Lines Matching refs:the
3 It was designed to comply with the SNIA CIFS Technical Reference (which
4 supersedes the 1992 X/Open SMB Standard) as well as to perform best practice
6 servers. This code was developed in participation with the Protocol Freedom
21 1) Get the kernel source (e.g.from http://www.kernel.org)
22 and download the cifs vfs source (see the project page
24 and change directory into the top of the kernel directory
25 then patch the kernel (e.g. "patch -p1 < cifs_24.patch")
26 to add the cifs vfs to your kernel configure options if
28 users do not need to apply the cifs_24.patch since the cifs vfs is
29 already in the kernel configure menu) and then
30 mkdir linux/fs/cifs and then copy the current cifs vfs files from
31 the cifs download to your kernel build directory e.g.
36 3) select cifs from within the network filesystem choices
42 1) Download the kernel (e.g. from http://www.kernel.org)
43 and change directory into the top of the kernel directory tree
46 3) select cifs from within the network filesystem choices
53 If you have built the CIFS vfs as module (successfully) simply
54 type "make modules_install" (or if you prefer, manually copy the file to
55 the modules directory e.g. /lib/modules/2.4.10-4GB/kernel/fs/cifs/cifs.o).
57 If you have built the CIFS vfs into the kernel itself, follow the instructions
61 If you do not have the utility mount.cifs (in the Samba 3.0 source tree and on
62 the CIFS VFS web site) copy it to the same directory in which mount.smbfs and
63 similar files reside (usually /sbin). Although the helper software is not
64 required, mount.cifs is recommended. Eventually the Samba 3.0 utility program
68 Note that running the Winbind pam/nss module (logon service) on all of your
69 Linux clients is useful in mapping Uids and Gids consistently across the
70 domain to the proper network user. The mount.cifs mount helper can be
75 If cifs is built as a module, then the size and number of network buffers
79 on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made
85 with the cifs vfs. A way to enable such mounting is to mark the mount.cifs
89 2) an entry for the share in /etc/fstab indicating that a user may
93 Note that when the mount.cifs utility is run suid (allowing user mounts),
94 in order to reduce risks, the "nosuid" mount flag is passed in on mount to
95 disallow execution of an suid program mounted on the remote target.
97 and execution of suid programs on the remote target would be enabled
99 by simply specifying "nosuid" among the mount options. For user mounts
100 though to be able to pass the suid flag to mount requires rebuilding
101 mount.cifs with the following flag:
105 There is a corresponding manual page for cifs mounting in the Samba 3.0 and
111 the utility umount.cifs may be used. It may be invoked directly, or if
112 umount.cifs is placed in /sbin, umount can invoke the cifs umount helper
113 (at least for most versions of the umount utility) for umount of cifs
117 allow adding entries to a file to the /etc/permissions file to achieve the
118 equivalent suid effect). For this utility to succeed the target path
119 must be a cifs mount, and the uid of the current user must match the uid
120 of the user who mounted the resource.
122 Also note that the customary way of allowing user mounts and unmounts is
124 to the file /etc/fstab for each //server/share you wish to mount, but
130 To get the maximum benefit from the CIFS VFS, we recommend using a server that
131 supports the SNIA CIFS Unix Extensions standard (e.g. Samba 2.2.5 or later or
132 Samba 3.0) but the CIFS vfs works fine with a wide variety of CIFS servers.
134 not have a server that supports the Unix extensions for CIFS (such as Samba
135 2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add
136 the line:
140 to your smb.conf file on the server. Note that the following smb.conf settings
141 are also useful (on the Samba server) when the majority of clients are Unix or
148 Note that server ea support is required for supporting xattrs from the Linux
158 then POSIX support in the CIFS configuration options when building the cifs
163 "create mask" parameters from the default. Unless the create mask is changed
165 which may not be what you want, although if the CIFS Unix extensions are
166 enabled on the server and client, subsequent setattr calls (e.g. chmod) can
167 fix the mode. Note that creating special devices (mknod) remotely
169 Samba 3.0.6 or later. For more information on these see the manual pages
170 ("man smb.conf") on the Samba server system. Note that the cifs vfs,
171 unlike the smbfs vfs, does not read the smb.conf on the client system
172 (the few optional settings are passed in on mount via -o parameters instead).
