tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
docs: fs: cifs: convert to ReST and add to admin-guide book
The filenames for cifs documentation is not using the same
convention as almost all Kernel documents is using. So,
rename them to a more appropriate name. Then, manually convert
the documentation files for CIFS to ReST.
By doing a manual conversion, we can preserve the original
author's style, while making it to look more like the other
Kernel documents.
Most of the conversion here is trivial. The most complex one was
the README file (which was renamed to usage.rst).
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
authored by
Mauro Carvalho Chehab
and committed by
Jonathan Corbet
f139291c
9cdd273e
+460
-287
+21
Documentation/admin-guide/cifs/index.rst
+21
Documentation/admin-guide/cifs/index.rst
+1
Documentation/admin-guide/index.rst
+1
Documentation/admin-guide/index.rst
+4
Documentation/filesystems/cifs/CHANGES
Documentation/admin-guide/cifs/changes.rst
+4
Documentation/filesystems/cifs/CHANGES
Documentation/admin-guide/cifs/changes.rst
+343
-217
Documentation/filesystems/cifs/README
Documentation/admin-guide/cifs/usage.rst
+343
-217
Documentation/filesystems/cifs/README
Documentation/admin-guide/cifs/usage.rst
···
1
+
=====
2
+
Usage
3
+
=====
4
+
1
5
This module supports the SMB3 family of advanced network protocols (as well
2
6
as older dialects, originally called "CIFS" or SMB1).
3
7
4
8
The CIFS VFS module for Linux supports many advanced network filesystem
5
9
features such as hierarchical DFS like namespace, hardlinks, locking and more.
6
-
It was designed to comply with the SNIA CIFS Technical Reference (which
7
-
supersedes the 1992 X/Open SMB Standard) as well as to perform best practice
8
-
practical interoperability with Windows 2000, Windows XP, Samba and equivalent
10
+
It was designed to comply with the SNIA CIFS Technical Reference (which
11
+
supersedes the 1992 X/Open SMB Standard) as well as to perform best practice
12
+
practical interoperability with Windows 2000, Windows XP, Samba and equivalent
9
13
servers. This code was developed in participation with the Protocol Freedom
10
14
Information Foundation. CIFS and now SMB3 has now become a defacto
11
15
standard for interoperating between Macs and Windows and major NAS appliances.
12
16
13
17
Please see
14
-
MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
15
-
http://protocolfreedom.org/ and
16
-
http://samba.org/samba/PFIF/
18
+
MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification)
19
+
http://protocolfreedom.org/ and
20
+
http://samba.org/samba/PFIF/
17
21
for more details.
18
22
19
23
20
24
For questions or bug reports please contact:
25
+
21
26
smfrench@gmail.com
22
27
23
28
See the project page at: https://wiki.samba.org/index.php/LinuxCIFS_utils
24
29
25
-
Build instructions:
30
+
Build instructions
26
31
==================
32
+
27
33
For Linux:
34
+
28
35
1) Download the kernel (e.g. from http://www.kernel.org)
29
-
and change directory into the top of the kernel directory tree
30
-
(e.g. /usr/src/linux-2.5.73)
36
+
and change directory into the top of the kernel directory tree
37
+
(e.g. /usr/src/linux-2.5.73)
31
38
2) make menuconfig (or make xconfig)
32
39
3) select cifs from within the network filesystem choices
33
40
4) save and exit
34
41
5) make
35
42
36
43
37
-
Installation instructions:
44
+
Installation instructions
38
45
=========================
46
+
39
47
If you have built the CIFS vfs as module (successfully) simply
40
-
type "make modules_install" (or if you prefer, manually copy the file to
48
+
type ``make modules_install`` (or if you prefer, manually copy the file to
41
49
the modules directory e.g. /lib/modules/2.4.10-4GB/kernel/fs/cifs/cifs.ko).
42
50
43
51
If you have built the CIFS vfs into the kernel itself, follow the instructions
44
52
for your distribution on how to install a new kernel (usually you
45
-
would simply type "make install").
53
+
would simply type ``make install``).
46
54
47
55
If you do not have the utility mount.cifs (in the Samba 4.x source tree and on
48
56
the CIFS VFS web site) copy it to the same directory in which mount helpers
49
57
reside (usually /sbin). Although the helper software is not
50
-
required, mount.cifs is recommended. Most distros include a "cifs-utils"
58
+
required, mount.cifs is recommended. Most distros include a ``cifs-utils``
51
59
package that includes this utility so it is recommended to install this.
52
60
53
61
Note that running the Winbind pam/nss module (logon service) on all of your
···
65
57
66
58
If cifs is built as a module, then the size and number of network buffers
67
59
and maximum number of simultaneous requests to one server can be configured.
68
-
Changing these from their defaults is not recommended. By executing modinfo
60
+
Changing these from their defaults is not recommended. By executing modinfo::
61
+
69
62
modinfo kernel/fs/cifs/cifs.ko
63
+
70
64
on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made
71
65
at module initialization time (by running insmod cifs.ko) can be seen.
72
66
73
67
Recommendations
74
68
===============
69
+
75
70
To improve security the SMB2.1 dialect or later (usually will get SMB3) is now
76
71
the new default. To use old dialects (e.g. to mount Windows XP) use "vers=1.0"
77
72
on mount (or vers=2.0 for Windows Vista). Note that the CIFS (vers=1.0) is
···
83
72
and encrypted shares and stronger signing and authentication algorithms.
84
73
There are additional mount options that may be helpful for SMB3 to get
85
74
improved POSIX behavior (NB: can use vers=3.0 to force only SMB3, never 2.1):
86
-
"mfsymlinks" and "cifsacl" and "idsfromsid"
75
+
76
+
``mfsymlinks`` and ``cifsacl`` and ``idsfromsid``
87
77
88
78
Allowing User Mounts
89
79
====================
80
+
90
81
To permit users to mount and unmount over directories they own is possible
91
82
with the cifs vfs. A way to enable such mounting is to mark the mount.cifs
92
-
utility as suid (e.g. "chmod +s /sbin/mount.cifs). To enable users to
83
+
utility as suid (e.g. ``chmod +s /sbin/mount.cifs``). To enable users to
93
84
umount shares they mount requires
85
+
94
86
1) mount.cifs version 1.4 or later
95
87
2) an entry for the share in /etc/fstab indicating that a user may
96
-
unmount it e.g.
97
-
//server/usersharename /mnt/username cifs user 0 0
88
+
unmount it e.g.::
98
89
99
-
Note that when the mount.cifs utility is run suid (allowing user mounts),
100
-
in order to reduce risks, the "nosuid" mount flag is passed in on mount to
90
+
//server/usersharename /mnt/username cifs user 0 0
91
+
92
+
Note that when the mount.cifs utility is run suid (allowing user mounts),
93
+
in order to reduce risks, the ``nosuid`` mount flag is passed in on mount to
101
94
disallow execution of an suid program mounted on the remote target.
