Commit | Line | Data |
---|---|---|
1da177e4 | 1 | The CIFS VFS support for Linux supports many advanced network filesystem |
1b3c3714 | 2 | features such as hierarchical dfs like namespace, hardlinks, locking and more. |
1da177e4 LT |
3 | It was designed to comply with the SNIA CIFS Technical Reference (which |
4 | supersedes the 1992 X/Open SMB Standard) as well as to perform best practice | |
5 | practical interoperability with Windows 2000, Windows XP, Samba and equivalent | |
6 | servers. | |
7 | ||
8 | For questions or bug reports please contact: | |
9 | sfrench@samba.org (sfrench@us.ibm.com) | |
10 | ||
11 | Build instructions: | |
12 | ================== | |
13 | For Linux 2.4: | |
14 | 1) Get the kernel source (e.g.from http://www.kernel.org) | |
15 | and download the cifs vfs source (see the project page | |
16 | at http://us1.samba.org/samba/Linux_CIFS_client.html) | |
17 | and change directory into the top of the kernel directory | |
18 | then patch the kernel (e.g. "patch -p1 < cifs_24.patch") | |
19 | to add the cifs vfs to your kernel configure options if | |
20 | it has not already been added (e.g. current SuSE and UL | |
21 | users do not need to apply the cifs_24.patch since the cifs vfs is | |
22 | already in the kernel configure menu) and then | |
23 | mkdir linux/fs/cifs and then copy the current cifs vfs files from | |
24 | the cifs download to your kernel build directory e.g. | |
25 | ||
26 | cp <cifs_download_dir>/fs/cifs/* to <kernel_download_dir>/fs/cifs | |
27 | ||
28 | 2) make menuconfig (or make xconfig) | |
29 | 3) select cifs from within the network filesystem choices | |
30 | 4) save and exit | |
31 | 5) make dep | |
32 | 6) make modules (or "make" if CIFS VFS not to be built as a module) | |
33 | ||
34 | For Linux 2.6: | |
dfc1e148 AB |
35 | 1) Download the kernel (e.g. from http://www.kernel.org) |
36 | and change directory into the top of the kernel directory tree | |
37 | (e.g. /usr/src/linux-2.5.73) | |
1da177e4 LT |
38 | 2) make menuconfig (or make xconfig) |
39 | 3) select cifs from within the network filesystem choices | |
40 | 4) save and exit | |
41 | 5) make | |
42 | ||
43 | ||
44 | Installation instructions: | |
45 | ========================= | |
46 | If you have built the CIFS vfs as module (successfully) simply | |
47 | type "make modules_install" (or if you prefer, manually copy the file to | |
48 | the modules directory e.g. /lib/modules/2.4.10-4GB/kernel/fs/cifs/cifs.o). | |
49 | ||
50 | If you have built the CIFS vfs into the kernel itself, follow the instructions | |
51 | for your distribution on how to install a new kernel (usually you | |
52 | would simply type "make install"). | |
53 | ||
54 | If you do not have the utility mount.cifs (in the Samba 3.0 source tree and on | |
55 | the CIFS VFS web site) copy it to the same directory in which mount.smbfs and | |
56 | similar files reside (usually /sbin). Although the helper software is not | |
57 | required, mount.cifs is recommended. Eventually the Samba 3.0 utility program | |
58 | "net" may also be helpful since it may someday provide easier mount syntax for | |
f6d09982 SF |
59 | users who are used to Windows e.g. |
60 | net use <mount point> <UNC name or cifs URL> | |
1da177e4 LT |
61 | Note that running the Winbind pam/nss module (logon service) on all of your |
62 | Linux clients is useful in mapping Uids and Gids consistently across the | |
63 | domain to the proper network user. The mount.cifs mount helper can be | |
64 | trivially built from Samba 3.0 or later source e.g. by executing: | |
65 | ||
66 | gcc samba/source/client/mount.cifs.c -o mount.cifs | |
67 | ||
68 | If cifs is built as a module, then the size and number of network buffers | |
69 | and maximum number of simultaneous requests to one server can be configured. | |
70 | Changing these from their defaults is not recommended. By executing modinfo | |
71 | modinfo kernel/fs/cifs/cifs.ko | |
72 | on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made | |
73 | at module initialization time (by running insmod cifs.ko) can be seen. | |
74 | ||
75 | Allowing User Mounts | |
76 | ==================== | |
77 | To permit users to mount and unmount over directories they own is possible | |
78 | with the cifs vfs. A way to enable such mounting is to mark the mount.cifs | |
099a58f6 | 79 | utility as suid (e.g. "chmod +s /sbin/mount.cifs). To enable users to |
1da177e4 LT |
80 | umount shares they mount requires |
81 | 1) mount.cifs version 1.4 or later | |
82 | 2) an entry for the share in /etc/fstab indicating that a user may | |
83 | unmount it e.g. | |
84 | //server/usersharename /mnt/username cifs user 0 0 | |
85 | ||
86 | Note that when the mount.cifs utility is run suid (allowing user mounts), | |
87 | in order to reduce risks, the "nosuid" mount flag is passed in on mount to | |
