From patchwork Fri Jul 15 17:37:35 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shirish Pargaonkar X-Patchwork-Id: 978832 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p6FHVXMo020052 for ; Fri, 15 Jul 2011 17:31:33 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754329Ab1GORbc (ORCPT ); Fri, 15 Jul 2011 13:31:32 -0400 Received: from mail-yi0-f46.google.com ([209.85.218.46]:51379 "EHLO mail-yi0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753339Ab1GORb3 (ORCPT ); Fri, 15 Jul 2011 13:31:29 -0400 Received: by yia27 with SMTP id 27so636929yia.19 for ; Fri, 15 Jul 2011 10:31:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; bh=WwflTkYOQWwvvC1MW046B43c9zPN6Ihal9tulOei1kU=; b=K/Q+9pkHUSWXHympPUfN6MfOKUqG/XK0jxI82mbodKE71qjUP0Gz6Yis2l34XieYeT C58Lic7qMCyh2qz3yK0Pi/9Lzb7mmc+PwxsDvTygwDEIET4WSw8jzd/R8CLgr4iPcG7+ NFM//WyMcYM8rZBvxHVPu8ezuVWAx3EgGuxzs= Received: by 10.101.174.28 with SMTP id b28mr3537950anp.71.1310751088170; Fri, 15 Jul 2011 10:31:28 -0700 (PDT) Received: from localhost ([32.97.110.58]) by mx.google.com with ESMTPS id o4sm1461453anj.48.2011.07.15.10.31.26 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 15 Jul 2011 10:31:27 -0700 (PDT) From: shirishpargaonkar@gmail.com To: jlayton@samba.org Cc: linux-cifs@vger.kernel.org, Shirish Pargaonkar Subject: [PATCH] cifs-utils: manpages - Add contents for mount option cifsacl (try #2) Date: Fri, 15 Jul 2011 12:37:35 -0500 Message-Id: <1310751455-19523-1-git-send-email-shirishpargaonkar@gmail.com> X-Mailer: git-send-email 1.6.0.2 Sender: linux-cifs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter2.kernel.org [140.211.167.43]); Fri, 15 Jul 2011 17:31:33 +0000 (UTC) From: Shirish Pargaonkar Manpage contents for cifs mount option cifsacl Signed-off-by: Shirish Pargaonkar --- mount.cifs.8 | 33 +++++++++++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-) diff --git a/mount.cifs.8 b/mount.cifs.8 index 7e0f117..082adcd 100644 --- a/mount.cifs.8 +++ b/mount.cifs.8 @@ -272,6 +272,39 @@ Do not allow POSIX ACL operations even if server would support them\&. The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers version 3\&.0\&.10 and later\&. Setting POSIX ACLs requires enabling both XATTR and then POSIX support in the CIFS configuration options when building the cifs module\&. POSIX ACL support can be disabled on a per mount basis by specifying "noacl" on mount\&. .RE .PP +cifsacl +.RS 4 +This option is used to map CIFS/NTFS ACLs to/fro Linux permission bits, +map SIDs to/fro UIDs and GIDs, and get and set Security Descriptors\&. +.sp +This option is used to work with file objects which posses Security Descriptor +and CIFS/NTFS ACL as user authentication model instead of UID, GID, +file permission bits, and POSIX ACL as user authentication model on mounted +shares exported from servers such as Windows. + +A CIFS/NTFS ACL is mapped to file permission bits using an algorithm specified here +.br +\t\- http://technet.microsoft.com/en-us/library/bb463216.aspx + +Mapping SIDs to/fro UIDs and GIDs needs, +.br +\t\- a kenrel upcall to cifs.idmap utility set up via file /etc/request-key.conf +.br +\t\- winbind configured via files /etc/nsswitch.conf and smb.conf +Please refer to the respective manpages of cifs.idmap and winbind for usage. + +Security Descriptors for a file object can be get and set using +extended attribute named system.cifs_acl. + +Some of the things to consider while using this mount option: +.br +\t\- Increased latency when handling metadata due to additional requests to get and set security descriptors. +.br +\t\- During CIFS/NTFS ACL mapping to/fro Linux file permission bits, it is possible to loose finer granularity available in CIFS/NTFS ACL. +.br +\t\- If either upcall to cifs.idmap is not setup correctly or winbind is not configured and running, ID mapping will fail. In that case uid and gids will default to either values of uid and/or gid mount options if specified or credentials of the process that mounted the share. +.RE +.PP nocase .RS 4 Request case insensitive path name matching (case sensitive is the default if the server suports it)\&.