102
95
When mount is executed as root, nosuid is not passed in by default,
103
96
and execution of suid programs on the remote target would be enabled
104
-
by default. This can be changed, as with nfs and other filesystems,
105
-
by simply specifying "nosuid" among the mount options. For user mounts
106
-
though to be able to pass the suid flag to mount requires rebuilding
97
+
by default. This can be changed, as with nfs and other filesystems,
98
+
by simply specifying ``nosuid`` among the mount options. For user mounts
99
+
though to be able to pass the suid flag to mount requires rebuilding
107
100
mount.cifs with the following flag: CIFS_ALLOW_USR_SUID
108
101
109
102
There is a corresponding manual page for cifs mounting in the Samba 3.0 and
110
-
later source tree in docs/manpages/mount.cifs.8
103
+
later source tree in docs/manpages/mount.cifs.8
111
104
112
105
Allowing User Unmounts
113
106
======================
107
+
114
108
To permit users to ummount directories that they have user mounted (see above),
115
-
the utility umount.cifs may be used. It may be invoked directly, or if
109
+
the utility umount.cifs may be used. It may be invoked directly, or if
116
110
umount.cifs is placed in /sbin, umount can invoke the cifs umount helper
117
111
(at least for most versions of the umount utility) for umount of cifs
118
112
mounts, unless umount is invoked with -i (which will avoid invoking a umount
119
113
helper). As with mount.cifs, to enable user unmounts umount.cifs must be marked
120
-
as suid (e.g. "chmod +s /sbin/umount.cifs") or equivalent (some distributions
114
+
as suid (e.g. ``chmod +s /sbin/umount.cifs``) or equivalent (some distributions
121
115
allow adding entries to a file to the /etc/permissions file to achieve the
122
116
equivalent suid effect). For this utility to succeed the target path
123
117
must be a cifs mount, and the uid of the current user must match the uid
124
118
of the user who mounted the resource.
125
119
126
-
Also note that the customary way of allowing user mounts and unmounts is
120
+
Also note that the customary way of allowing user mounts and unmounts is
127
121
(instead of using mount.cifs and unmount.cifs as suid) to add a line
128
122
to the file /etc/fstab for each //server/share you wish to mount, but
129
123
this can become unwieldy when potential mount targets include many
130
124
or unpredictable UNC names.
131
125
132
-
Samba Considerations
126
+
Samba Considerations
133
127
====================
128
+
134
129
Most current servers support SMB2.1 and SMB3 which are more secure,
135
130
but there are useful protocol extensions for the older less secure CIFS
136
131
dialect, so to get the maximum benefit if mounting using the older dialect
137
132
(CIFS/SMB1), we recommend using a server that supports the SNIA CIFS
138
133
Unix Extensions standard (e.g. almost any version of Samba ie version
139
134
2.2.5 or later) but the CIFS vfs works fine with a wide variety of CIFS servers.
140
-
Note that uid, gid and file permissions will display default values if you do
141
-
not have a server that supports the Unix extensions for CIFS (such as Samba
142
-
2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add
143
-
the line:
135
+
Note that uid, gid and file permissions will display default values if you do
136
+
not have a server that supports the Unix extensions for CIFS (such as Samba
137
+
2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add
138
+
the line::
144
139
145
140
unix extensions = yes
146
-
147
-
to your smb.conf file on the server. Note that the following smb.conf settings
148
-
are also useful (on the Samba server) when the majority of clients are Unix or
149
-
Linux:
141
+
142
+
to your smb.conf file on the server. Note that the following smb.conf settings
143
+
are also useful (on the Samba server) when the majority of clients are Unix or
144
+
Linux::
150
145
151
146
case sensitive = yes
152
-
delete readonly = yes
147
+
delete readonly = yes
153
148
ea support = yes
154
149
155
150
Note that server ea support is required for supporting xattrs from the Linux
156
-
cifs client, and that EA support is present in later versions of Samba (e.g.
151
+
cifs client, and that EA support is present in later versions of Samba (e.g.
157
152
3.0.6 and later (also EA support works in all versions of Windows, at least to
158
153
shares on NTFS filesystems). Extended Attribute (xattr) support is an optional
159
154
feature of most Linux filesystems which may require enabling via
160
155
make menuconfig. Client support for extended attributes (user xattr) can be
161
-
disabled on a per-mount basis by specifying "nouser_xattr" on mount.
156
+
disabled on a per-mount basis by specifying ``nouser_xattr`` on mount.
162
157
163
158
The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers
164
-
version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and
159
+
version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and
165
160
then POSIX support in the CIFS configuration options when building the cifs
166
161
module. POSIX ACL support can be disabled on a per mount basic by specifying
167
-
"noacl" on mount.
168
-
169
-
Some administrators may want to change Samba's smb.conf "map archive" and
170
-
"create mask" parameters from the default. Unless the create mask is changed
162
+
``noacl`` on mount.
163
+
164
+
Some administrators may want to change Samba's smb.conf ``map archive`` and
165
+
``create mask`` parameters from the default. Unless the create mask is changed
171
166
newly created files can end up with an unnecessarily restrictive default mode,
172
167
which may not be what you want, although if the CIFS Unix extensions are
173
168
enabled on the server and client, subsequent setattr calls (e.g. chmod) can
174
-
fix the mode. Note that creating special devices (mknod) remotely
175
-
may require specifying a mkdev function to Samba if you are not using
169
+
fix the mode. Note that creating special devices (mknod) remotely
170
+
may require specifying a mkdev function to Samba if you are not using
176
171
Samba 3.0.6 or later. For more information on these see the manual pages
177
-
("man smb.conf") on the Samba server system. Note that the cifs vfs,
178
-
unlike the smbfs vfs, does not read the smb.conf on the client system
179
-
(the few optional settings are passed in on mount via -o parameters instead).
172
+
(``man smb.conf``) on the Samba server system. Note that the cifs vfs,
173
+
unlike the smbfs vfs, does not read the smb.conf on the client system
174
+
(the few optional settings are passed in on mount via -o parameters instead).
180
175
Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete
181
-
open files (required for strict POSIX compliance). Windows Servers already
176
+
open files (required for strict POSIX compliance). Windows Servers already
182
177
supported this feature. Samba server does not allow symlinks that refer to files
183
178
outside of the share, so in Samba versions prior to 3.0.6, most symlinks to
184
-
files with absolute paths (ie beginning with slash) such as:
179
+
files with absolute paths (ie beginning with slash) such as::
180
+
185
181
ln -s /mnt/foo bar
186
-
would be forbidden. Samba 3.0.6 server or later includes the ability to create
187
-
such symlinks safely by converting unsafe symlinks (ie symlinks to server
182
+
183
+
would be forbidden. Samba 3.0.6 server or later includes the ability to create
184
+
such symlinks safely by converting unsafe symlinks (ie symlinks to server
188
185
files that are outside of the share) to a samba specific format on the server
189
186
that is ignored by local server applications and non-cifs clients and that will
190
187
not be traversed by the Samba server). This is opaque to the Linux client
191
188
application using the cifs vfs. Absolute symlinks will work to Samba 3.0.5 or
192
189
later, but only for remote clients using the CIFS Unix extensions, and will
193
190
be invisbile to Windows clients and typically will not affect local
194
-
applications running on the same server as Samba.
191
+
applications running on the same server as Samba.
195
192
196
-
Use instructions:
193
+
Use instructions
197
194
================
198
-
Once the CIFS VFS support is built into the kernel or installed as a module
195
+
196
+
Once the CIFS VFS support is built into the kernel or installed as a module
199
197
(cifs.ko), you can use mount syntax like the following to access Samba or
200
-
Mac or Windows servers:
198
+
Mac or Windows servers::
201
199
202
200
mount -t cifs //9.53.216.11/e$ /mnt -o username=myname,password=mypassword
203
201
204
202
Before -o the option -v may be specified to make the mount.cifs
205
-
mount helper display the mount steps more verbosely.