88 | disallow execution of an suid program mounted on the remote target. | |
89 | When mount is executed as root, nosuid is not passed in by default, | |
90 | and execution of suid programs on the remote target would be enabled | |
91 | by default. This can be changed, as with nfs and other filesystems, | |
92 | by simply specifying "nosuid" among the mount options. For user mounts | |
93 | though to be able to pass the suid flag to mount requires rebuilding | |
94 | mount.cifs with the following flag: | |
95 | ||
96 | gcc samba/source/client/mount.cifs.c -DCIFS_ALLOW_USR_SUID -o mount.cifs | |
97 | ||
98 | There is a corresponding manual page for cifs mounting in the Samba 3.0 and | |
99 | later source tree in docs/manpages/mount.cifs.8 | |
100 | ||
099a58f6 SF |
101 | Allowing User Unmounts |
102 | ====================== | |
103 | To permit users to ummount directories that they have user mounted (see above), | |
104 | the utility umount.cifs may be used. It may be invoked directly, or if | |
0cb766ae | 105 | umount.cifs is placed in /sbin, umount can invoke the cifs umount helper |
099a58f6 | 106 | (at least for most versions of the umount utility) for umount of cifs |
0cb766ae SF |
107 | mounts, unless umount is invoked with -i (which will avoid invoking a umount |
108 | helper). As with mount.cifs, to enable user unmounts umount.cifs must be marked | |
109 | as suid (e.g. "chmod +s /sbin/umount.cifs") or equivalent (some distributions | |
110 | allow adding entries to a file to the /etc/permissions file to achieve the | |
111 | equivalent suid effect). For this utility to succeed the target path | |
112 | must be a cifs mount, and the uid of the current user must match the uid | |
113 | of the user who mounted the resource. | |
099a58f6 SF |
114 | |
115 | Also note that the customary way of allowing user mounts and unmounts is | |
116 | (instead of using mount.cifs and unmount.cifs as suid) to add a line | |
117 | to the file /etc/fstab for each //server/share you wish to mount, but | |
118 | this can become unwieldy when potential mount targets include many | |
119 | or unpredictable UNC names. | |
120 | ||
1da177e4 LT |
121 | Samba Considerations |
122 | ==================== | |
123 | To get the maximum benefit from the CIFS VFS, we recommend using a server that | |
124 | supports the SNIA CIFS Unix Extensions standard (e.g. Samba 2.2.5 or later or | |
125 | Samba 3.0) but the CIFS vfs works fine with a wide variety of CIFS servers. | |
126 | Note that uid, gid and file permissions will display default values if you do | |
127 | not have a server that supports the Unix extensions for CIFS (such as Samba | |
128 | 2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add | |
129 | the line: | |
130 | ||
131 | unix extensions = yes | |
132 | ||
133 | to your smb.conf file on the server. Note that the following smb.conf settings | |
134 | are also useful (on the Samba server) when the majority of clients are Unix or | |
135 | Linux: | |
136 | ||
137 | case sensitive = yes | |
138 | delete readonly = yes | |
139 | ea support = yes | |
140 | ||
141 | Note that server ea support is required for supporting xattrs from the Linux | |
142 | cifs client, and that EA support is present in later versions of Samba (e.g. | |
143 | 3.0.6 and later (also EA support works in all versions of Windows, at least to | |
144 | shares on NTFS filesystems). Extended Attribute (xattr) support is an optional | |
145 | feature of most Linux filesystems which may require enabling via | |
146 | make menuconfig. Client support for extended attributes (user xattr) can be | |
147 | disabled on a per-mount basis by specifying "nouser_xattr" on mount. | |
148 | ||
149 | The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers | |
150 | version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and | |
151 | then POSIX support in the CIFS configuration options when building the cifs | |
152 | module. POSIX ACL support can be disabled on a per mount basic by specifying | |
153 | "noacl" on mount. | |
154 | ||
155 | Some administrators may want to change Samba's smb.conf "map archive" and | |
156 | "create mask" parameters from the default. Unless the create mask is changed | |
157 | newly created files can end up with an unnecessarily restrictive default mode, | |
158 | which may not be what you want, although if the CIFS Unix extensions are | |
159 | enabled on the server and client, subsequent setattr calls (e.g. chmod) can | |
160 | fix the mode. Note that creating special devices (mknod) remotely | |
161 | may require specifying a mkdev function to Samba if you are not using | |
162 | Samba 3.0.6 or later. For more information on these see the manual pages | |
163 | ("man smb.conf") on the Samba server system. Note that the cifs vfs, | |
