A share makes a directory accessible to SMB clients on the network. Each share is
identified by a name. An SMB client sees only the share name, not the server's path to
the shared directory.
A share and a directory are independent entities. Removing a share does not affect
the underlying directory.
Shares are commonly used to provide network access to home directories on a network
file server. Each user is assigned a home directory. A share is persistent and remains
defined regardless of whether users are connected to the server.
The SMB server provides a special kind of share called an autohome SMB share. An
share is a transient share of a user's home directory that is
created when a user logs in and removed when the user logs out.
When a user browses the system, only statically defined shares and the user's autohome
share will be listed.
Use the zfs set and zfs share commands to set share properties that modify the attributes and behavior of an SMB share. For information about the zfs set and zfs share commands, see the zfs(8) man page.
For complete descriptions of the following properties, see the share_smb(8) and zfs_share(8) man pages. The two types of share properties are global and protocol-specific.
The global share properties include the following:
– Specifies an optional description of the share
– Specifies the mount point of the share
The protocol-specific share properties for the SMB protocol include the
– Enables or disables access-based enumeration for a share
– Specifies the name of an AD container in which to publish a share
– Specifies whether to perform CATIA character substitution
– Enables or disables continuous availability to a share
csc – Sets the client-side caching policy
– Enables or disables DFS root support on a share
encrypt – Configures SMB encryption at the share level
– Enables or disables guest access to a share
none, ro, rw
– Sets host-based access rules for a share
– Specifies the share-level oplocks configuration for the share
bypasstraverse – Specifies whether to bypass
traverse checking for the share
The SMB server provides a per-share configuration property to support
client-side caching for offline files. Although the SMB server enables you to
configure this feature, only the client manages client-side caching and access to
offline files. You can use the zfs command to configure this
feature by setting the csc property for a share.
Valid values for the csc property are:
manual– Permits clients to cache files
from the specified share for offline use as requested by users. However,
automatic file-by-file reintegration is not permitted.
manual is the default value.
auto– Permits clients to automatically
cache files from the specified share for offline use, and permits
vdo– Permits clients to automatically
cache files from the specified share for offline use, permits file-by-file
reintegration, and permits clients to work from their local cache even while
disabled– Disables client-side caching for
the specified share.
SMB Share Access Control
The SMB server uses the following access-control mechanisms to limit access to
data shared by using SMB:
Host-based access control
limits access to shares based on which client system is making the
Share ACLs limit user and group access
File and directory ACLs limit user and
group access to individual files and directories.
Host-based access control is applied first and grants or denies access to the
client system. If the client system is granted access, the share ACL is then applied
to grant or deny access to the user. Finally, the individual file and directory ACLs
are consulted. You can access the data shared by using SMB only if all three access
control mechanisms allow the access.
Shares are always created with the default share ACL and, unless otherwise
specified when the share is created, default host-based access control. You can
apply non-default share ACLs to the share after the share is created.
Host-Based Access Control to SMB Shares
Host-based access control enables you to limit the access of a host or group
of hosts to an SMB share. This host-based access control is enforced only for
SMB access, not for local access or access through other protocols. By default,
all hosts have full access to a share. The SMB server enforces host-based
access control each time a client requests a connection to a share.
You can use the zfs set and share
commands to specify host-based access control on a share. For more information,
see How to Restrict Client Host Access to an SMB Share (zfs). For more information about
share command, see the share(8) man page. For more information about
zfs command, see the zfs(8) man page. For more information about SMB shares, see
the share_smb(8) man page. For information about the available
options for sharing ZFS file system, see the zfs_share(8) man page.
Access Control Lists on SMB Shares
An ACL on a ZFS share provides the same level of access control as a Windows
ACL does for its shares. Each share can have an ACL that includes entries to
specify which types of access are allowed or denied to users and groups. Like
host-based access control, this mechanism is a share-level form of access
control and does not apply to local file access.
Although a ZFS file system is used to store a share's ACL, the access control
is enforced by the SMB server each time a client requests a connection to a
share. Access control lists are enforced only for SMB access, not for local
access or access through other protocols. The default ACL setting permits full
access to everyone.
You cannot specify an ACL on an autohome share.
Autohome shares are created at runtime with a predefined, unmodifiable ACL
that grants full control to the owner. Only the autohome share owner can
access the share.
SMB Autohome Shares
The autohome share feature eliminates the administrative task of defining and
maintaining home directory shares for each user that accesses the system through the
SMB protocol. The system creates autohome shares when a user logs in, and removes
them when the user logs out. This process reduces the administrative effort needed
to maintain user accounts, and increases the efficiency of service resources.
For example, if /home is a home directory that contains
subdirectories for users auser and buser, you
can manually define the shares as follows:
However, defining and maintaining directory shares in this way for each user is
inconvenient. Instead, you can use the autohome feature.
To configure the autohome feature, you need to specify autohome share rules. For
example, if a user's home directory is /fort/buser, the
autohome path is /fort. The temporary share is named
buser. Note that the user's home directory name must be the
same as the user's login name. See How to Create a Specific Autohome Share Rule.
When a user logs in, the SMB server looks for a subdirectory that matches the
user's name based on any rules that have been specified. If the server finds a match
and if that share does not already exist, the subdirectory is added as a transient
share. When the user logs out, the server removes that transient share.
Some Windows clients log a user out after 15 minutes of inactivity, which results
in the autohome share disappearing from the list of defined shares. This behavior is
expected for SMB autohome shares. Even after an SMB autohome share is removed,
the share reappears when the user attempts to access the system (for example, in an
If you are using autohome share, you cannot allow other users to access files
in your home directory. All autohome shares are removed when the SMB server is
SMB Autohome Entries
The SMB server can automatically share home directories when an SMB client
connects. The autohome map file, /etc/smbautohome, uses the
search options and rules to determine whether to share a home directory when an
SMB client connects to the server.
For example, the following entries specify the autohome rules for a particular