203
+
mount helper display the mount steps more verbosely.
206
204
After -o the following commonly used cifs vfs specific options
207
-
are supported:
205
+
are supported::
208
206
209
207
username=<username>
210
208
password=<password>
211
209
domain=<domain name>
212
-
210
+
213
211
Other cifs mount options are described below. Use of TCP names (in addition to
214
212
ip addresses) is available if the mount helper (mount.cifs) is installed. If
215
213
you do not trust the server to which are mounted, or if you do not have
216
214
cifs signing enabled (and the physical network is insecure), consider use
217
-
of the standard mount options "noexec" and "nosuid" to reduce the risk of
215
+
of the standard mount options ``noexec`` and ``nosuid`` to reduce the risk of
218
216
running an altered binary on your local system (downloaded from a hostile server
219
217
or altered by a hostile router).
220
218
221
219
Although mounting using format corresponding to the CIFS URL specification is
222
220
not possible in mount.cifs yet, it is possible to use an alternate format
223
221
for the server and sharename (which is somewhat similar to NFS style mount
224
-
syntax) instead of the more widely used UNC format (i.e. \\server\share):
222
+
syntax) instead of the more widely used UNC format (i.e. \\server\share)::
223
+
225
224
mount -t cifs tcp_name_of_server:share_name /mnt -o user=myname,pass=mypasswd
226
225
227
226
When using the mount helper mount.cifs, passwords may be specified via alternate
228
-
mechanisms, instead of specifying it after -o using the normal "pass=" syntax
227
+
mechanisms, instead of specifying it after -o using the normal ``pass=`` syntax
229
228
on the command line:
230
229
1) By including it in a credential file. Specify credentials=filename as one
231
-
of the mount options. Credential files contain two lines
232
-
username=someuser
233
-
password=your_password
230
+
of the mount options. Credential files contain two lines::
231
+
232
+
username=someuser
233
+
password=your_password
234
+
234
235
2) By specifying the password in the PASSWD environment variable (similarly
235
-
the user name can be taken from the USER environment variable).
236
+
the user name can be taken from the USER environment variable).
236
237
3) By specifying the password in a file by name via PASSWD_FILE
237
238
4) By specifying the password in a file by file descriptor via PASSWD_FD
238
239
···
252
229
253
230
Restrictions
254
231
============
255
-
Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC
256
-
1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a
232
+
233
+
Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC
234
+
1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a
257
235
problem as most servers support this.
258
236
259
237
Valid filenames differ between Windows and Linux. Windows typically restricts
260
-
filenames which contain certain reserved characters (e.g.the character :
238
+
filenames which contain certain reserved characters (e.g.the character :
261
239
which is used to delimit the beginning of a stream name by Windows), while
262
240
Linux allows a slightly wider set of valid characters in filenames. Windows
263
241
servers can remap such characters when an explicit mapping is specified in
264
-
the Server's registry. Samba starting with version 3.10 will allow such
242
+
the Server's registry. Samba starting with version 3.10 will allow such
265
243
filenames (ie those which contain valid Linux characters, which normally
266
244
would be forbidden for Windows/CIFS semantics) as long as the server is
267
245
configured for Unix Extensions (and the client has not disabled
268
246
/proc/fs/cifs/LinuxExtensionsEnabled). In addition the mount option
269
-
"mapposix" can be used on CIFS (vers=1.0) to force the mapping of
247
+
``mapposix`` can be used on CIFS (vers=1.0) to force the mapping of
270
248
illegal Windows/NTFS/SMB characters to a remap range (this mount parm
271
-
is the default for SMB3). This remap ("mapposix") range is also
249
+
is the default for SMB3). This remap (``mapposix``) range is also
272
250
compatible with Mac (and "Services for Mac" on some older Windows).
273
251
274
252
CIFS VFS Mount Options
275
253
======================
276
254
A partial list of the supported mount options follows:
277
-
username The user name to use when trying to establish
255
+
256
+
username
257
+
The user name to use when trying to establish
278
258
the CIFS session.
279
-
password The user password. If the mount helper is
259
+
password
260
+
The user password. If the mount helper is
280
261
installed, the user will be prompted for password
281
262
if not supplied.
282
-
ip The ip address of the target server
283
-
unc The target server Universal Network Name (export) to
284
-
mount.
285
-
domain Set the SMB/CIFS workgroup name prepended to the
263
+
ip
264
+
The ip address of the target server
265
+
unc
266
+
The target server Universal Network Name (export) to
267
+
mount.
268
+
domain
269
+
Set the SMB/CIFS workgroup name prepended to the
286
270
username during CIFS session establishment
287
-
forceuid Set the default uid for inodes to the uid
271
+
forceuid
272
+
Set the default uid for inodes to the uid
288
273
passed in on mount. For mounts to servers
289
274
which do support the CIFS Unix extensions, such as a
290
275
properly configured Samba server, the server provides
···
307
276
extensions, the default uid (and gid) returned on lookup
308
277
of existing files will be the uid (gid) of the person
309
278
who executed the mount (root, except when mount.cifs
310
-
is configured setuid for user mounts) unless the "uid="
279
+
is configured setuid for user mounts) unless the ``uid=``
311
280
(gid) mount option is specified. Also note that permission
312
281
checks (authorization checks) on accesses to a file occur
313
282
at the server, but there are cases in which an administrator
314
283
may want to restrict at the client as well. For those
315
284
servers which do not report a uid/gid owner
316
285
(such as Windows), permissions can also be checked at the
317
-
client, and a crude form of client side permission checking
318
-
can be enabled by specifying file_mode and dir_mode on
286
+
client, and a crude form of client side permission checking
287
+
can be enabled by specifying file_mode and dir_mode on
319
288
the client. (default)
320
-
forcegid (similar to above but for the groupid instead of uid) (default)
321
-
noforceuid Fill in file owner information (uid) by requesting it from
289
+
forcegid
290
+
(similar to above but for the groupid instead of uid) (default)
291
+
noforceuid
292
+
Fill in file owner information (uid) by requesting it from
322
293
the server if possible. With this option, the value given in
323
294
the uid= option (on mount) will only be used if the server
324
295
can not support returning uids on inodes.
325
-
noforcegid (similar to above but for the group owner, gid, instead of uid)
326
-
uid Set the default uid for inodes, and indicate to the
296
+
noforcegid
297
+
(similar to above but for the group owner, gid, instead of uid)
298
+
uid
299
+
Set the default uid for inodes, and indicate to the
327
300
cifs kernel driver which local user mounted. If the server
328
301
supports the unix extensions the default uid is
329
302
not used to fill in the owner fields of inodes (files)
330
-
unless the "forceuid" parameter is specified.
331
-
gid Set the default gid for inodes (similar to above).
332
-
file_mode If CIFS Unix extensions are not supported by the server
303
+
unless the ``forceuid`` parameter is specified.
304
+
gid
305
+
Set the default gid for inodes (similar to above).
306
+
file_mode
307
+
If CIFS Unix extensions are not supported by the server
333
308
this overrides the default mode for file inodes.