164 | unlike the smbfs vfs, does not read the smb.conf on the client system | |
165 | (the few optional settings are passed in on mount via -o parameters instead). | |
166 | Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete | |
167 | open files (required for strict POSIX compliance). Windows Servers already | |
168 | supported this feature. Samba server does not allow symlinks that refer to files | |
169 | outside of the share, so in Samba versions prior to 3.0.6, most symlinks to | |
170 | files with absolute paths (ie beginning with slash) such as: | |
171 | ln -s /mnt/foo bar | |
172 | would be forbidden. Samba 3.0.6 server or later includes the ability to create | |
173 | such symlinks safely by converting unsafe symlinks (ie symlinks to server | |
174 | files that are outside of the share) to a samba specific format on the server | |
175 | that is ignored by local server applications and non-cifs clients and that will | |
176 | not be traversed by the Samba server). This is opaque to the Linux client | |
177 | application using the cifs vfs. Absolute symlinks will work to Samba 3.0.5 or | |
178 | later, but only for remote clients using the CIFS Unix extensions, and will | |
179 | be invisbile to Windows clients and typically will not affect local | |
180 | applications running on the same server as Samba. | |
181 | ||
182 | Use instructions: | |
183 | ================ | |
184 | Once the CIFS VFS support is built into the kernel or installed as a module | |
185 | (cifs.o), you can use mount syntax like the following to access Samba or Windows | |
186 | servers: | |
187 | ||
188 | mount -t cifs //9.53.216.11/e$ /mnt -o user=myname,pass=mypassword | |
189 | ||
190 | Before -o the option -v may be specified to make the mount.cifs | |
191 | mount helper display the mount steps more verbosely. | |
192 | After -o the following commonly used cifs vfs specific options | |
193 | are supported: | |
194 | ||
195 | user=<username> | |
196 | pass=<password> | |
197 | domain=<domain name> | |
198 | ||
199 | Other cifs mount options are described below. Use of TCP names (in addition to | |
200 | ip addresses) is available if the mount helper (mount.cifs) is installed. If | |
201 | you do not trust the server to which are mounted, or if you do not have | |
202 | cifs signing enabled (and the physical network is insecure), consider use | |
203 | of the standard mount options "noexec" and "nosuid" to reduce the risk of | |
204 | running an altered binary on your local system (downloaded from a hostile server | |
205 | or altered by a hostile router). | |
206 | ||
207 | Although mounting using format corresponding to the CIFS URL specification is | |
208 | not possible in mount.cifs yet, it is possible to use an alternate format | |
209 | for the server and sharename (which is somewhat similar to NFS style mount | |
210 | syntax) instead of the more widely used UNC format (i.e. \\server\share): | |
211 | mount -t cifs tcp_name_of_server:share_name /mnt -o user=myname,pass=mypasswd | |
212 | ||
213 | When using the mount helper mount.cifs, passwords may be specified via alternate | |
214 | mechanisms, instead of specifying it after -o using the normal "pass=" syntax | |
215 | on the command line: | |
216 | 1) By including it in a credential file. Specify credentials=filename as one | |
217 | of the mount options. Credential files contain two lines | |
218 | username=someuser | |
219 | password=your_password | |
220 | 2) By specifying the password in the PASSWD environment variable (similarly | |
221 | the user name can be taken from the USER environment variable). | |
222 | 3) By specifying the password in a file by name via PASSWD_FILE | |
223 | 4) By specifying the password in a file by file descriptor via PASSWD_FD | |
224 | ||
225 | If no password is provided, mount.cifs will prompt for password entry | |
226 | ||
227 | Restrictions | |
228 | ============ | |
1da177e4 | 229 | Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC |
cea21805 JL |
230 | 1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a |
231 | problem as most servers support this. | |
1da177e4 LT |
232 | |
233 | Valid filenames differ between Windows and Linux. Windows typically restricts | |
234 | filenames which contain certain reserved characters (e.g.the character : | |
235 | which is used to delimit the beginning of a stream name by Windows), while | |
236 | Linux allows a slightly wider set of valid characters in filenames. Windows | |
237 | servers can remap such characters when an explicit mapping is specified in | |
238 | the Server's registry. Samba starting with version 3.10 will allow such | |
239 | filenames (ie those which contain valid Linux characters, which normally | |
240 | would be forbidden for Windows/CIFS semantics) as long as the server is | |
