* [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
@ 2024-03-11 1:24 Paulo Alcantara
2024-03-11 1:24 ` [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support Paulo Alcantara
2024-03-11 14:41 ` [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Steve French
0 siblings, 2 replies; 4+ messages in thread
From: Paulo Alcantara @ 2024-03-11 1:24 UTC (permalink / raw)
To: piastryyy; +Cc: linux-cifs, Paulo Alcantara
Reference sssd in mount.cifs(8) as it can be used instead of winbind
via cifs.idmap utility. It's also enabled by default in most systems.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index 9d4446f035b6..f0ddef97a0e8 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -761,10 +761,10 @@ specified in the following Microsoft TechNet document:
In order to map SIDs to/from UIDs and GIDs, the following is required:
- a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
-- winbind support configured via nsswitch.conf(5) and smb.conf(5)
+- winbind or sssd support configured via nsswitch.conf(5)
-Please refer to the respective manpages of cifs.idmap(8) and
-winbindd(8) for more information.
+Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
+and sssd(8) for more information.
Security descriptors for a file object can be retrieved and set
directly using extended attribute named ``system.cifs_acl``. The
@@ -780,10 +780,10 @@ Some of the things to consider while using this mount option:
- The mapping between a CIFS/NTFS ACL and POSIX file permission bits
is imperfect and some ACL information may be lost in the
translation.
-- If either upcall to cifs.idmap is not setup correctly or winbind is
- not configured and running, ID mapping will fail. In that case uid
- and gid will default to either to those values of the share or to
- the values of uid and/or gid mount options if specified.
+- If either upcall to cifs.idmap is not setup correctly or winbind or
+ sssd is not configured and running, ID mapping will fail. In that
+ case uid and gid will default to either to those values of the share
+ or to the values of uid and/or gid mount options if specified.
**********************************
ACCESSING FILES WITH BACKUP INTENT
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
2024-03-11 1:24 [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Paulo Alcantara
@ 2024-03-11 1:24 ` Paulo Alcantara
2024-03-11 14:39 ` Steve French
2024-03-11 14:41 ` [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Steve French
1 sibling, 1 reply; 4+ messages in thread
From: Paulo Alcantara @ 2024-03-11 1:24 UTC (permalink / raw)
To: piastryyy; +Cc: linux-cifs, Paulo Alcantara
Update section about required xattr/acl support for UID/GID mapping.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index f0ddef97a0e8..bd39c165c130 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -321,11 +321,12 @@ soft
noacl
Do not allow POSIX ACL operations even if server would support them.
- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
- configuration options when building the cifs module. POSIX ACL support
- can be disabled on a per mount basis by specifying ``noacl`` on mount.
+ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
+ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
+ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
+ support in the CIFS configuration options when building the cifs
+ module. POSIX ACL support can be disabled on a per mount basis by
+ specifying ``noacl`` on mount.
cifsacl
This option is used to map CIFS/NTFS ACLs to/from Linux permission
@@ -750,8 +751,19 @@ bits, and POSIX ACL as user authentication model. This is the most
common authentication model for CIFS servers and is the one used by
Windows.
-Support for this requires both CIFS_XATTR and CIFS_ACL support in the
-CIFS configuration options when building the cifs module.
+Support for this requires cifs kernel module built with both
+``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
+Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
+ACL support is always built into cifs kernel module.
+
+Most distribution kernels will already have those options enabled by
+default, but you can still check if they are enabled with::
+
+ cat /lib/modules/$(uname -r)/build/.config
+
+Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
+
+ zcat /proc/config.gz
A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
specified in the following Microsoft TechNet document:
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
2024-03-11 1:24 ` [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support Paulo Alcantara
@ 2024-03-11 14:39 ` Steve French
0 siblings, 0 replies; 4+ messages in thread
From: Steve French @ 2024-03-11 14:39 UTC (permalink / raw)
To: Paulo Alcantara; +Cc: piastryyy, linux-cifs
You can add my Reviewed-by: Steve French <stfrench@microsoft.com>
On Sun, Mar 10, 2024 at 8:24 PM Paulo Alcantara <pc@manguebit.com> wrote:
>
> Update section about required xattr/acl support for UID/GID mapping.