334
-
fsc Enable local disk caching using FS-Cache (off by default). This
335
-
option could be useful to improve performance on a slow link,
309
+
fsc
310
+
Enable local disk caching using FS-Cache (off by default). This
311
+
option could be useful to improve performance on a slow link,
336
312
heavily loaded server and/or network where reading from the
337
313
disk is faster than reading from the server (over the network).
338
314
This could also impact scalability positively as the
···
348
310
type workloads. So, you need to consider carefully your
349
311
workload/scenario before using this option. Currently, local
350
312
disk caching is functional for CIFS files opened as read-only.
351
-
dir_mode If CIFS Unix extensions are not supported by the server
313
+
dir_mode
314
+
If CIFS Unix extensions are not supported by the server
352
315
this overrides the default mode for directory inodes.
353
-
port attempt to contact the server on this tcp port, before
316
+
port
317
+
attempt to contact the server on this tcp port, before
354
318
trying the usual ports (port 445, then 139).
355
-
iocharset Codepage used to convert local path names to and from
319
+
iocharset
320
+
Codepage used to convert local path names to and from
356
321
Unicode. Unicode is used by default for network path
357
322
names if the server supports it. If iocharset is
358
323
not specified then the nls_default specified
359
324
during the local client kernel build will be used.
360
325
If server does not support Unicode, this parameter is
361
326
unused.
362
-
rsize default read size (usually 16K). The client currently
327
+
rsize
328
+
default read size (usually 16K). The client currently
363
329
can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize
364
330
defaults to 16K and may be changed (from 8K to the maximum
365
331
kmalloc size allowed by your kernel) at module install time
···
375
333
newer servers (e.g. Samba 3.0.26 or later) do. rsize can be
376
334
set from a minimum of 2048 to a maximum of 130048 (127K or
377
335
CIFSMaxBufSize, whichever is smaller)
378
-
wsize default write size (default 57344)
336
+
wsize
337
+
default write size (default 57344)
379
338
maximum wsize currently allowed by CIFS is 57344 (fourteen
380
339
4096 byte pages)
381
-
actimeo=n attribute cache timeout in seconds (default 1 second).
340
+
actimeo=n
341
+
attribute cache timeout in seconds (default 1 second).
382
342
After this timeout, the cifs client requests fresh attribute
383
343
information from the server. This option allows to tune the
384
344
attribute cache timeout to suit the workload needs. Shorter
···
389
345
of calls to the server at the expense of less stricter cache
390
346
coherency checks (i.e. incorrect attribute cache for a short
391
347
period of time).
392
-
rw mount the network share read-write (note that the
348
+
rw
349
+
mount the network share read-write (note that the
393
350
server may still consider the share read-only)
394
-
ro mount network share read-only
395
-
version used to distinguish different versions of the
351
+
ro
352
+
mount network share read-only
353
+
version
354
+
used to distinguish different versions of the
396
355
mount helper utility (not typically needed)
397
-
sep if first mount option (after the -o), overrides
356
+
sep
357
+
if first mount option (after the -o), overrides
398
358
the comma as the separator between the mount
399
-
parms. e.g.
359
+
parms. e.g.::
360
+
400
361
-o user=myname,password=mypassword,domain=mydom
401
-
could be passed instead with period as the separator by
362
+
363
+
could be passed instead with period as the separator by::
364
+
402
365
-o sep=.user=myname.password=mypassword.domain=mydom
366
+
403
367
this might be useful when comma is contained within username
404
368
or password or domain. This option is less important
405
369
when the cifs mount helper cifs.mount (version 1.1 or later)
406
370
is used.
407
-
nosuid Do not allow remote executables with the suid bit
371
+
nosuid
372
+
Do not allow remote executables with the suid bit
408
373
program to be executed. This is only meaningful for mounts
409
374
to servers such as Samba which support the CIFS Unix Extensions.
410
375
If you do not trust the servers in your network (your mount
411
376
targets) it is recommended that you specify this option for
412
377
greater security.
413
-
exec Permit execution of binaries on the mount.
414
-
noexec Do not permit execution of binaries on the mount.
415
-
dev Recognize block devices on the remote mount.
416
-
nodev Do not recognize devices on the remote mount.
417
-
suid Allow remote files on this mountpoint with suid enabled to
378
+
exec
379
+
Permit execution of binaries on the mount.
380
+
noexec
381
+
Do not permit execution of binaries on the mount.
382
+
dev
383
+
Recognize block devices on the remote mount.
384
+
nodev
385
+
Do not recognize devices on the remote mount.
386
+
suid
387
+
Allow remote files on this mountpoint with suid enabled to
418
388
be executed (default for mounts when executed as root,
419
389
nosuid is default for user mounts).
420
-
credentials Although ignored by the cifs kernel component, it is used by
390
+
credentials
391
+
Although ignored by the cifs kernel component, it is used by
421
392
the mount helper, mount.cifs. When mount.cifs is installed it
422
-
opens and reads the credential file specified in order
393
+
opens and reads the credential file specified in order
423
394
to obtain the userid and password arguments which are passed to
424
395
the cifs vfs.
425
-
guest Although ignored by the kernel component, the mount.cifs
396
+
guest
397
+
Although ignored by the kernel component, the mount.cifs
426
398
mount helper will not prompt the user for a password
427
399
if guest is specified on the mount options. If no
428
400
password is specified a null password will be used.
429
-
perm Client does permission checks (vfs_permission check of uid
401
+
perm
402
+
Client does permission checks (vfs_permission check of uid
430
403
and gid of the file against the mode and desired operation),
431
404
Note that this is in addition to the normal ACL check on the
432
-
target machine done by the server software.
405
+
target machine done by the server software.
433
406
Client permission checking is enabled by default.
434
-
noperm Client does not do permission checks. This can expose
407
+
noperm
408
+
Client does not do permission checks. This can expose
435
409
files on this mount to access by other users on the local
436
410
client system. It is typically only needed when the server
437
411
supports the CIFS Unix Extensions but the UIDs/GIDs on the
···
461
399
Note that this does not affect the normal ACL check on the
462
400
target machine done by the server software (of the server
463
401
ACL against the user name provided at mount time).
464
-
serverino Use server's inode numbers instead of generating automatically
402
+
serverino
403
+
Use server's inode numbers instead of generating automatically
465
404
incrementing inode numbers on the client. Although this will
466
405
make it easier to spot hardlinked files (as they will have
467
406
the same inode numbers) and inode numbers may be persistent,
···
475
412
or the CIFS Unix Extensions equivalent and for those
476
413
this mount option will have no effect. Exporting cifs mounts
477
414
under nfsd requires this mount option on the cifs mount.
478
-
This is now the default if server supports the
415
+
This is now the default if server supports the
479
416
required network operation.
480
-
noserverino Client generates inode numbers (rather than using the actual one
417
+
noserverino
418
+
Client generates inode numbers (rather than using the actual one
481
419
from the server). These inode numbers will vary after
482
420
unmount or reboot which can confuse some applications,
483
421
but not all server filesystems support unique inode
484
422
numbers.
485
-
setuids If the CIFS Unix extensions are negotiated with the server
423
+
setuids
424
+
If the CIFS Unix extensions are negotiated with the server
486
425
the client will attempt to set the effective uid and gid of
487
426
the local process on newly created files, directories, and
488
427
devices (create, mkdir, mknod). If the CIFS Unix Extensions
···
492
427
instead of using the default uid and gid specified on
493
428
the mount, cache the new file's uid and gid locally which means
494
429
that the uid for the file can change when the inode is
495
-
reloaded (or the user remounts the share).