241 | configured for Unix Extensions (and the client has not disabled | |
242 | /proc/fs/cifs/LinuxExtensionsEnabled). | |
243 | ||
244 | ||
245 | CIFS VFS Mount Options | |
246 | ====================== | |
247 | A partial list of the supported mount options follows: | |
248 | user The user name to use when trying to establish | |
249 | the CIFS session. | |
250 | password The user password. If the mount helper is | |
251 | installed, the user will be prompted for password | |
f6d09982 | 252 | if not supplied. |
1da177e4 LT |
253 | ip The ip address of the target server |
254 | unc The target server Universal Network Name (export) to | |
255 | mount. | |
256 | domain Set the SMB/CIFS workgroup name prepended to the | |
257 | username during CIFS session establishment | |
4523cc30 SF |
258 | uid Set the default uid for inodes. For mounts to servers |
259 | which do support the CIFS Unix extensions, such as a | |
260 | properly configured Samba server, the server provides | |
261 | the uid, gid and mode so this parameter should not be | |
262 | specified unless the server and clients uid and gid | |
263 | numbering differ. If the server and client are in the | |
264 | same domain (e.g. running winbind or nss_ldap) and | |
265 | the server supports the Unix Extensions then the uid | |
266 | and gid can be retrieved from the server (and uid | |
267 | and gid would not have to be specifed on the mount. | |
268 | For servers which do not support the CIFS Unix | |
269 | extensions, the default uid (and gid) returned on lookup | |
270 | of existing files will be the uid (gid) of the person | |
1da177e4 LT |
271 | who executed the mount (root, except when mount.cifs |
272 | is configured setuid for user mounts) unless the "uid=" | |
273 | (gid) mount option is specified. For the uid (gid) of newly | |
274 | created files and directories, ie files created since | |
275 | the last mount of the server share, the expected uid | |
cab00891 | 276 | (gid) is cached as long as the inode remains in |
1da177e4 LT |
277 | memory on the client. Also note that permission |
278 | checks (authorization checks) on accesses to a file occur | |
279 | at the server, but there are cases in which an administrator | |
280 | may want to restrict at the client as well. For those | |
281 | servers which do not report a uid/gid owner | |
282 | (such as Windows), permissions can also be checked at the | |
283 | client, and a crude form of client side permission checking | |
284 | can be enabled by specifying file_mode and dir_mode on | |
6473a559 SF |
285 | the client. Note that the mount.cifs helper must be |
286 | at version 1.10 or higher to support specifying the uid | |
f6d09982 | 287 | (or gid) in non-numeric form. |
4523cc30 | 288 | gid Set the default gid for inodes (similar to above). |
1da177e4 LT |
289 | file_mode If CIFS Unix extensions are not supported by the server |
290 | this overrides the default mode for file inodes. | |
291 | dir_mode If CIFS Unix extensions are not supported by the server | |
292 | this overrides the default mode for directory inodes. | |
293 | port attempt to contact the server on this tcp port, before | |
294 | trying the usual ports (port 445, then 139). | |
295 | iocharset Codepage used to convert local path names to and from | |
296 | Unicode. Unicode is used by default for network path | |
297 | names if the server supports it. If iocharset is | |
298 | not specified then the nls_default specified | |
299 | during the local client kernel build will be used. | |
300 | If server does not support Unicode, this parameter is | |
301 | unused. | |
75865f8c SF |
302 | rsize default read size (usually 16K). The client currently |
303 | can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize | |
304 | defaults to 16K and may be changed (from 8K to the maximum | |
305 | kmalloc size allowed by your kernel) at module install time | |
306 | for cifs.ko. Setting CIFSMaxBufSize to a very large value | |
307 | will cause cifs to use more memory and may reduce performance | |
308 | in some cases. To use rsize greater than 127K (the original | |
309 | cifs protocol maximum) also requires that the server support | |
310 | a new Unix Capability flag (for very large read) which some | |
311 | newer servers (e.g. Samba 3.0.26 or later) do. rsize can be | |
312 | set from a minimum of 2048 to a maximum of 130048 (127K or | |
313 | CIFSMaxBufSize, whichever is smaller) | |
314 | wsize default write size (default 57344) | |
315 | maximum wsize currently allowed by CIFS is 57344 (fourteen | |
316 | 4096 byte pages) | |
1da177e4 LT |
317 | rw mount the network share read-write (note that the |
318 | server may still consider the share read-only) | |
319 | ro mount network share read-only | |
320 | version used to distinguish different versions of the | |
