What about restricting who can login to a given share? I have that capabiity under Samba on Linux, as demonstrated below in the smb.conf snippet.
Is anyone use CIFS/OI with an smb.conf file? Martin > Date: Tue, 3 Jan 2012 23:39:05 +0100 > From: Robin Axelsson <[email protected]> > > I guess you have two ways to control user access to different shares, > one is the Unix style and the other is through ACLs. From my experience > the kernel-CIFS server has sometimes ignored the Unix/Posix permission > bits that I set. For example even if I say "chmod 444" a file I can > still delete the file over the network, I don't remember the specifics > now but some things worked whereas other did not. But I think you can > have different shares for different users by chowning the different file > systems to different users. > > Then I started working with the ACL based permission bits and I was more > successful with that (I never did anything serious with it, I just tried > it out and saw that it works). To work with ACLs you need to use the > /bin/ls, /bin/chmod etc and look at the man pages specifically for > '/bin/ls' for more information on ACLs. My guess is that access control > using ACLs is what you are looking for and it is a bit different from > the way you administrate samba configurations, at least so I heard as > I've never configured a samba server for outbound file sharing. > > Managing ACLs on Solaris/OpenSolaris have been reportedly a difficult > thing to do and get around but maybe things have become easier in the > development process of OpenIndiana. After all it has been quite a while > since I looked into ACLs on OpenSolaris. > > NFS is beyond my knowledge but I assume that NFS is Linux/Unix only. As > far as I know there is no support for NFS sharing (or client access > thereto) on Windows systems. I know that there used to be a Unix for > Windows package somewhere that Microsoft published (SFU3.5) but I think > it is only for old 32-bit operating systems. > > Robin. > > On 2011-12-27 08:20, Martin Frost wrote: > > We have Windows machines that need to access ZFS filesystems under > > oi_148 that are also exported via NFS to Linux machines. > > > > I need to be able to specify which filesystems each Windows user can > > see. Below is a sample of what I do on a Linux system to restrict > > Samba access for a given share to certain users. Can this be done > > under OI/CIFS? > > > > [fin] > > comment = Fin > > path = /home/fin > > valid users = fin,user1,user2,user3 > > create mask = 0770 > > directory mask = 0770 > > force group = fin > > > > I'm hoping to use the in-kernel CIFS server, as I assume it provides > > better performance, but I'm not clear about the configuration > > differences between the Samba server and the in-kernel CIFS server > > under OI. > > > > I ran: > > > > zfs create -o casesensitivity=mixed -o nbmand=on thepool/test1 > > zfs set sharenfs='rw=remotehostfqdn,root=remotehostfqdn thepool/test1 > > zfs set sharesmb=on thepool/test1 > > > > and that made the test1 filesystem mountable via 'smb:/server/thepool' > > from Finder on a Mac (so I assume it will work from Windows too). > > > > I noticed that the first time I set sharesmb on, /usr/lib/smbsrv/smbd > > got started up. Is this the non-kernel Samba server?? > > > > There is no smb.conf file. There is a /etc/samba/smb.conf-example, > > but nothing like smb.conf shows up in 'strings /usr/lib/smbsrv/smbd'. > > And 'man smbd' doesn't mention any configuration file. I do see a man > > page for smb.conf' -- can I use an smb.conf file with the in-kernel > > CIFS server? If so, would it live in /etc/samba? > > > > > > I've added this to /etc/pam.conf so that users get Samba passwords: > > > > other password required pam_smb_passwd.so.1 nowarn > > > > Since the OI machine is only a fileserver, I don't want the users to > > ssh into the machine, so unless there's a better way, I plan to lock > > the Samba users' passwords in /etc/shadow. > > > > Thanks for your help. > > > > Martin _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