496
-
nosetuids The client will not attempt to set the uid and gid on
497
-
on newly created files, directories, and devices (create,
430
+
reloaded (or the user remounts the share).
431
+
nosetuids
432
+
The client will not attempt to set the uid and gid on
433
+
on newly created files, directories, and devices (create,
498
434
mkdir, mknod) which will result in the server setting the
499
435
uid and gid to the default (usually the server uid of the
500
436
user who mounted the share). Letting the server (rather than
···
503
437
Unix Extensions are not negotiated then the uid and gid for
504
438
new files will appear to be the uid (gid) of the mounter or the
505
439
uid (gid) parameter specified on the mount.
506
-
netbiosname When mounting to servers via port 139, specifies the RFC1001
507
-
source name to use to represent the client netbios machine
440
+
netbiosname
441
+
When mounting to servers via port 139, specifies the RFC1001
442
+
source name to use to represent the client netbios machine
508
443
name when doing the RFC1001 netbios session initialize.
509
-
direct Do not do inode data caching on files opened on this mount.
444
+
direct
445
+
Do not do inode data caching on files opened on this mount.
510
446
This precludes mmapping files on this mount. In some cases
511
447
with fast networks and little or no caching benefits on the
512
448
client (e.g. when the application is doing large sequential
513
-
reads bigger than page size without rereading the same data)
449
+
reads bigger than page size without rereading the same data)
514
450
this can provide better performance than the default
515
-
behavior which caches reads (readahead) and writes
516
-
(writebehind) through the local Linux client pagecache
451
+
behavior which caches reads (readahead) and writes
452
+
(writebehind) through the local Linux client pagecache
517
453
if oplock (caching token) is granted and held. Note that
518
454
direct allows write operations larger than page size
519
455
to be sent to the server.
520
-
strictcache Use for switching on strict cache mode. In this mode the
456
+
strictcache
457
+
Use for switching on strict cache mode. In this mode the
521
458
client read from the cache all the time it has Oplock Level II,
522
459
otherwise - read from the server. All written data are stored
523
460
in the cache, but if the client doesn't have Exclusive Oplock,
524
461
it writes the data to the server.
525
-
rwpidforward Forward pid of a process who opened a file to any read or write
462
+
rwpidforward
463
+
Forward pid of a process who opened a file to any read or write
526
464
operation on that file. This prevent applications like WINE
527
465
from failing on read and write if we use mandatory brlock style.
528
-
acl Allow setfacl and getfacl to manage posix ACLs if server
466
+
acl
467
+
Allow setfacl and getfacl to manage posix ACLs if server
529
468
supports them. (default)
530
-
noacl Do not allow setfacl and getfacl calls on this mount
531
-
user_xattr Allow getting and setting user xattrs (those attributes whose
532
-
name begins with "user." or "os2.") as OS/2 EAs (extended
469
+
noacl
470
+
Do not allow setfacl and getfacl calls on this mount
471
+
user_xattr
472
+
Allow getting and setting user xattrs (those attributes whose
473
+
name begins with ``user.`` or ``os2.``) as OS/2 EAs (extended
533
474
attributes) to the server. This allows support of the
534
475
setfattr and getfattr utilities. (default)
535
-
nouser_xattr Do not allow getfattr/setfattr to get/set/list xattrs
536
-
mapchars Translate six of the seven reserved characters (not backslash)
476
+
nouser_xattr
477
+
Do not allow getfattr/setfattr to get/set/list xattrs
478
+
mapchars
479
+
Translate six of the seven reserved characters (not backslash)::
480
+
537
481
*?<>|:
482
+
538
483
to the remap range (above 0xF000), which also
539
484
allows the CIFS client to recognize files created with
540
485
such characters by Windows's POSIX emulation. This can
···
554
477
whose names contain any of these seven characters).
555
478
This has no effect if the server does not support
556
479
Unicode on the wire.
557
-
nomapchars Do not translate any of these seven characters (default).
558
-
nocase Request case insensitive path name matching (case
480
+
nomapchars
481
+
Do not translate any of these seven characters (default).
482
+
nocase
483
+
Request case insensitive path name matching (case
559
484
sensitive is the default if the server supports it).
560
-
(mount option "ignorecase" is identical to "nocase")
561
-
posixpaths If CIFS Unix extensions are supported, attempt to
485
+
(mount option ``ignorecase`` is identical to ``nocase``)
486
+
posixpaths
487
+
If CIFS Unix extensions are supported, attempt to
562
488
negotiate posix path name support which allows certain
563
489
characters forbidden in typical CIFS filenames, without
564
490
requiring remapping. (default)
565
-
noposixpaths If CIFS Unix extensions are supported, do not request
491
+
noposixpaths
492
+
If CIFS Unix extensions are supported, do not request
566
493
posix path name support (this may cause servers to
567
494
reject creatingfile with certain reserved characters).
568
-
nounix Disable the CIFS Unix Extensions for this mount (tree
495
+
nounix
496
+
Disable the CIFS Unix Extensions for this mount (tree
569
497
connection). This is rarely needed, but it may be useful
570
498
in order to turn off multiple settings all at once (ie
571
499
posix acls, posix locks, posix paths, symlink support
572
500
and retrieving uids/gids/mode from the server) or to
573
501
work around a bug in server which implement the Unix
574
502
Extensions.
575
-
nobrl Do not send byte range lock requests to the server.
503
+
nobrl
504
+
Do not send byte range lock requests to the server.
576
505
This is necessary for certain applications that break
577
506
with cifs style mandatory byte range locks (and most
578
507
cifs servers do not yet support requesting advisory
579
508
byte range locks).
580
-
forcemandatorylock Even if the server supports posix (advisory) byte range
509
+
forcemandatorylock
510
+
Even if the server supports posix (advisory) byte range
581
511
locking, send only mandatory lock requests. For some
582
512
(presumably rare) applications, originally coded for
583
513
DOS/Windows, which require Windows style mandatory byte range
584
514
locking, they may be able to take advantage of this option,
585
515
forcing the cifs client to only send mandatory locks
586
516
even if the cifs server would support posix advisory locks.
587
-
"forcemand" is accepted as a shorter form of this mount
517
+
``forcemand`` is accepted as a shorter form of this mount
588
518
option.
589
-
nostrictsync If this mount option is set, when an application does an
519
+
nostrictsync
520
+
If this mount option is set, when an application does an
590
521
fsync call then the cifs client does not send an SMB Flush
591
522
to the server (to force the server to write all dirty data
592
523
for this file immediately to disk), although cifs still sends
···
607
522
crash. If this mount option is not set, by default cifs will
608
523
send an SMB flush request (and wait for a response) on every
609
524
fsync call.
610
-
nodfs Disable DFS (global name space support) even if the
525
+
nodfs
526
+
Disable DFS (global name space support) even if the
611
527
server claims to support it. This can help work around
612
528
a problem with parsing of DFS paths with Samba server
613
529
versions 3.0.24 and 3.0.25.
614
-
remount remount the share (often used to change from ro to rw mounts
615
-
or vice versa)
616
-
cifsacl Report mode bits (e.g. on stat) based on the Windows ACL for
617
-
the file. (EXPERIMENTAL)
618
-
servern Specify the server 's netbios name (RFC1001 name) to use
619
-
when attempting to setup a session to the server.