321 | mount helper utility (not typically needed) | |
322 | sep if first mount option (after the -o), overrides | |
323 | the comma as the separator between the mount | |
324 | parms. e.g. | |
325 | -o user=myname,password=mypassword,domain=mydom | |
326 | could be passed instead with period as the separator by | |
327 | -o sep=.user=myname.password=mypassword.domain=mydom | |
328 | this might be useful when comma is contained within username | |
329 | or password or domain. This option is less important | |
330 | when the cifs mount helper cifs.mount (version 1.1 or later) | |
331 | is used. | |
332 | nosuid Do not allow remote executables with the suid bit | |
333 | program to be executed. This is only meaningful for mounts | |
334 | to servers such as Samba which support the CIFS Unix Extensions. | |
335 | If you do not trust the servers in your network (your mount | |
336 | targets) it is recommended that you specify this option for | |
337 | greater security. | |
338 | exec Permit execution of binaries on the mount. | |
339 | noexec Do not permit execution of binaries on the mount. | |
340 | dev Recognize block devices on the remote mount. | |
341 | nodev Do not recognize devices on the remote mount. | |
342 | suid Allow remote files on this mountpoint with suid enabled to | |
343 | be executed (default for mounts when executed as root, | |
344 | nosuid is default for user mounts). | |
345 | credentials Although ignored by the cifs kernel component, it is used by | |
346 | the mount helper, mount.cifs. When mount.cifs is installed it | |
347 | opens and reads the credential file specified in order | |
348 | to obtain the userid and password arguments which are passed to | |
349 | the cifs vfs. | |
350 | guest Although ignored by the kernel component, the mount.cifs | |
351 | mount helper will not prompt the user for a password | |
352 | if guest is specified on the mount options. If no | |
353 | password is specified a null password will be used. | |
354 | perm Client does permission checks (vfs_permission check of uid | |
355 | and gid of the file against the mode and desired operation), | |
356 | Note that this is in addition to the normal ACL check on the | |
357 | target machine done by the server software. | |
358 | Client permission checking is enabled by default. | |
359 | noperm Client does not do permission checks. This can expose | |
360 | files on this mount to access by other users on the local | |
361 | client system. It is typically only needed when the server | |
362 | supports the CIFS Unix Extensions but the UIDs/GIDs on the | |
363 | client and server system do not match closely enough to allow | |
6473a559 SF |
364 | access by the user doing the mount, but it may be useful with |
365 | non CIFS Unix Extension mounts for cases in which the default | |
366 | mode is specified on the mount but is not to be enforced on the | |
367 | client (e.g. perhaps when MultiUserMount is enabled) | |
1da177e4 LT |
368 | Note that this does not affect the normal ACL check on the |
369 | target machine done by the server software (of the server | |
370 | ACL against the user name provided at mount time). | |
7521a3c5 | 371 | serverino Use server's inode numbers instead of generating automatically |
1da177e4 LT |
372 | incrementing inode numbers on the client. Although this will |
373 | make it easier to spot hardlinked files (as they will have | |
374 | the same inode numbers) and inode numbers may be persistent, | |
375 | note that the server does not guarantee that the inode numbers | |
376 | are unique if multiple server side mounts are exported under a | |
377 | single share (since inode numbers on the servers might not | |
378 | be unique if multiple filesystems are mounted under the same | |
7521a3c5 SF |
379 | shared higher level directory). Note that some older |
380 | (e.g. pre-Windows 2000) do not support returning UniqueIDs | |
381 | or the CIFS Unix Extensions equivalent and for those | |
382 | this mount option will have no effect. Exporting cifs mounts | |
383 | under nfsd requires this mount option on the cifs mount. | |
1da177e4 LT |
384 | noserverino Client generates inode numbers (rather than using the actual one |
385 | from the server) by default. | |
386 | setuids If the CIFS Unix extensions are negotiated with the server | |
387 | the client will attempt to set the effective uid and gid of | |
388 | the local process on newly created files, directories, and | |
6473a559 SF |
389 | devices (create, mkdir, mknod). If the CIFS Unix Extensions |
390 | are not negotiated, for newly created files and directories | |
cab00891 | 391 | instead of using the default uid and gid specified on |
6473a559 SF |
392 | the mount, cache the new file's uid and gid locally which means |
