test

Solaris CIFS Administration Guide

Managing CIFS Mounts in the Global Environment (Task Map)

The following table points to the tasks that superuser can perform to manage CIFS mounts.

Task 

Description 

For Instructions 

Mount a share on a public mount point, such as one in the root file system, so that many users can access the share. 

Some shares include files and directories that many people on a system might want to access, such as a global set of files or programs. In such cases, instead of each user mounting the share in his own directory, the system administrator can mount the share in a public place so that all users can access the share from the same location. 

How to Mount a Multiuser CIFS Share

Customize the global environment by using the sharectl command to set Solaris CIFS properties.

User-specified properties override global properties with the exception of security settings. 

How to Customize the Global Solaris CIFS Environment

View the global Solaris CIFS property settings by using the sharectl command.

If one property is set with different values in each section, all values are shown. 

How to View the Global Solaris CIFS Environment Property Settings

Add a CIFS share to an automounter map. 

Use this procedure if you want a CIFS share to be automatically mounted at boot time. 

How to Add an Automounter Entry for a CIFS Share

Delete all persistent passwords. 

Use this procedure if you want to clear all persistent passwords. 

How to Delete All CIFS Persistent Passwords

ProcedureHow to Mount a Multiuser CIFS Share

If you want to make a share available to one or more users on a system, you can mount the share on a mount point anywhere on the system. When you mount a share as superuser, you do not need to own the mount point.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Verify that the network/smb/client service is enabled.


    # svcs network/smb/client
STATE          STIME    FMRI
online         19:24:36 svc:/network/smb/client:default

    This service is enabled by default, so the usual state for the service is online. To enable the service, type the following command:


    # svcadm enable network/smb/client

  3. Find the share that you want to mount from a server.


    # smbutil view //server

  4. Specify the password at the prompt.

  5. Determine the mount point that you want to use.

    For example, you decide to mount shares on the /sales-tools mount point.

  6. Perform the mount.


    # mount -F smbfs //[workgroup;][user[:password]@]server/share mount-point

    For example, to mount the /tmp share from the solarsystem server on the /sales-tools mount point, type:


    # mount -F smbfs //solarsystem/tmp /sales-tools

ProcedureHow to Customize the Global Solaris CIFS Environment

You can customize the global Solaris CIFS environment by using the sharectl(1M) command. With the exception of the minauth property, globally set properties can be overridden by a value set in user's .nsmbrc file. The most secure value of the minauth property takes precedence over a less secure value set by the user or set in the global environment.

  1. Become superuser, assume an equivalent role, or use the “SMBFS Management” RBAC profile, which is part of the “File System Management” profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Determine which properties you want to set.

    For a description of the properties, see the nsmbrc(4) man page.

  3. Set a property value for the global Solaris CIFS environment.


    # sharectl set [-h] [-p property=value] … smbfs

    For example, to specify a default workgroup name of SALES for the default section, type:


    # sharectl set -p section=default -p workgroup=SALES smbfs

ProcedureHow to View the Global Solaris CIFS Environment Property Settings

You can view the global Solaris CIFS environment property settings by using the sharectl(1M) command.

If you set a value for the same property in more than one section, the sharectl get output includes the section name, property name, and value.

  1. Determine which properties you want to view.

    For a description of the properties, see the nsmbrc(4) man page.

    • To view the value for a specific property, type:


      $ sharectl get [-p property] … smbfs

      For example, to view the values for the timeout property, type:


      $ sharectl get -p timeout smbfs
[SALES] timeout=5
[default] timeout=10

    • To view all of the property settings, type:


      $ sharectl get smbfs
[SALES]
password=$$178465324253e0c07
timeout=5

[default]
timeout=10

ProcedureHow to Add an Automounter Entry for a CIFS Share

You can add a CIFS share to an automount map, such as the /etc/auto_direct file, so that the share will be automatically mounted when a user accesses the mount point. You cannot add these automount entries to the /etc/auto_master file.

To successfully use the automount feature, you must store a persistent password for authentication to mount the share. See How to Store a CIFS Persistent Password.

Caution – Caution –

When a user mounts a remote CIFS share by using smbfs, all accesses through that mount, even by other users, are as the user who established the mount.

For shares that will only be used by the owner, you should restrict access to the share by using the dirperms mount option to ensure that only the owner can access the share.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Edit the /etc/auto_master file to refer to the automount map.

    For example, to add automount entries to the /etc/auto_direct file, add the following line to the /etc/auto_master file:

    /-	auto_direct

  3. Edit the automount map to add the mapping.

    The following examples show the changes to the automount map, in this example the /etc/auto_direct file, to configure automount maps.

    • To configure a private automount (a share that will only be accessed by the owner) of the //solarsystem/test share on the /sam-test mount point, create the following entry in the /etc/auto_direct file:

      /sam-test -fstype=smbfs,dirperms=0700,uid=sam //solarsystem/test

      The dirperms=0700 mount option ensures that only the owner can access the share. The uid=sam mount option ensures that the share root and everything in the share is owned by user sam.

    • To configure a public automount of the //solarsystem/public share on the /PUBLIC mount point, create the following entry in the /etc/auto_direct file:

      /PUBLIC -fstype=smbfs //solarsystem/public

      The dirperms=0555 mount option ensures that everyone has read and execute access to the share.

    • To configure a public automount of a share and to specify the password to be used for authentication, create the following entry in the /etc/auto_direct file:

      /PUBLIC -fstype=smbfs //guest:guest@solarsystem/public

      This entry specifies that all access to the //solarsystem/public share is done as the user guest and uses the specified password, which in this example is guest. The dirperms=0777 mount option ensures that everyone has read, write, and execute access to the share.

    • To configure a public automount of a share that can be accessed anonymously, which does not require a password, specify the noprompt option:

      /PUBLIC -noprompt,fstype=smbfs //solarsystem/public

      The noprompt mount option suppresses the prompting for a password when mounting the share. The dirperms=0555 mount option ensures that everyone has read and execute access to the share.

  4. Run the automount command to read the /etc/auto_master file.


    # automount

  5. Access the automounted share.

    The share is automounted when a user accesses the mounted share, such as by using the ls or cd command.


    $ ls /PUBLIC
bin docs

    After the CIFS share is mounted, a user can use regular Solaris commands to access the files. Automounted shares are automatically unmounted after a period of inactivity.

ProcedureHow to Delete All CIFS Persistent Passwords

Use this procedure to delete all of the persistent passwords that are used to authenticate CIFS transactions.

If you only want to delete the persistent passwords for a particular user, see How to Delete a CIFS Persistent Password.

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Delete all of the persistent passwords.


    # smbutil logoutall

    After the persistent passwords are deleted, each time a user performs a transaction with a CIFS server, he is prompted for his password.