530
+
remount
531
+
remount the share (often used to change from ro to rw mounts
532
+
or vice versa)
533
+
cifsacl
534
+
Report mode bits (e.g. on stat) based on the Windows ACL for
535
+
the file. (EXPERIMENTAL)
536
+
servern
537
+
Specify the server 's netbios name (RFC1001 name) to use
538
+
when attempting to setup a session to the server.
620
539
This is needed for mounting to some older servers (such
621
540
as OS/2 or Windows 98 and Windows ME) since they do not
622
541
support a default server name. A server name can be up
623
542
to 15 characters long and is usually uppercased.
624
-
sfu When the CIFS Unix Extensions are not negotiated, attempt to
543
+
sfu
544
+
When the CIFS Unix Extensions are not negotiated, attempt to
625
545
create device files and fifos in a format compatible with
626
546
Services for Unix (SFU). In addition retrieve bits 10-12
627
547
of the mode via the SETFILEBITS extended attribute (as
628
548
SFU does). In the future the bottom 9 bits of the
629
549
mode also will be emulated using queries of the security
630
550
descriptor (ACL).
631
-
mfsymlinks Enable support for Minshall+French symlinks
551
+
mfsymlinks
552
+
Enable support for Minshall+French symlinks
632
553
(see http://wiki.samba.org/index.php/UNIX_Extensions#Minshall.2BFrench_symlinks)
633
554
This option is ignored when specified together with the
634
555
'sfu' option. Minshall+French symlinks are used even if
635
556
the server supports the CIFS Unix Extensions.
636
-
sign Must use packet signing (helps avoid unwanted data modification
557
+
sign
558
+
Must use packet signing (helps avoid unwanted data modification
637
559
by intermediate systems in the route). Note that signing
638
560
does not work with lanman or plaintext authentication.
639
-
seal Must seal (encrypt) all data on this mounted share before
561
+
seal
562
+
Must seal (encrypt) all data on this mounted share before
640
563
sending on the network. Requires support for Unix Extensions.
641
564
Note that this differs from the sign mount option in that it
642
565
causes encryption of data sent over this mounted share but other
643
566
shares mounted to the same server are unaffected.
644
-
locallease This option is rarely needed. Fcntl F_SETLEASE is
567
+
locallease
568
+
This option is rarely needed. Fcntl F_SETLEASE is
645
569
used by some applications such as Samba and NFSv4 server to
646
570
check to see whether a file is cacheable. CIFS has no way
647
571
to explicitly request a lease, but can check whether a file
···
663
569
will allow the cifs client to check for leases (only) locally
664
570
for files which are not oplocked instead of denying leases
665
571
in that case. (EXPERIMENTAL)
666
-
sec Security mode. Allowed values are:
667
-
none attempt to connection as a null user (no name)
668
-
krb5 Use Kerberos version 5 authentication
669
-
krb5i Use Kerberos authentication and packet signing
670
-
ntlm Use NTLM password hashing (default)
671
-
ntlmi Use NTLM password hashing with signing (if
572
+
sec
573
+
Security mode. Allowed values are:
574
+
575
+
none
576
+
attempt to connection as a null user (no name)
577
+
krb5
578
+
Use Kerberos version 5 authentication
579
+
krb5i
580
+
Use Kerberos authentication and packet signing
581
+
ntlm
582
+
Use NTLM password hashing (default)
583
+
ntlmi
584
+
Use NTLM password hashing with signing (if
672
585
/proc/fs/cifs/PacketSigningEnabled on or if
673
-
server requires signing also can be the default)
674
-
ntlmv2 Use NTLMv2 password hashing
675
-
ntlmv2i Use NTLMv2 password hashing with packet signing
676
-
lanman (if configured in kernel config) use older
586
+
server requires signing also can be the default)
587
+
ntlmv2
588
+
Use NTLMv2 password hashing
589
+
ntlmv2i
590
+
Use NTLMv2 password hashing with packet signing
591
+
lanman
592
+
(if configured in kernel config) use older
677
593
lanman hash
678
-
hard Retry file operations if server is not responding
679
-
soft Limit retries to unresponsive servers (usually only
594
+
hard
595
+
Retry file operations if server is not responding
596
+
soft
597
+
Limit retries to unresponsive servers (usually only
680
598
one retry) before returning an error. (default)
681
599
682
600
The mount.cifs mount helper also accepts a few mount options before -o
683
601
including:
684
602
603
+
=============== ===============================================================
685
604
-S take password from stdin (equivalent to setting the environment
686
-
variable "PASSWD_FD=0"
605
+
variable ``PASSWD_FD=0``
687
606
-V print mount.cifs version
688
607
-? display simple usage information
608
+
=============== ===============================================================
689
609
690
610
With most 2.6 kernel versions of modutils, the version of the cifs kernel
691
611
module can be displayed via modinfo.
692
612
693
613
Misc /proc/fs/cifs Flags and Debug Info
694
614
=======================================
615
+
695
616
Informational pseudo-files:
617
+
618
+
======================= =======================================================
696
619
DebugData Displays information about active CIFS sessions and
697
620
shares, features enabled as well as the cifs.ko
698
621
version.
699
622
Stats Lists summary resource usage information as well as per
700
623
share statistics.
624
+
======================= =======================================================
701
625
702
626
Configuration pseudo-files:
627
+
628
+
======================= =======================================================
703
629
SecurityFlags Flags which control security negotiation and
704
630
also packet signing. Authentication (may/must)
705
631
flags (e.g. for NTLM and/or NTLMv2) may be combined with
706
632
the signing flags. Specifying two different password
707
-
hashing mechanisms (as "must use") on the other hand
708
-
does not make much sense. Default flags are
709
-
0x07007
710
-
(NTLM, NTLMv2 and packet signing allowed). The maximum
633
+
hashing mechanisms (as "must use") on the other hand
634
+
does not make much sense. Default flags are::
635
+
636
+
0x07007
637
+
638
+
(NTLM, NTLMv2 and packet signing allowed). The maximum
711
639
allowable flags if you want to allow mounts to servers
712
640
using weaker password hashes is 0x37037 (lanman,
713
641
plaintext, ntlm, ntlmv2, signing allowed). Some
···
742
626
laintext passwords using the older lanman dialect
743
627
form of the session setup SMB. (e.g. for authentication
744
628
using plain text passwords, set the SecurityFlags
745
-
to 0x30030):
746
-
747
-
may use packet signing 0x00001
748
-
must use packet signing 0x01001
749
-
may use NTLM (most common password hash) 0x00002
750
-
must use NTLM 0x02002
751
-
may use NTLMv2 0x00004
752
-
must use NTLMv2 0x04004
753
-
may use Kerberos security 0x00008
754
-
must use Kerberos 0x08008
755
-
may use lanman (weak) password hash 0x00010
756
-
must use lanman password hash 0x10010
757
-
may use plaintext passwords 0x00020
758
-
must use plaintext passwords 0x20020
759
-
(reserved for future packet encryption) 0x00040
629
+
to 0x30030)::
630
+
631
+
may use packet signing 0x00001
632
+
must use packet signing 0x01001
633
+
may use NTLM (most common password hash) 0x00002
634
+
must use NTLM 0x02002
635
+
may use NTLMv2 0x00004
636
+
must use NTLMv2 0x04004
637
+
may use Kerberos security 0x00008
638
+
must use Kerberos 0x08008
639
+
may use lanman (weak) password hash 0x00010
640
+
must use lanman password hash 0x10010
641
+
may use plaintext passwords 0x00020
642
+
must use plaintext passwords 0x20020
643
+
(reserved for future packet encryption) 0x00040
760
644
761
645
cifsFYI If set to non-zero value, additional debug information
762
646
will be logged to the system error log. This field
···
766
650
Some debugging statements are not compiled into the
767
651
cifs kernel unless CONFIG_CIFS_DEBUG2 is enabled in the
768
652
kernel configuration. cifsFYI may be set to one or
769
-
nore of the following flags (7 sets them all):
653
+
nore of the following flags (7 sets them all)::
770
654
771
-
log cifs informational messages 0x01
772
-
log return codes from cifs entry points 0x02
773
-
log slow responses (ie which take longer than 1 second)
774
-
CONFIG_CIFS_STATS2 must be enabled in .config 0x04
775
-
776
-
655
+
+-----------------------------------------------+------+
656
+
| log cifs informational messages | 0x01 |
657
+
+-----------------------------------------------+------+
658
+
| log return codes from cifs entry points | 0x02 |
659
+
+-----------------------------------------------+------+
660
+
| log slow responses | 0x04 |
661
+
| (ie which take longer than 1 second) | |
662
+
| | |
663
+
| CONFIG_CIFS_STATS2 must be enabled in .config | |
664
+
+-----------------------------------------------+------+
665
+
777
666
traceSMB If set to one, debug information is logged to the
778
667
system error log with the start of smb requests
779
668
and responses (default 0)
···
792
671
as support symbolic links. If you use servers
793
672
such as Samba that support the CIFS Unix
794
673
extensions but do not want to use symbolic link
795
-
support and want to map the uid and gid fields
796
-
to values supplied at mount (rather than the
674
+
support and want to map the uid and gid fields
675
+
to values supplied at mount (rather than the
797
676
actual values, then set this to zero. (default 1)
677
+
======================= =======================================================
798
678
799
-
These experimental features and tracing can be enabled by changing flags in
800
-
/proc/fs/cifs (after the cifs module has been installed or built into the
801
-
kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable
802
-
tracing to the kernel message log type:
679
+
These experimental features and tracing can be enabled by changing flags in
680
+
/proc/fs/cifs (after the cifs module has been installed or built into the
681
+
kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable
682
+
tracing to the kernel message log type::
803
683
804
684
echo 7 > /proc/fs/cifs/cifsFYI
805
-
685
+
806
686
cifsFYI functions as a bit mask. Setting it to 1 enables additional kernel
807
687
logging of various informational messages. 2 enables logging of non-zero
808
688
SMB return codes while 4 enables logging of requests that take longer
809
-
than one second to complete (except for byte range lock requests).
689
+
than one second to complete (except for byte range lock requests).
810
690
Setting it to 4 requires CONFIG_CIFS_STATS2 to be set in kernel configuration
811
691
(.config). Setting it to seven enables all three. Finally, tracing
812
-
the start of smb requests and responses can be enabled via:
692
+
the start of smb requests and responses can be enabled via::
813
693
814
694
echo 1 > /proc/fs/cifs/traceSMB
815
695
···
822
700
Also recorded is the total bytes read and bytes written to the server for
823
701
that share. Note that due to client caching effects this can be less than the
824
702
number of bytes read and written by the application running on the client.
825
-
Statistics can be reset to zero by "echo 0 > /proc/fs/cifs/Stats" which may be
703
+
Statistics can be reset to zero by ``echo 0 > /proc/fs/cifs/Stats`` which may be
826
704
useful if comparing performance of two different scenarios.
827
-
828
-
Also note that "cat /proc/fs/cifs/DebugData" will display information about
705
+
706
+
Also note that ``cat /proc/fs/cifs/DebugData`` will display information about
829
707
the active sessions and the shares that are mounted.
830
708
831
709
Enabling Kerberos (extended security) works but requires version 1.2 or later
···
847
725
848
726
To use cifs Kerberos and DFS support, the Linux keyutils package should be
849
727
installed and something like the following lines should be added to the
850
-
/etc/request-key.conf file:
728
+
/etc/request-key.conf file::
851
729
852
-
create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
853
-
create dns_resolver * * /usr/local/sbin/cifs.upcall %k
730
+
create cifs.spnego * * /usr/local/sbin/cifs.upcall %k
731
+
create dns_resolver * * /usr/local/sbin/cifs.upcall %k
854
732
855
733
CIFS kernel module parameters
856
734
=============================
857
735
These module parameters can be specified or modified either during the time of
858
-
module loading or during the runtime by using the interface
736
+
module loading or during the runtime by using the interface::
737
+
859
738
/proc/module/cifs/parameters/<param>
860
739
861
-
i.e. echo "value" > /sys/module/cifs/parameters/<param>
740
+
i.e.::
862
741
863
-
1. enable_oplocks - Enable or disable oplocks. Oplocks are enabled by default.
864
-
[Y/y/1]. To disable use any of [N/n/0].
742
+
echo "value" > /sys/module/cifs/parameters/<param>
865
743
744
+
================= ==========================================================
745
+
1. enable_oplocks Enable or disable oplocks. Oplocks are enabled by default.
746
+
[Y/y/1]. To disable use any of [N/n/0].
747
+
================= ==========================================================
+47
-40
Documentation/filesystems/cifs/TODO
Documentation/admin-guide/cifs/todo.rst
+47
-40
Documentation/filesystems/cifs/TODO
Documentation/admin-guide/cifs/todo.rst
···
1
+
====
2
+
TODO
3
+
====
4
+
1
5
Version 2.14 December 21, 2018
2
6
3
7
A Partial List of Missing Features
···
12
8
is a partial list of the known problems and missing features:
13
9
14
10
a) SMB3 (and SMB3.1.1) missing optional features:
11
+
15
12
- multichannel (started), integration with RDMA
16
13
- directory leases (improved metadata caching), started (root dir only)
17
14
- T10 copy offload ie "ODX" (copy chunk, and "Duplicate Extents" ioctl
···
21
16
b) improved sparse file support
22
17
23
18
c) Directory entry caching relies on a 1 second timer, rather than
24
-
using Directory Leases, currently only the root file handle is cached longer
19
+
using Directory Leases, currently only the root file handle is cached longer
25
20
26
21
d) quota support (needs minor kernel change since quota calls
27
-
to make it to network filesystems or deviceless filesystems)
22
+
to make it to network filesystems or deviceless filesystems)
28
23
29
24
e) Additional use cases where we use "compoounding" (e.g. open/query/close
30
-
and open/setinfo/close) to reduce the number of roundtrips, and also
31
-
open to reduce redundant opens (using deferred close and reference counts more).
25
+
and open/setinfo/close) to reduce the number of roundtrips, and also
26
+
open to reduce redundant opens (using deferred close and reference counts
27
+
more).
32
28
33
29
f) Finish inotify support so kde and gnome file list windows
34
-
will autorefresh (partially complete by Asser). Needs minor kernel
35
-
vfs change to support removing D_NOTIFY on a file.