>
> Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
> ---
> mount.cifs.rst | 26 +++++++++++++++++++-------
> 1 file changed, 19 insertions(+), 7 deletions(-)
>
> diff --git a/mount.cifs.rst b/mount.cifs.rst
> index f0ddef97a0e8..bd39c165c130 100644
> --- a/mount.cifs.rst
> +++ b/mount.cifs.rst
> @@ -321,11 +321,12 @@ soft
> noacl
> Do not allow POSIX ACL operations even if server would support them.
>
> - The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
> - servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
> - both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
> - configuration options when building the cifs module. POSIX ACL support
> - can be disabled on a per mount basis by specifying ``noacl`` on mount.
> + The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
> + Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
> + enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
> + support in the CIFS configuration options when building the cifs
> + module. POSIX ACL support can be disabled on a per mount basis by
> + specifying ``noacl`` on mount.
>
> cifsacl
> This option is used to map CIFS/NTFS ACLs to/from Linux permission
> @@ -750,8 +751,19 @@ bits, and POSIX ACL as user authentication model. This is the most
> common authentication model for CIFS servers and is the one used by
> Windows.
>
> -Support for this requires both CIFS_XATTR and CIFS_ACL support in the
> -CIFS configuration options when building the cifs module.
> +Support for this requires cifs kernel module built with both
> +``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
> +Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
> +ACL support is always built into cifs kernel module.
> +
> +Most distribution kernels will already have those options enabled by
> +default, but you can still check if they are enabled with::
> +
> + cat /lib/modules/$(uname -r)/build/.config
> +
> +Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
> +
> + zcat /proc/config.gz
>
> A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
> specified in the following Microsoft TechNet document:
> --
> 2.44.0
>
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
2024-03-11 1:24 [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Paulo Alcantara
2024-03-11 1:24 ` [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support Paulo Alcantara
@ 2024-03-11 14:41 ` Steve French
1 sibling, 0 replies; 4+ messages in thread
From: Steve French @ 2024-03-11 14:41 UTC (permalink / raw)
To: Paulo Alcantara; +Cc: piastryyy, linux-cifs
You can add
Reviewed-by: Steve French <stfrench@microsoft.com>
On Sun, Mar 10, 2024 at 8:24 PM Paulo Alcantara <pc@manguebit.com> wrote:
>
> Reference sssd in mount.cifs(8) as it can be used instead of winbind
> via cifs.idmap utility. It's also enabled by default in most systems.
>
> Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
> ---
> mount.cifs.rst | 14 +++++++-------
> 1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/mount.cifs.rst b/mount.cifs.rst
> index 9d4446f035b6..f0ddef97a0e8 100644
> --- a/mount.cifs.rst
> +++ b/mount.cifs.rst
> @@ -761,10 +761,10 @@ specified in the following Microsoft TechNet document:
> In order to map SIDs to/from UIDs and GIDs, the following is required:
>
> - a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
> -- winbind support configured via nsswitch.conf(5) and smb.conf(5)
> +- winbind or sssd support configured via nsswitch.conf(5)
>
> -Please refer to the respective manpages of cifs.idmap(8) and
> -winbindd(8) for more information.
> +Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
> +and sssd(8) for more information.
>
> Security descriptors for a file object can be retrieved and set
> directly using extended attribute named ``system.cifs_acl``. The
> @@ -780,10 +780,10 @@ Some of the things to consider while using this mount option:
> - The mapping between a CIFS/NTFS ACL and POSIX file permission bits
> is imperfect and some ACL information may be lost in the
> translation.
> -- If either upcall to cifs.idmap is not setup correctly or winbind is
> - not configured and running, ID mapping will fail. In that case uid
> - and gid will default to either to those values of the share or to
> - the values of uid and/or gid mount options if specified.
> +- If either upcall to cifs.idmap is not setup correctly or winbind or
> + sssd is not configured and running, ID mapping will fail. In that
> + case uid and gid will default to either to those values of the share
> + or to the values of uid and/or gid mount options if specified.
>
> **********************************
> ACCESSING FILES WITH BACKUP INTENT
> --
> 2.44.0
>
>
--
Thanks,
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-11 14:41 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-11 1:24 [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Paulo Alcantara
2024-03-11 1:24 ` [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support Paulo Alcantara
2024-03-11 14:39 ` Steve French
2024-03-11 14:41 ` [PATCH 1/2] mount.cifs.rst: add missing reference for sssd Steve French
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).