I guess you have two ways to control user access to different shares,
one is the Unix style and the other is through ACLs. From my experience
the kernel-CIFS server has sometimes ignored the Unix/Posix permission
bits that I set. For example even if I say "chmod 444" a file I can
still delete the file over the network, I don't remember the specifics
now but some things worked whereas other did not. But I think you can
have different shares for different users by chowning the different file
systems to different users.
Then I started working with the ACL based permission bits and I was more
successful with that (I never did anything serious with it, I just tried
it out and saw that it works). To work with ACLs you need to use the
/bin/ls, /bin/chmod etc and look at the man pages specifically for
'/bin/ls' for more information on ACLs. My guess is that access control
using ACLs is what you are looking for and it is a bit different from
the way you administrate samba configurations, at least so I heard as
I've never configured a samba server for outbound file sharing.
Managing ACLs on Solaris/OpenSolaris have been reportedly a difficult
thing to do and get around but maybe things have become easier in the
development process of OpenIndiana. After all it has been quite a while
since I looked into ACLs on OpenSolaris.
NFS is beyond my knowledge but I assume that NFS is Linux/Unix only. As
far as I know there is no support for NFS sharing (or client access
thereto) on Windows systems. I know that there used to be a Unix for
Windows package somewhere that Microsoft published (SFU3.5) but I think
it is only for old 32-bit operating systems.
Robin.
On 2011-12-27 08:20, Martin Frost wrote:
We have Windows machines that need to access ZFS filesystems under
oi_148 that are also exported via NFS to Linux machines.
I need to be able to specify which filesystems each Windows user can
see. Below is a sample of what I do on a Linux system to restrict
Samba access for a given share to certain users. Can this be done
under OI/CIFS?
[fin]
comment = Fin
path = /home/fin
valid users = fin,user1,user2,user3
create mask = 0770
directory mask = 0770
force group = fin
I'm hoping to use the in-kernel CIFS server, as I assume it provides
better performance, but I'm not clear about the configuration
differences between the Samba server and the in-kernel CIFS server
under OI.
I ran:
zfs create -o casesensitivity=mixed -o nbmand=on thepool/test1
zfs set sharenfs='rw=remotehostfqdn,root=remotehostfqdn thepool/test1
zfs set sharesmb=on thepool/test1
and that made the test1 filesystem mountable via 'smb:/server/thepool'
from Finder on a Mac (so I assume it will work from Windows too).
I noticed that the first time I set sharesmb on, /usr/lib/smbsrv/smbd
got started up. Is this the non-kernel Samba server??
There is no smb.conf file. There is a /etc/samba/smb.conf-example,
but nothing like smb.conf shows up in 'strings /usr/lib/smbsrv/smbd'.
And 'man smbd' doesn't mention any configuration file. I do see a man
page for smb.conf' -- can I use an smb.conf file with the in-kernel
CIFS server? If so, would it live in /etc/samba?
I've added this to /etc/pam.conf so that users get Samba passwords:
other password required pam_smb_passwd.so.1 nowarn
Since the OI machine is only a fileserver, I don't want the users to
ssh into the machine, so unless there's a better way, I plan to lock
the Samba users' passwords in /etc/shadow.
Thanks for your help.
Martin
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