30
+
will autorefresh (partially complete by Asser). Needs minor kernel
31
+
vfs change to support removing D_NOTIFY on a file.
36
32
37
33
g) Add GUI tool to configure /proc/fs/cifs settings and for display of
38
-
the CIFS statistics (started)
34
+
the CIFS statistics (started)
39
35
40
36
h) implement support for security and trusted categories of xattrs
41
-
(requires minor protocol extension) to enable better support for SELINUX
37
+
(requires minor protocol extension) to enable better support for SELINUX
42
38
43
39
i) Add support for tree connect contexts (see MS-SMB2) a new SMB3.1.1 protocol
44
40
feature (may be especially useful for virtualization).
45
41
46
42
j) Create UID mapping facility so server UIDs can be mapped on a per
47
-
mount or a per server basis to client UIDs or nobody if no mapping
48
-
exists. Also better integration with winbind for resolving SID owners
43
+
mount or a per server basis to client UIDs or nobody if no mapping
44
+
exists. Also better integration with winbind for resolving SID owners
49
45
50
46
k) Add tools to take advantage of more smb3 specific ioctls and features
51
-
(passthrough ioctl/fsctl for sending various SMB3 fsctls to the server
52
-
is in progress, and a passthrough query_info call is already implemented
53
-
in cifs.ko to allow smb3 info levels queries to be sent from userspace)
47
+
(passthrough ioctl/fsctl for sending various SMB3 fsctls to the server
48
+
is in progress, and a passthrough query_info call is already implemented
49
+
in cifs.ko to allow smb3 info levels queries to be sent from userspace)
54
50
55
51
l) encrypted file support
56
52
57
53
m) improved stats gathering tools (perhaps integration with nfsometer?)
58
-
to extend and make easier to use what is currently in /proc/fs/cifs/Stats
54
+
to extend and make easier to use what is currently in /proc/fs/cifs/Stats
59
55
60
-
n) allow setting more NTFS/SMB3 file attributes remotely (currently limited to compressed
61
-
file attribute via chflags) and improve user space tools for managing and
62
-
viewing them.
56
+
n) allow setting more NTFS/SMB3 file attributes remotely (currently limited to
57
+
compressed file attribute via chflags) and improve user space tools for
58
+
managing and viewing them.
63
59
64
60
o) mount helper GUI (to simplify the various configuration options on mount)
65
61
···
71
65
different servers, and the server we are connected to has gone down.
72
66
73
67
q) Allow mount.cifs to be more verbose in reporting errors with dialect
74
-
or unsupported feature errors.
68
+
or unsupported feature errors.
75
69
76
70
r) updating cifs documentation, and user guide.
77
71
78
72
s) Addressing bugs found by running a broader set of xfstests in standard
79
-
file system xfstest suite.
73
+
file system xfstest suite.
80
74
81
75
t) split cifs and smb3 support into separate modules so legacy (and less
82
-
secure) CIFS dialect can be disabled in environments that don't need it
83
-
and simplify the code.
76
+
secure) CIFS dialect can be disabled in environments that don't need it
77
+
and simplify the code.
84
78
85
79
v) POSIX Extensions for SMB3.1.1 (started, create and mkdir support added
86
-
so far).
80
+
so far).
87
81
88
82
w) Add support for additional strong encryption types, and additional spnego
89
-
authentication mechanisms (see MS-SMB2)
83
+
authentication mechanisms (see MS-SMB2)
90
84
91
-
KNOWN BUGS
92
-
====================================
85
+
Known Bugs
86
+
==========
87
+
93
88
See http://bugzilla.samba.org - search on product "CifsVFS" for
94
89
current bug list. Also check http://bugzilla.kernel.org (Product = File System, Component = CIFS)
95
90
96
91
1) existing symbolic links (Windows reparse points) are recognized but
97
-
can not be created remotely. They are implemented for Samba and those that
98
-
support the CIFS Unix extensions, although earlier versions of Samba
99
-
overly restrict the pathnames.
92
+
can not be created remotely. They are implemented for Samba and those that
93
+
support the CIFS Unix extensions, although earlier versions of Samba
94
+
overly restrict the pathnames.
100
95
2) follow_link and readdir code does not follow dfs junctions
101
-
but recognizes them
96
+
but recognizes them
102
97
103
98
Misc testing to do
104
99
==================
105
100
1) check out max path names and max path name components against various server
106
-
types. Try nested symlinks (8 deep). Return max path name in stat -f information
101
+
types. Try nested symlinks (8 deep). Return max path name in stat -f information
107
102
108
103
2) Improve xfstest's cifs/smb3 enablement and adapt xfstests where needed to test
109
-
cifs/smb3 better
104
+
cifs/smb3 better
110
105
111
-
3) Additional performance testing and optimization using iozone and similar -
112
-
there are some easy changes that can be done to parallelize sequential writes,
113
-
and when signing is disabled to request larger read sizes (larger than
114
-
negotiated size) and send larger write sizes to modern servers.
106
+
3) Additional performance testing and optimization using iozone and similar -
107
+
there are some easy changes that can be done to parallelize sequential writes,
108
+
and when signing is disabled to request larger read sizes (larger than
109
+
negotiated size) and send larger write sizes to modern servers.
115
110
116
111
4) More exhaustively test against less common servers
117
112
118
113
5) Continue to extend the smb3 "buildbot" which does automated xfstesting
119
-
against Windows, Samba and Azure currently - to add additional tests and
120
-
to allow the buildbot to execute the tests faster. The URL for the
121
-
buildbot is: http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com
114
+
against Windows, Samba and Azure currently - to add additional tests and
115
+
to allow the buildbot to execute the tests faster. The URL for the
116
+
buildbot is: http://smb3-test-rhel-75.southcentralus.cloudapp.azure.com
122
117
123
118
6) Address various coverity warnings (most are not bugs per-se, but
124
-
the more warnings are addressed, the easier it is to spot real
125
-
problems that static analyzers will point out in the future).
119
+
the more warnings are addressed, the easier it is to spot real
120
+
problems that static analyzers will point out in the future).
+8
Documentation/filesystems/cifs/cifs.txt
Documentation/admin-guide/cifs/introduction.rst
+8
Documentation/filesystems/cifs/cifs.txt
Documentation/admin-guide/cifs/introduction.rst
···
1
+
============
2
+
Introduction
3
+
============
4
+
1
5
This is the client VFS module for the SMB3 NAS protocol as well
2
6
as for older dialects such as the Common Internet File System (CIFS)
3
7
protocol which was the successor to the Server Message Block
···
37
33
tools (including smbinfo and setcifsacl) that can be obtained from
38
34
39
35
https://git.samba.org/?p=cifs-utils.git
36
+
40
37
or
38
+
41
39
git://git.samba.org/cifs-utils.git
42
40
43
41
mount.cifs should be installed in the directory with the other mount helpers.
···
47
41
For more information on the module see the project wiki page at
48
42
49
43
https://wiki.samba.org/index.php/LinuxCIFS
44
+
50
45
and
46
+
51
47
https://wiki.samba.org/index.php/LinuxCIFS_utils
Documentation/filesystems/cifs/winucase_convert.pl
Documentation/admin-guide/cifs/winucase_convert.pl
Documentation/filesystems/cifs/winucase_convert.pl
Documentation/admin-guide/cifs/winucase_convert.pl