393 | that the uid for the file can change when the inode is | |
394 | reloaded (or the user remounts the share). | |
1da177e4 LT |
395 | nosetuids The client will not attempt to set the uid and gid on |
396 | on newly created files, directories, and devices (create, | |
397 | mkdir, mknod) which will result in the server setting the | |
398 | uid and gid to the default (usually the server uid of the | |
67594feb | 399 | user who mounted the share). Letting the server (rather than |
6473a559 SF |
400 | the client) set the uid and gid is the default. If the CIFS |
401 | Unix Extensions are not negotiated then the uid and gid for | |
402 | new files will appear to be the uid (gid) of the mounter or the | |
403 | uid (gid) parameter specified on the mount. | |
1da177e4 LT |
404 | netbiosname When mounting to servers via port 139, specifies the RFC1001 |
405 | source name to use to represent the client netbios machine | |
406 | name when doing the RFC1001 netbios session initialize. | |
407 | direct Do not do inode data caching on files opened on this mount. | |
408 | This precludes mmaping files on this mount. In some cases | |
409 | with fast networks and little or no caching benefits on the | |
410 | client (e.g. when the application is doing large sequential | |
411 | reads bigger than page size without rereading the same data) | |
412 | this can provide better performance than the default | |
67594feb | 413 | behavior which caches reads (readahead) and writes |
1da177e4 LT |
414 | (writebehind) through the local Linux client pagecache |
415 | if oplock (caching token) is granted and held. Note that | |
416 | direct allows write operations larger than page size | |
417 | to be sent to the server. | |
418 | acl Allow setfacl and getfacl to manage posix ACLs if server | |
419 | supports them. (default) | |
420 | noacl Do not allow setfacl and getfacl calls on this mount | |
f6d09982 SF |
421 | user_xattr Allow getting and setting user xattrs (those attributes whose |
422 | name begins with "user." or "os2.") as OS/2 EAs (extended | |
423 | attributes) to the server. This allows support of the | |
424 | setfattr and getfattr utilities. (default) | |
ea4c07d7 | 425 | nouser_xattr Do not allow getfattr/setfattr to get/set/list xattrs |
737b758c SF |
426 | mapchars Translate six of the seven reserved characters (not backslash) |
427 | *?<>|: | |
6a0b4824 SF |
428 | to the remap range (above 0xF000), which also |
429 | allows the CIFS client to recognize files created with | |
430 | such characters by Windows's POSIX emulation. This can | |
431 | also be useful when mounting to most versions of Samba | |
432 | (which also forbids creating and opening files | |
433 | whose names contain any of these seven characters). | |
434 | This has no effect if the server does not support | |
435 | Unicode on the wire. | |
436 | nomapchars Do not translate any of these seven characters (default). | |
c46fa8ac SF |
437 | nocase Request case insensitive path name matching (case |
438 | sensitive is the default if the server suports it). | |
f6d09982 | 439 | (mount option "ignorecase" is identical to "nocase") |
82940a46 SF |
440 | posixpaths If CIFS Unix extensions are supported, attempt to |
441 | negotiate posix path name support which allows certain | |
442 | characters forbidden in typical CIFS filenames, without | |
443 | requiring remapping. (default) | |
444 | noposixpaths If CIFS Unix extensions are supported, do not request | |
445 | posix path name support (this may cause servers to | |
446 | reject creatingfile with certain reserved characters). | |
a403a0a3 SF |
447 | nounix Disable the CIFS Unix Extensions for this mount (tree |
448 | connection). This is rarely needed, but it may be useful | |
449 | in order to turn off multiple settings all at once (ie | |
450 | posix acls, posix locks, posix paths, symlink support | |
451 | and retrieving uids/gids/mode from the server) or to | |
452 | work around a bug in server which implement the Unix | |
453 | Extensions. | |
c46fa8ac SF |
454 | nobrl Do not send byte range lock requests to the server. |
455 | This is necessary for certain applications that break | |
456 | with cifs style mandatory byte range locks (and most | |
457 | cifs servers do not yet support requesting advisory | |
458 | byte range locks). | |
0cb766ae SF |
459 | remount remount the share (often used to change from ro to rw mounts |
460 | or vice versa) | |
cea21805 JL |
461 | cifsacl Report mode bits (e.g. on stat) based on the Windows ACL for |
462 | the file. (EXPERIMENTAL) | |
5e6e6232 CG |
463 | servern Specify the server 's netbios name (RFC1001 name) to use |
464 | when attempting to setup a session to the server. This is | |
465 | This is needed for mounting to some older servers (such | |
466 | as OS/2 or Windows 98 and Windows ME) since they do not | |
467 | support a default server name. A server name can be up | |
468 | to 15 characters long and is usually uppercased. | |
6473a559 SF |
469 | sfu When the CIFS Unix Extensions are not negotiated, attempt to |
470 | create device files and fifos in a format compatible with | |
471 | Services for Unix (SFU). In addition retrieve bits 10-12 | |
472 | of the mode via the SETFILEBITS extended attribute (as | |
cab00891 | 473 | SFU does). In the future the bottom 9 bits of the |
6473a559 SF |
474 | mode also will be emulated using queries of the security |
475 | descriptor (ACL). | |
750d1151 SF |
476 | sign Must use packet signing (helps avoid unwanted data modification |
477 | by intermediate systems in the route). Note that signing | |
478 | does not work with lanman or plaintext authentication. | |
479 | sec Security mode. Allowed values are: | |
bf820679 SF |
480 | none attempt to connection as a null user (no name) |
481 | krb5 Use Kerberos version 5 authentication | |
482 | krb5i Use Kerberos authentication and packet signing | |
483 | ntlm Use NTLM password hashing (default) | |
484 | ntlmi Use NTLM password hashing with signing (if | |
485 | /proc/fs/cifs/PacketSigningEnabled on or if | |
486 | server requires signing also can be the default) | |
487 | ntlmv2 Use NTLMv2 password hashing | |
488 | ntlmv2i Use NTLMv2 password hashing with packet signing | |
189acaae SF |
489 | lanman (if configured in kernel config) use older |
490 | lanman hash | |
f6d09982 SF |
491 | hard Retry file operations if server is not responding |
492 | soft Limit retries to unresponsive servers (usually only | |
493 | one retry) before returning an error. (default) | |
bf820679 | 494 | |
1da177e4 LT |
495 | The mount.cifs mount helper also accepts a few mount options before -o |
496 | including: | |
497 | ||
498 | -S take password from stdin (equivalent to setting the environment | |
499 | variable "PASSWD_FD=0" | |
500 | -V print mount.cifs version | |
501 | -? display simple usage information | |
502 | ||
8426c39c | 503 | With most 2.6 kernel versions of modutils, the version of the cifs kernel |
1da177e4 LT |
504 | module can be displayed via modinfo. |
505 | ||
506 | Misc /proc/fs/cifs Flags and Debug Info | |
507 | ======================================= | |
508 | Informational pseudo-files: | |
509 | DebugData Displays information about active CIFS sessions | |
09d1db5c | 510 | and shares, as well as the cifs.ko version. |
1da177e4 LT |
511 | Stats Lists summary resource usage information as well as per |
512 | share statistics, if CONFIG_CIFS_STATS in enabled | |
513 | in the kernel configuration. | |
514 | ||
515 | Configuration pseudo-files: | |
516 | MultiuserMount If set to one, more than one CIFS session to | |
517 | the same server ip address can be established | |
518 | if more than one uid accesses the same mount | |
519 | point and if the uids user/password mapping | |
520 | information is available. (default is 0) | |
521 | PacketSigningEnabled If set to one, cifs packet signing is enabled | |
522 | and will be used if the server requires | |
523 | it. If set to two, cifs packet signing is | |
524 | required even if the server considers packet | |
525 | signing optional. (default 1) | |
254e55ed SF |
526 | SecurityFlags Flags which control security negotiation and |
527 | also packet signing. Authentication (may/must) | |
528 | flags (e.g. for NTLM and/or NTLMv2) may be combined with | |
529 | the signing flags. Specifying two different password | |
530 | hashing mechanisms (as "must use") on the other hand | |
531 | does not make much sense. Default flags are | |
532 | 0x07007 | |
533 | (NTLM, NTLMv2 and packet signing allowed). Maximum | |
534 | allowable flags if you want to allow mounts to servers | |
535 | using weaker password hashes is 0x37037 (lanman, | |
536 | plaintext, ntlm, ntlmv2, signing allowed): | |
537 | ||
538 | may use packet signing 0x00001 | |
539 | must use packet signing 0x01001 | |
540 | may use NTLM (most common password hash) 0x00002 | |
541 | must use NTLM 0x02002 | |
542 | may use NTLMv2 0x00004 | |
543 | must use NTLMv2 0x04004 | |
f6d09982 SF |
544 | may use Kerberos security 0x00008 |
545 | must use Kerberos 0x08008 | |
254e55ed SF |
546 | may use lanman (weak) password hash 0x00010 |
547 | must use lanman password hash 0x10010 | |
548 | may use plaintext passwords 0x00020 | |
549 | must use plaintext passwords 0x20020 | |
550 | (reserved for future packet encryption) 0x00040 | |
551 | ||
8426c39c JL |
552 | cifsFYI If set to non-zero value, additional debug information |
553 | will be logged to the system error log. This field | |
554 | contains three flags controlling different classes of | |
555 | debugging entries. The maximum value it can be set | |
556 | to is 7 which enables all debugging points (default 0). | |
557 | Some debugging statements are not compiled into the | |
558 | cifs kernel unless CONFIG_CIFS_DEBUG2 is enabled in the | |
559 | kernel configuration. cifsFYI may be set to one or | |
560 | nore of the following flags (7 sets them all): | |
561 | ||
562 | log cifs informational messages 0x01 | |
563 | log return codes from cifs entry points 0x02 | |
0ec54aa8 SF |
564 | log slow responses (ie which take longer than 1 second) |
565 | CONFIG_CIFS_STATS2 must be enabled in .config 0x04 | |
8426c39c JL |
566 | |
567 | ||
1da177e4 LT |
568 | traceSMB If set to one, debug information is logged to the |
569 | system error log with the start of smb requests | |
570 | and responses (default 0) | |
571 | LookupCacheEnable If set to one, inode information is kept cached | |
572 | for one second improving performance of lookups | |
573 | (default 1) | |
574 | OplockEnabled If set to one, safe distributed caching enabled. | |
575 | (default 1) | |
576 | LinuxExtensionsEnabled If set to one then the client will attempt to | |
577 | use the CIFS "UNIX" extensions which are optional | |
578 | protocol enhancements that allow CIFS servers | |
579 | to return accurate UID/GID information as well | |
580 | as support symbolic links. If you use servers | |
581 | such as Samba that support the CIFS Unix | |
582 | extensions but do not want to use symbolic link | |
583 | support and want to map the uid and gid fields | |
584 | to values supplied at mount (rather than the | |
585 | actual values, then set this to zero. (default 1) | |
60808233 SF |
586 | Experimental When set to 1 used to enable certain experimental |
587 | features (currently enables multipage writes | |
588 | when signing is enabled, the multipage write | |
589 | performance enhancement was disabled when | |
590 | signing turned on in case buffer was modified | |
591 | just before it was sent, also this flag will | |
cea21805 JL |
592 | be used to use the new experimental directory change |
593 | notification code). | |
1da177e4 LT |
594 | |
595 | These experimental features and tracing can be enabled by changing flags in | |
596 | /proc/fs/cifs (after the cifs module has been installed or built into the | |
597 | kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable | |
598 | tracing to the kernel message log type: | |
599 | ||
1047abc1 | 600 | echo 7 > /proc/fs/cifs/cifsFYI |
1da177e4 | 601 | |
1047abc1 SF |
602 | cifsFYI functions as a bit mask. Setting it to 1 enables additional kernel |
603 | logging of various informational messages. 2 enables logging of non-zero | |
604 | SMB return codes while 4 enables logging of requests that take longer | |
605 | than one second to complete (except for byte range lock requests). | |
606 | Setting it to 4 requires defining CONFIG_CIFS_STATS2 manually in the | |
607 | source code (typically by setting it in the beginning of cifsglob.h), | |
608 | and setting it to seven enables all three. Finally, tracing | |
609 | the start of smb requests and responses can be enabled via: | |
1da177e4 LT |
610 | |
611 | echo 1 > /proc/fs/cifs/traceSMB | |
612 | ||
75865f8c SF |
613 | Two other experimental features are under development. To test these |
614 | requires enabling CONFIG_CIFS_EXPERIMENTAL | |
1da177e4 | 615 | |
cea21805 JL |
616 | cifsacl support needed to retrieve approximated mode bits based on |
617 | the contents on the CIFS ACL. | |
1da177e4 LT |
618 | |
619 | DNOTIFY fcntl: needed for support of directory change | |
620 | notification and perhaps later for file leases) | |
621 | ||
622 | Per share (per client mount) statistics are available in /proc/fs/cifs/Stats | |
623 | if the kernel was configured with cifs statistics enabled. The statistics | |
624 | represent the number of successful (ie non-zero return code from the server) | |
625 | SMB responses to some of the more common commands (open, delete, mkdir etc.). | |
626 | Also recorded is the total bytes read and bytes written to the server for | |
627 | that share. Note that due to client caching effects this can be less than the | |
628 | number of bytes read and written by the application running on the client. | |
629 | The statistics for the number of total SMBs and oplock breaks are different in | |
630 | that they represent all for that share, not just those for which the server | |
631 | returned success. | |
632 | ||
633 | Also note that "cat /proc/fs/cifs/DebugData" will display information about | |
cea21805 | 634 | the active sessions and the shares that are mounted. |
f6d09982 SF |
635 | Enabling Kerberos (extended security) works when CONFIG_CIFS_EXPERIMENTAL is |
636 | on but requires a user space helper (from the Samba project). NTLM and NTLMv2 and | |
637 | LANMAN support do not require this helper. |