173 Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete
176 outside of the share, so in Samba versions prior to 3.0.6, most symlinks to
179 would be forbidden. Samba 3.0.6 server or later includes the ability to create
181 files that are outside of the share) to a samba specific format on the server
183 not be traversed by the Samba server). This is opaque to the Linux client
184 application using the cifs vfs. Absolute symlinks will work to Samba 3.0.5 or
185 later, but only for remote clients using the CIFS Unix extensions, and will
187 applications running on the same server as Samba.
191 Once the CIFS VFS support is built into the kernel or installed as a module
192 (cifs.o), you can use mount syntax like the following to access Samba or Windows
197 Before -o the option -v may be specified to make the mount.cifs
198 mount helper display the mount steps more verbosely.
199 After -o the following commonly used cifs vfs specific options
207 ip addresses) is available if the mount helper (mount.cifs) is installed. If
208 you do not trust the server to which are mounted, or if you do not have
209 cifs signing enabled (and the physical network is insecure), consider use
210 of the standard mount options "noexec" and "nosuid" to reduce the risk of
214 Although mounting using format corresponding to the CIFS URL specification is
216 for the server and sharename (which is somewhat similar to NFS style mount
217 syntax) instead of the more widely used UNC format (i.e. \\server\share):
220 When using the mount helper mount.cifs, passwords may be specified via alternate
221 mechanisms, instead of specifying it after -o using the normal "pass=" syntax
222 on the command line:
224 of the mount options. Credential files contain two lines
227 2) By specifying the password in the PASSWD environment variable (similarly
228 the user name can be taken from the USER environment variable).
229 3) By specifying the password in a file by name via PASSWD_FILE
230 4) By specifying the password in a file by file descriptor via PASSWD_FD
241 filenames which contain certain reserved characters (e.g.the character :
242 which is used to delimit the beginning of a stream name by Windows), while
245 the Server's registry. Samba starting with version 3.10 will allow such
247 would be forbidden for Windows/CIFS semantics) as long as the server is
248 configured for Unix Extensions (and the client has not disabled
254 A partial list of the supported mount options follows:
256 the CIFS session.
257 password The user password. If the mount helper is
258 installed, the user will be prompted for password
260 ip The ip address of the target server
263 domain Set the SMB/CIFS workgroup name prepended to the
265 forceuid Set the default uid for inodes to the uid
267 which do support the CIFS Unix extensions, such as a
268 properly configured Samba server, the server provides
269 the uid, gid and mode so this parameter should not be
270 specified unless the server and clients uid and gid
271 numbering differ. If the server and client are in the
273 the server supports the Unix Extensions then the uid
274 and gid can be retrieved from the server (and uid
275 and gid would not have to be specifed on the mount.
276 For servers which do not support the CIFS Unix
277 extensions, the default uid (and gid) returned on lookup
278 of existing files will be the uid (gid) of the person
279 who executed the mount (root, except when mount.cifs
280 is configured setuid for user mounts) unless the "uid="
283 at the server, but there are cases in which an administrator
284 may want to restrict at the client as well. For those
286 (such as Windows), permissions can also be checked at the
289 the client. (default)
290 forcegid (similar to above but for the groupid instead of uid) (default)
292 the server if possible. With this option, the value given in
293 the uid= option (on mount) will only be used if the server
295 noforcegid (similar to above but for the group owner, gid, instead of uid)
296 uid Set the default uid for inodes, and indicate to the
297 cifs kernel driver which local user mounted. If the server
298 supports the unix extensions the default uid is
299 not used to fill in the owner fields of inodes (files)
300 unless the "forceuid" parameter is specified.
301 gid Set the default gid for inodes (similar to above).
302 file_mode If CIFS Unix extensions are not supported by the server
303 this overrides the default mode for file inodes.
306 heavily loaded server and/or network where reading from the
307 disk is faster than reading from the server (over the network).
308 This could also impact scalability positively as the
309 number of calls to the server are reduced. However, local
314 dir_mode If CIFS Unix extensions are not supported by the server
315 this overrides the default mode for directory inodes.
316 port attempt to contact the server on this tcp port, before
317 trying the usual ports (port 445, then 139).
320 names if the server supports it. If iocharset is
321 not specified then the nls_default specified
322 during the local client kernel build will be used.
327 defaults to 16K and may be changed (from 8K to the maximum
331 in some cases. To use rsize greater than 127K (the original
332 cifs protocol maximum) also requires that the server support
341 After this timeout, the cifs client requests fresh attribute
342 information from the server. This option allows to tune the
343 attribute cache timeout to suit the workload needs. Shorter
344 timeouts mean better the cache coherency, but increased number
345 of calls to the server. Longer timeouts mean reduced number
346 of calls to the server at the expense of less stricter cache
349 rw mount the network share read-write (note that the
350 server may still consider the share read-only)
352 version used to distinguish different versions of the
354 sep if first mount option (after the -o), overrides
355 the comma as the separator between the mount
358 could be passed instead with period as the separator by
362 when the cifs mount helper cifs.mount (version 1.1 or later)
364 nosuid Do not allow remote executables with the suid bit
366 to servers such as Samba which support the CIFS Unix Extensions.
367 If you do not trust the servers in your network (your mount
370 exec Permit execution of binaries on the mount.
371 noexec Do not permit execution of binaries on the mount.
372 dev Recognize block devices on the remote mount.
373 nodev Do not recognize devices on the remote mount.
377 credentials Although ignored by the cifs kernel component, it is used by
378 the mount helper, mount.cifs. When mount.cifs is installed it
379 opens and reads the credential file specified in order
380 to obtain the userid and password arguments which are passed to
381 the cifs vfs.
382 guest Although ignored by the kernel component, the mount.cifs
383 mount helper will not prompt the user for a password
384 if guest is specified on the mount options. If no
387 and gid of the file against the mode and desired operation),
388 Note that this is in addition to the normal ACL check on the
389 target machine done by the server software.
392 files on this mount to access by other users on the local
393 client system. It is typically only needed when the server
394 supports the CIFS Unix Extensions but the UIDs/GIDs on the
396 access by the user doing the mount, but it may be useful with
397 non CIFS Unix Extension mounts for cases in which the default
398 mode is specified on the mount but is not to be enforced on the
400 Note that this does not affect the normal ACL check on the
401 target machine done by the server software (of the server
402 ACL against the user name provided at mount time).
404 incrementing inode numbers on the client. Although this will
406 the same inode numbers) and inode numbers may be persistent,
407 note that the server does not guarantee that the inode numbers
409 single share (since inode numbers on the servers might not
410 be unique if multiple filesystems are mounted under the same
413 or the CIFS Unix Extensions equivalent and for those
415 under nfsd requires this mount option on the cifs mount.
416 This is now the default if server supports the
418 noserverino Client generates inode numbers (rather than using the actual one
419 from the server). These inode numbers will vary after
423 setuids If the CIFS Unix extensions are negotiated with the server
424 the client will attempt to set the effective uid and gid of
425 the local process on newly created files, directories, and
426 devices (create, mkdir, mknod). If the CIFS Unix Extensions
428 instead of using the default uid and gid specified on
429 the mount, cache the new file's uid and gid locally which means
430 that the uid for the file can change when the inode is
431 reloaded (or the user remounts the share).
432 nosetuids The client will not attempt to set the uid and gid on
434 mkdir, mknod) which will result in the server setting the
435 uid and gid to the default (usually the server uid of the
436 user who mounted the share). Letting the server (rather than
437 the client) set the uid and gid is the default. If the CIFS
438 Unix Extensions are not negotiated then the uid and gid for
439 new files will appear to be the uid (gid) of the mounter or the
440 uid (gid) parameter specified on the mount.
441 netbiosname When mounting to servers via port 139, specifies the RFC1001
442 source name to use to represent the client netbios machine
443 name when doing the RFC1001 netbios session initialize.
446 with fast networks and little or no caching benefits on the
447 client (e.g. when the application is doing large sequential
448 reads bigger than page size without rereading the same data)
449 this can provide better performance than the default
451 (writebehind) through the local Linux client pagecache
454 to be sent to the server.
455 strictcache Use for switching on strict cache mode. In this mode the
456 client read from the cache all the time it has Oplock Level II,
457 otherwise - read from the server. All written data are stored
458 in the cache, but if the client doesn't have Exclusive Oplock,
459 it writes the data to the server.
468 attributes) to the server. This allows support of the
471 mapchars Translate six of the seven reserved characters (not backslash)
473 to the remap range (above 0xF000), which also
474 allows the CIFS client to recognize files created with
479 This has no effect if the server does not support
480 Unicode on the wire.
483 sensitive is the default if the server supports it).
492 nounix Disable the CIFS Unix Extensions for this mount (tree
496 and retrieving uids/gids/mode from the server) or to
497 work around a bug in server which implement the Unix
499 nobrl Do not send byte range lock requests to the server.
504 forcemandatorylock Even if the server supports posix (advisory) byte range
509 forcing the cifs client to only send mandatory locks
510 even if the cifs server would support posix advisory locks.
514 fsync call then the cifs client does not send an SMB Flush
515 to the server (to force the server to write all dirty data
517 all dirty (cached) file data to the server and waits for the
518 server to respond to the write. Since SMB Flush can be
520 delaying slightly flushing the data to disk on the server),
526 nodfs Disable DFS (global name space support) even if the
530 remount remount the share (often used to change from ro to rw mounts
532 cifsacl Report mode bits (e.g. on stat) based on the Windows ACL for
533 the file. (EXPERIMENTAL)
534 servern Specify the server 's netbios name (RFC1001 name) to use
535 when attempting to setup a session to the server.
540 sfu When the CIFS Unix Extensions are not negotiated, attempt to
543 of the mode via the SETFILEBITS extended attribute (as
544 SFU does). In the future the bottom 9 bits of the
545 mode also will be emulated using queries of the security
549 This option is ignored when specified together with the
551 the server supports the CIFS Unix Extensions.
553 by intermediate systems in the route). Note that signing
556 sending on the network. Requires support for Unix Extensions.
557 Note that this differs from the sign mount option in that it
559 shares mounted to the same server are unaffected.
567 the file) for cases for example such as when the server does not
568 support oplocks and the user is sure that the only updates to
569 the file will be from this client. Specifying this mount option
570 will allow the cifs client to check for leases (only) locally
580 server requires signing also can be the default)
592 -S take password from stdin (equivalent to setting the environment
597 With most 2.6 kernel versions of modutils, the version of the cifs kernel
604 shares, features enabled as well as the cifs.ko
608 in the kernel configuration.
612 and will be used if the server requires
614 required even if the server considers packet
619 the signing flags. Specifying two different password
620 hashing mechanisms (as "must use") on the other hand
627 SecurityFlags require the corresponding menuconfig
631 enabling lanman authentication in the security flags
632 because the cifs module only supports sending
633 laintext passwords using the older lanman dialect
634 form of the session setup SMB. (e.g. for authentication
635 using plain text passwords, set the SecurityFlags
653 will be logged to the system error log. This field
657 Some debugging statements are not compiled into the
658 cifs kernel unless CONFIG_CIFS_DEBUG2 is enabled in the
660 nore of the following flags (7 sets them all):
668 traceSMB If set to one, debug information is logged to the
669 system error log with the start of smb requests
676 LinuxExtensionsEnabled If set to one then the client will attempt to
677 use the CIFS "UNIX" extensions which are optional
681 such as Samba that support the CIFS Unix
683 support and want to map the uid and gid fields
684 to values supplied at mount (rather than the
688 /proc/fs/cifs (after the cifs module has been installed or built into the
690 tracing to the kernel message log type:
698 Setting it to 4 requires defining CONFIG_CIFS_STATS2 manually in the
699 source code (typically by setting it in the beginning of cifsglob.h),
701 the start of smb requests and responses can be enabled via:
706 if the kernel was configured with cifs statistics enabled. The statistics
707 represent the number of successful (ie non-zero return code from the server)
708 SMB responses to some of the more common commands (open, delete, mkdir etc.).
709 Also recorded is the total bytes read and bytes written to the server for
710 that share. Note that due to client caching effects this can be less than the
711 number of bytes read and written by the application running on the client.
712 The statistics for the number of total SMBs and oplock breaks are different in
713 that they represent all for that share, not just those for which the server
717 the active sessions and the shares that are mounted.
720 of the helper program cifs.upcall to be present and to be configured in the
721 /etc/request-key.conf file. The cifs.upcall helper program is from the Samba
723 require this helper. Note that NTLMv2 security (which does not require the
731 translate host names to ip address, and the user space helper must also
732 be configured in the file /etc/request-key.conf. Samba, Windows servers and
736 To use cifs Kerberos and DFS support, the Linux keyutils package should be
737 installed and something like the following lines should be added to the
745 These module parameters can be specified or modified either during the time of
746 module loading or during the runtime by using the interface