mount.cifs | ||
found at cifs-utils.git on git.samba.org | ||
|
||
If cifs is built as a module, then the size and number of network buffers | ||
and maximum number of simultaneous requests to one server can be configured. | ||
|
@@ -79,6 +61,18 @@ Changing these from their defaults is not recommended. By executing modinfo | |
on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made | ||
at module initialization time (by running insmod cifs.ko) can be seen. | ||
|
||
Recommendations | ||
=============== | ||
To improve security the SMB2.1 dialect or later (usually will get SMB3) is now | ||
the new default. To use old dialects (e.g. to mount Windows XP) use "vers=1.0" | ||
on mount (or vers=2.0 for Windows Vista). Note that the CIFS (vers=1.0) is | ||
much older and less secure than the default dialect SMB3 which includes | ||
many advanced security features such as downgrade attack detection | ||
and encrypted shares and stronger signing and authentication algorithms. | ||
There are additional mount options that may be helpful for SMB3 to get | ||
improved POSIX behavior (NB: can use vers=3.0 to force only SMB3, never 2.1): | ||
"mfsymlinks" and "cifsacl" and "idsfromsid" | ||
|
||
Allowing User Mounts | ||
==================== | ||
To permit users to mount and unmount over directories they own is possible | ||
|
@@ -98,9 +92,7 @@ and execution of suid programs on the remote target would be enabled | |
by default. This can be changed, as with nfs and other filesystems, | ||
by simply specifying "nosuid" among the mount options. For user mounts | ||
though to be able to pass the suid flag to mount requires rebuilding | ||
mount.cifs with the following flag: | ||
|
||
gcc samba/source/client/mount.cifs.c -DCIFS_ALLOW_USR_SUID -o mount.cifs | ||
mount.cifs with the following flag: CIFS_ALLOW_USR_SUID | ||
|
||
There is a corresponding manual page for cifs mounting in the Samba 3.0 and | ||
later source tree in docs/manpages/mount.cifs.8 | ||
|
@@ -189,18 +181,18 @@ applications running on the same server as Samba. | |
Use instructions: | ||
================ | ||
Once the CIFS VFS support is built into the kernel or installed as a module | ||
(cifs.o), you can use mount syntax like the following to access Samba or Windows | ||
servers: | ||
(cifs.ko), you can use mount syntax like the following to access Samba or | ||
Mac or Windows servers: | ||
|
||
mount -t cifs //9.53.216.11/e$ /mnt -o user=myname,pass=mypassword | ||
mount -t cifs //9.53.216.11/e$ /mnt -o username=myname,password=mypassword | ||
|
||
Before -o the option -v may be specified to make the mount.cifs | ||
mount helper display the mount steps more verbosely. | ||
After -o the following commonly used cifs vfs specific options | ||
are supported: | ||
|
||
user=<username> | ||
pass=<password> | ||
username=<username> | ||
password=<password> | ||
domain=<domain name> | ||
|
||
Other cifs mount options are described below. Use of TCP names (in addition to | ||
|
@@ -246,13 +238,16 @@ the Server's registry. Samba starting with version 3.10 will allow such | |
filenames (ie those which contain valid Linux characters, which normally | ||
would be forbidden for Windows/CIFS semantics) as long as the server is | ||
configured for Unix Extensions (and the client has not disabled | ||
/proc/fs/cifs/LinuxExtensionsEnabled). | ||
|
||
/proc/fs/cifs/LinuxExtensionsEnabled). In addition the mount option | ||
"mapposix" can be used on CIFS (vers=1.0) to force the mapping of | ||
illegal Windows/NTFS/SMB characters to a remap range (this mount parm | ||
is the default for SMB3). This remap ("mapposix") range is also | ||
compatible with Mac (and "Services for Mac" on some older Windows). | ||
|
||
CIFS VFS Mount Options | ||
====================== | ||
A partial list of the supported mount options follows: | ||
user The user name to use when trying to establish | ||
username The user name to use when trying to establish | ||
the CIFS session. | ||
password The user password. If the mount helper is | ||
installed, the user will be prompted for password | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters