You can add, view, and update SMB shares. A directory must exist before it can be shared. For more information about SMB shares, see SMB Shares.
The Oracle Solaris 11 OS introduced a new method for sharing and managing SMB and NFS shares. The zfs command has been enhanced to manage shares and share properties on Oracle Solaris ZFS file systems. The zfs command supports SMB and NFS sharing by means of the share, share.smb, and share.nfs properties. For information about Oracle Solaris 11 command syntax, see Sharing and Unsharing ZFS File Systems in Managing ZFS File Systems in Oracle Solaris 11.3.
The legacy sharemgr command is no longer available to manage SMB shares. Instead, use the enhanced zfs, share, and unshare commands. Also, the automatic sharing of SMB and NFS shares is managed by SMF rather than by the legacy /etc/dfs/dfstab file, which has been removed.
You can continue to use the legacy file-sharing method to manage shares on file servers that run previous versions of the Oracle Solaris OS. For information about the differences between the new and legacy file-sharing methods, see Sharing and Unsharing ZFS File Systems in Managing ZFS File Systems in Oracle Solaris 11.3.
The following table points to the tasks that you can use to manage SMB shares.
|
The SMB protocol assumes mandatory locking, but UNIX traditionally uses advisory locking. The Oracle Solaris OS can be configured to use mandatory locking on a per mount basis by using the non-blocking mandatory locking (nbmand) mount option.
When set, the nbmand mount option enforces mandatory cross-protocol share reservations and byte-range locking.
When the nbmand mount option is set, the SMB server enforces mandatory share reservations and byte-range locking internally for all SMB clients. If the nbmand mount option is not set, there is limited coordination with NFS and local processes.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
When using the ZFS file system, you can also set the nbmand option when the file system is created so that the file system uses nbmand automatically:
# zfs create -o nbmand=on pool/dataset
The following example combines the nbmand option with the mixed-case sensitivity option:
# zfs create -o casesensitivity=mixed -o nbmand=on -o mountpoint=mntpt ztank/myfs
# zfs set nbmand=on pool/dataset
For example, the following command sets the nbmand option for the ztank/myfs file system:
# zfs set nbmand=on ztank/myfs
When you are using SMB, create a mixed-mode ZFS file system, which is the default. If you have both NFS and SMB clients using a mixture of different character sets on the same file system, you might also want to set the utf8only property and consider specifying the charset=access-list NFS share property.
The share.smb property can be set to on or off. Specifying share.smb=on during dataset creation shares the dataset with the default share properties.
This procedure describes how to use the ZFS file system's share property to create ZFS shares on the SMB server.
You can also use the share command to create shares on various file system types. See the share(1M) man page.
To create an autohome share, you must have defined autohome rules. For more information, see How to Create a Specific Autohome Share Rule.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
By default, ZFS file systems enable mixed-case mode.
# zpool create pool vdev # zfs create -o nbmand=on pool/dataset
A share name can include any alphanumeric characters, but not the characters listed here:
" / \ [ ] : | + ; , ? * =
To enable SMB sharing on the dataset, set the share.smb property to on.
# zfs set share.smb=on pool/dataset
To enable SMB sharing on individual named shares, first set share.smb=off on the dataset and then set share.smb=on on the individual shares.
# zfs share -o share.smb=on pool/dataset%share-name
Use the zfs command to set share properties. See the zfs(1M) man page.
Share properties are stored as ZFS dataset properties, and the share ACL for each share is stored in the .zfs/shares directory of the dataset.
Use the ls command to show the share-level ACLs on these entries. Use the chmod command to modify the share-level ACLs on the entries in this directory. See the ls(1) and chmod(1) man pages.
For example, create the dataset and share:
# zfs create -o mountpoint=/users tank/users # zfs share -o share.smb=on tank/users%ushare
For more information about SMB share properties, see SMB Share Properties, and the share_smb(1M), share(1M), and zfs(1M) man pages.
# zfs get share.smb.all tank/admins%ashare NAME PROPERTY VALUE SOURCE tank/admins%ashare share.smb.abe off default tank/admins%ashare share.smb.ad-container default tank/admins%ashare share.smb.catia off default tank/admins%ashare share.smb.csc auto local tank/admins%ashare share.smb.dfsroot off default tank/admins%ashare share.smb.guestok on local tank/admins%ashare share.smb.none default tank/admins%ashare share.smb.ro default tank/admins%ashare share.smb.rw default
# share IPC$ smb - Remote IPC ashare /admins smb csc=auto,guestok=true
# cat /etc/dfs/sharetab - IPC$ smb - Remote IPC /admins ashare smb guestok,csc=auto
The following command creates a new share with the client-side caching policy set to auto:
# zfs create -o mountpoint=/admins tank/admins # zfs share -o share.smb=on -o share.smb.csc=auto tank/admins%ashare
You can also add properties to existing shares. The following command sets the guest access policy of the share that was created by the previous command to true:
# zfs set share.smb.guestok=on tank/admins%ashareExample 9 Inherited SMB Sharing for ZFS File Systems in a Pool
For information about ZFS share property inheritance, see Sharing and Unsharing ZFS File Systems in Managing ZFS File Systems in Oracle Solaris 11.3.
The following commands create a pool and enable SMB sharing for that pool. When you create the ZFS file systems in that pool, the file systems inherit SMB sharing.
# zfs create rpool/admins/user1 # zfs create rpool/admins/user2 # zfs set share.smb=on rpool/admins # zfs get -r share.smb rpool/admins NAME PROPERTY VALUE SOURCE rpool/admins share.smb on local rpool/admins% share.smb on inherited from rpool/admins rpool/admins/user1 share.smb on inherited from rpool/admins rpool/admins/user1% share.smb on inherited from rpool/admins rpool/admins/user2 share.smb on inherited from rpool/admins rpool/admins/user2% share.smb on inherited from rpool/admins # zfs set share.smb=off rpool/admins/user2 # zfs get -r share.smb rpool/admins NAME PROPERTY VALUE SOURCE rpool/admins share.smb on local rpool/admins% share.smb on inherited from rpool/admins rpool/admins/user1 share.smb on inherited from rpool/admins rpool/admins/user1% share.smb on inherited from rpool/admins rpool/admins/user2 share.smb off localExample 10 SMB Sharing for a ZFS File System
The following commands create a ZFS pool and a mixed-case file system that supports cross-protocol locking and SMB sharing:
# zpool create system1 c0t3d0 # zfs create -o share.smb=on -o nbmand=on system1/fs1
In this example, the share name system1_fs1 is based on the dataset mount point system1/fs1.
The zfs get -r share.smb command lists all shares that are defined on a mounted file system.
# zfs get -r share.smb system1/fs1 NAME PROPERTY VALUE SOURCE system1/fs1 share.smb on local system1/fs1% share.smb on inherited from system1/fs1
You can also view the list of active shares on the system from the /etc/dfs/sharetab file.
The zfs get command shows a subset of the share properties:
# zfs get share.smb.all system1/fs1% NAME PROPERTY VALUE SOURCE system1/fs1% share.smb.abe off default system1/fs1% share.smb.ad-container default system1/fs1% share.smb.catia off default system1/fs1% share.smb.csc default system1/fs1% share.smb.dfsroot off default system1/fs1% share.smb.guestok off default system1/fs1% share.smb.none default system1/fs1% share.smb.ro default system1/fs1% share.smb.rw default
To view the local and inherited share properties, use the following command:
# zfs get -rs local,inherited -e share.smb.all system1 NAME PROPERTY VALUE SOURCE system1/fs1 share.smb.guestok on local system1/fs1% share.smb.guestok on inherited from system1/fs1 system1/fs2 share.smb.guestok on local system1/fs2 share.smb.ro otherhost local system1/fs2 share.smb.rw myhost local system1/fs2%myshare share.smb.guestok on inherited from system1/fs2 system1/fs2%myshare share.smb.ro otherhost inherited from system1/fs2 system1/fs2%myshare share.smb.rw myhost inherited from system1/fs2
To view all the share properties, use the following command:
# zfs get share.all system1/fs1% NAME PROPERTY VALUE SOURCE system1/fs1% share.desc default system1/fs1% share.name system1_fs1 - system1/fs1% share.nfs off default system1/fs1% share.nfs.* ... default system1/fs1% share.path default system1/fs1% share.point /system1/fs1 - system1/fs1% share.protocols smb inherited from system1/fs1 system1/fs1% share.smb on inherited from system1/fs1 system1/fs1% share.smb.* ... default system1/fs1% share.state shared -
A property value of ... can be expanded further by using the .all keyword. For example, you can view the share.smb.* properties by using the following command:
# zfs get share.smb.all system1/fs1% NAME PROPERTY VALUE SOURCE system1/fs1% share.smb.abe off default system1/fs1% share.smb.ad-container default system1/fs1% share.smb.catia off default system1/fs1% share.smb.csc default system1/fs1% share.smb.dfsroot off default system1/fs1% share.smb.guestok off default system1/fs1% share.smb.none default system1/fs1% share.smb.ro default system1/fs1% share.smb.rw default
You can also view both the global share properties and the SMB properties by using the following command:
# zfs get share.all,share.smb.all system1/fs1% NAME PROPERTY VALUE SOURCE system1/fs1% share.desc default system1/fs1% share.name system1_fs1 - system1/fs1% share.nfs off default system1/fs1% share.nfs.* ... default system1/fs1% share.path default system1/fs1% share.point /system1/fs1 - system1/fs1% share.protocols smb inherited from system1/fs1 system1/fs1% share.smb on inherited from system1/fs1 system1/fs1% share.smb.* ... default system1/fs1% share.state shared - system1/fs1% share.smb.abe off default system1/fs1% share.smb.ad-container default system1/fs1% share.smb.catia off default system1/fs1% share.smb.csc default system1/fs1% share.smb.dfsroot off default system1/fs1% share.smb.guestok off default system1/fs1% share.smb.none default system1/fs1% share.smb.ro default system1/fs1% share.smb.rw default
The following commands create another file system in the system1 pool called fs2, associate the file system with the myshare share name, and enable SMB sharing:
# zfs create -o nbmand=on system1/fs2 # zfs share -o share.smb=on system1/fs2%myshare
You can use the zfs get command to view the share.smb and share property values for the system1 pool.
# zfs get -r share.smb.all system1 NAME PROPERTY VALUE SOURCE system1 share.smb off default system1/fs1 share.smb on local system1/fs1% share.smb on inherited from system1/fs1 system1/fs2 share.smb off default system1/fs2%myshare share.smb on local # zfs get -r share.smb.all system1 NAME PROPERTY VALUE SOURCE system1 share.smb.abe off default system1 share.smb.ad-container default system1 share.smb.catia off default system1 share.smb.csc default system1 share.smb.guestok off default system1 share.smb.none default system1 share.smb.ro default system1 share.smb.rw default system1/fs1 share.smb.abe off default system1/fs1 share.smb.ad-container default system1/fs1 share.smb.catia off default system1/fs1 share.smb.csc default system1/fs1 share.smb.guestok off default system1/fs1 share.smb.none default system1/fs1 share.smb.ro default system1/fs1 share.smb.rw default system1/fs1% share.smb.abe off default system1/fs1% share.smb.ad-container default system1/fs1% share.smb.catia off default system1/fs1% share.smb.csc default system1/fs1% share.smb.dfsroot off default system1/fs1% share.smb.guestok off default system1/fs1% share.smb.none default system1/fs1% share.smb.ro default system1/fs1% share.smb.rw default system1/fs2 share.smb.abe off default system1/fs2 share.smb.ad-container default system1/fs2 share.smb.catia off default system1/fs2 share.smb.csc default system1/fs2 share.smb.guestok off default system1/fs2 share.smb.none default system1/fs2 share.smb.ro default system1/fs2 share.smb.rw default system1/fs2%myshare share.smb.abe off default system1/fs2%myshare share.smb.ad-container default system1/fs2%myshare share.smb.catia off default system1/fs2%myshare share.smb.csc default system1/fs2%myshare share.smb.dfsroot off default system1/fs2%myshare share.smb.guestok off default system1/fs2%myshare share.smb.none default system1/fs2%myshare share.smb.ro default system1/fs2%myshare share.smb.rw default
You can also see the list of all active shares on the system by viewing the /etc/dfs/sharetab file.
The following command creates a child file system of system1/fs2 called system1/fs2/fs2_sub1:
# zfs create system1/fs2/fs2_sub1
The new file system inherits the share.smb property from its parent, system1/fs1, which causes a new default share to be created.
# zfs create -o nbmand=on system1/fs1/fs1_sub1 # zfs get -r share.smb system1 NAME PROPERTY VALUE SOURCE system1 share.smb off default system1/fs1 share.smb on local system1/fs1% share.smb on inherited from system1/fs1 system1/fs1/fs1_sub1 share.smb on inherited from system1/fs1 system1/fs1/fs1_sub1% share.smb on inherited from system1/fs1 system1/fs2 share.smb off default system1/fs2%myshare share.smb on local system1/fs2/fs2_sub1 share.smb off default
You can also see the list of all active shares on the system by viewing the /etc/dfs/sharetab file.
# cat /etc/dfs/sharetab /system1/fs2 myshare smb - /system1/fs1 system1_fs1 smb - /system1/fs1/fs1_sub1 system1_fs1_fs1_sub1 smb -
If you disable SMB sharing for system1/fs1, that file system and its children are affected.
# zfs set share.smb=off system1/fs1 # zfs get -r share.smb system1 NAME PROPERTY VALUE SOURCE system1 share.smb off default system1/fs1 share.smb off local system1/fs1/fs1_sub1 share.smb off inherited from system1/fs1 system1/fs2 share.smb off default system1/fs2%myshare share.smb on local system1/fs2/fs2_sub1 share.smb off default # cat /etc/dfs/sharetab | grep system1 /system1/fs2 myshare smb -
Note that disabling the share.smb property unpublishes the shares but does not remove the share definitions. The /etc/dfs/sharetab file shows that only the myshare share is still published, while the system1_fs1 and system1_fs2_fs2_sub1 shares still exist but are no longer published.
Example 11 Setting the csc Property for SharesThe following example shows how to configure client-side caching on shares.
First, create and share a file system.
If you specify share.smb=on during dataset creation, the share is automatically created as a default share. The name of the share is based on the share path, where slashes (/) are replaced by underscores (_).
The automatic (auto) share is represented as tank/zvol%, which is the ZFS property name for the auto share. The default share name is constructed from the file system name. Invalid characters are converted to underscores. The share.name property stores the default share name, which is the name by which the share is published. The following example uses a default share name of tank_zvol.
# zfs create -o utf8only=on -o share.smb=on tank/zvol # share IPC$ smb - Remote IPC c$ /var/smb/cvol smb - Default Share tank_zvol /tank/zvol smb - # zfs get name,share.protocols,share.state,share.point tank/zvol% NAME PROPERTY VALUE SOURCE tank/zvol% name tank/zvol% - tank/zvol% share.protocols smb local tank/zvol% share.state shared - tank/zvol% share.point /tank/zvol -
To list automatic shares, use the zfs list -o share command:
# zfs create -o utf8only=on -o share.smb=on tank/zvol # zfs get share tank/zvol% # zfs list -o share NAME SHARENAME PROTOCOLS STATE SHAREPOINT tank/zvol% tank_zvol smb shared /tank/zvol # zfs get share.name tank/zvol% NAME PROPERTY VALUE SOURCE tank/zvol% share.name tank_zvol -
To create a share with non-default values, use the zfs command, as shown in the following example:
Create the dataset.
# zfs create -o utf8only=on tank/zvol
Create and enable an SMB share with the name of ashare.
# zfs share -o share.smb=on tank/zvol%ashare # zfs get name,share.protocols,share.state,share.point tank/zvol%ashare NAME PROPERTY VALUE SOURCE tank/zvol%ashare name tank/zvol%ashare - tank/zvol%ashare share.protocols smb local tank/zvol%ashare share.state - - tank/zvol%ashare share.point /tank/zvol -
View the active shares on the system.
# cat /etc/dfs/sharetab /tank/zvol ashare smb -
The following command creates a new share, bshare, with the csc property set to auto:
# zfs share -o share.smb=on -o share.smb.csc=auto tank/zvol%bshare # zfs get share.smb.all tank/zvol%bshare NAME PROPERTY VALUE SOURCE tank/zvol%bshare name tank/zvol%bshare - tank/zvol%bshare share.protocols smb - tank/zvol%bshare share.state - - tank/zvol%bshare share.point /tank/zvol - tank/zvol%bshare share.smb.abe off default tank/zvol%bshare share.smb.ad-container default tank/zvol%bshare share.smb.catia off default tank/zvol%bshare share.smb.csc auto local tank/zvol%bshare share.smb.dfsroot off default tank/zvol%bshare share.smb.guestok off default tank/zvol%bshare share.smb.none default tank/zvol%bshare share.smb.ro default tank/zvol%bshare share.smb.rw default
Using the zfs command enables you to add properties to a share without specifying all the other previously specified properties and their values.
In the following example, the first command creates a share with the name of cshare. The second command adds the csc property.
# zfs share -o share.smb=on tank/zvol3%cshare # zfs set -o share.smb.csc=auto tank/zvol3%cshare
You can also set the csc property on autohome shares in the smbautohome map. As with the ZFS share property, multiple property-value pairs can be specified in a comma-separated list. The following smbautohome map disables client-side caching by default, but sets csc=auto for /export/home/john:
* /export/home/& share.smb.csc=disabled,description=& john /export/home/& share.smb.csc=auto,dn=oracle,dn=com,ou=usersExample 12 Using ls and chmod to Manage SMB Share-Level ACLs
Although you can manage share ACLs on an Oracle Solaris system, a better practice is to use Windows utilities to manage share ACLs. The ACLs are stored on resources located in the .zfs/shares subdirectory in the root of the shared file system. For more information about using the chmod command to modify ACLs, see the chmod(1) man page.
In this example, the shared file system is /zpool/cosmos and one resource, pluto, is stored in the .zfs/shares directory for this file system.
After changing to the /zpool/cosmos/.zfs/shares directory, you can use the ls -lv command to view the ACL information on the resources in that directory.
# cd /zpool/cosmos/.zfs/shares # ls -lv total 2 ----------+ 1 root root 0 Feb 8 18:35 pluto 0:everyone@:read_data/write_data/append_data/read_xattr/write_xattr /execute/delete_child/read_attributes/write_attributes/delete /read_acl/write_acl/write_owner/synchronize:allow
The ls -lv output shows that the pluto resource is owned by the root user and the root group. The everyone ACL entry covers all other users who are not the root user or part of the root group. The everyone ACL entry shows that everyone has all access privileges, which is the default.
Next, use the chmod command to add a user, john, who only has read access to the pluto resource. After running the chmod command, the ls -lv command shows you the new ACL entry for user john. Note that the ACL entry for everyone is unchanged.
# chmod A+user:john:read_data/read_xattr/read_attributes/read_acl:allow pluto # ls -lv total 2 -rwxrwxrwx+ 1 root root 0 Feb 8 18:35 pluto 0:user:john:read_data/read_xattr/read_attributes/read_acl:allow 1:everyone@:read_data/write_data/append_data/read_xattr/write_xattr /execute/delete_child/read_attributes/write_attributes/delete /read_acl/write_acl/write_owner/synchronize:allow
Use the chmod command to modify the ACL entry for user john to permit all access privileges. Now, the ls -lv command shows that the ACL entry for user john has been updated to have all access privileges.
# chmod A0=user:john:read_data/write_data/append_data/read_xattr/ \ write_xattr/execute/delete_child/read_attributes/write_attributes/delete/ \ read_acl/write_acl/write_owner/synchronize:allow pluto # ls -lv total 2 -rwxrwxrwx+ 1 root root 0 Feb 8 18:35 pluto 0:user:john:read_data/write_data/append_data/read_xattr/write_xattr /execute/delete_child/read_attributes/write_attributes/delete /read_acl/write_acl/write_owner/synchronize:allow 1:everyone@:read_data/write_data/append_data/read_xattr/write_xattr /execute/delete_child/read_attributes/write_attributes/delete /read_acl/write_acl/write_owner/synchronize:allow
When you have guest access to a share, you are permitted access to the share even if you are not a regular user of the system. You do not need to present credentials for authentication to gain access to that share.
The SMB server uses the guestok share property to specify whether guest access is permitted for a given share. By default, guest access is disabled. To enable guest access set the guestok property to on.
If you attempt a connection to an SMB server without an account name or a valid account, the request is interpreted as a guest connection. Such a connection is not authenticated unless the guest account has a password. Windows systems typically use a predefined local account called Guest to represent guest connections although this account can be renamed. In the Oracle Solaris OS, you can define an idmap name-based rule to map the Guest Windows user to any local Oracle Solaris user name, such as guest or nobody.
The following command creates a name-based mapping between the Windows user, Guest, and the Oracle Solaris user, guest:
# idmap add winname:Guest unixuser:guest
If the local account has an SMB password in the /var/smb/smbpasswd file, the guest connection is authenticated against that password. Any connection over SMB that is made by using an account that maps to the local guest account is designated as a guest connection. In the absence of an idmap rule for Guest, an ephemeral ID is generated for this Windows account by the idmap service.
This procedure shows how to use the zfs command to enable guest access, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# zfs create -o mountpoint=/eng pool/eng # zfs share -o share.smb=on -o share.smb.guestok=on pool/eng%eshare
The following example uses the zfs command to enable guest access for the myshare share:
# zfs share -o share.smb=on -o share.smb.guestok=on tank/home%myshare
The access-based enumeration (ABE) feature filters directory content based on the access granted to the user who is browsing the directory. This feature is compatible with the Windows ABE feature.
When ABE filtering is enabled, you see only the files and directories to which you have access. This behavior has the following benefits:
Finding files in directories that contain many files is easier because the number of files shown in the listing is reduced.
An “out-of-sight, out-of-mind” policy is implemented.
ABE filtering is managed on a per-share basis by using the zfs command to set the Boolean abe property. See the zfs_share(1M) man page.
ABE filtering is also supported on autohome shares. See the smbautohome(4) man page.
When abe=on, ABE filtering is enabled on the share. Any directory entries to which you have no access are omitted from directory listings. When abe=off or is not defined, ABE filtering is not performed on the share. By default, the abe property is set to off.
This procedure shows how to use the zfs command to enable ABE filtering for a share, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# zfs share -o share.smb=on -o share.smb.abe=on pool/dataset%share-name
For example, the following command enables ABE filtering for the new myshare share:
# zfs create tank/home # zfs share -o share.smb=on -o share.smb.abe=on tank/home%myshare
This procedure shows how to use the zfs command to modify share properties, but you can also use the share command for other file system types. See the share(1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# zfs get share.all,share.smb.all tank/home%home NAME PROPERTY VALUE SOURCE tank/home%home share.desc default tank/home%home share.name home - tank/home%home share.nfs off default tank/home%home share.nfs.* ... default tank/home%home share.path default tank/home%home share.point /tank/home - tank/home%home share.protocols smb local tank/home%home share.smb on local tank/home%home share.smb.* ... default tank/home%home share.state shared - tank/home%home share.smb.abe off default tank/home%home share.smb.ad-container default tank/home%home share.smb.catia off default tank/home%home share.smb.csc default tank/home%home share.smb.dfsroot off default tank/home%home share.smb.guestok off default tank/home%home share.smb.none default tank/home%home share.smb.ro default tank/home%home share.smb.rw default
For example, first change the guestok property to false.
# zfs set share.smb.guestok=off tank/home%home
Then, change the value of the csc property from auto to disabled.
# zfs set share.smb.csc=disabled tank/home%home
For information about available SMB share properties, see the share_smb(1M) man page.
This procedure describes how to remove an SMB share. When you remove an SMB share, the definition of the share is removed from the server. You can re-create the share with the zfs command.
This procedure shows how to use the zfs command to remove a share, but you can also use the unshare command for other file system types. See the unshare(1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# zfs destroy pool/dataset%share-name
For example, the following command removes the sales_share1 share from the tank/sales dataset:
# zfs destroy tank/sales%share_sales1
The autohome share feature eliminates the administrative task of defining and maintaining home directory shares for each user that accesses the system through the SMB protocol. The system creates autohome shares when a user logs in, and removes them when the user logs out.
This procedure describes how to configure autohome shares by adding rules to a configuration file.
For information about the smbautohome format, see SMB Autohome Entries and the smbautohome(4) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
An autohome entry must be on a single line in the following format:
key location [container]
Usually a user name, but it can also be one of the following:
+nsswitch – Uses the naming service to match users to home directories if no rule matches.
Asterisk (*) – Matches a user name to a home directory that uses the same name.
The location of the user's home directory in the location field.
Specify the absolute path excluding the user name, or use one of the following substitution characters:
Question mark (?) – Substitutes for the first character of the user name.
Ampersand (&) – Substitutes for a complete user name.
For example, the following rule maps to /home/a/amy:
amy /home/?/&
For more information about the path, see SMB Autohome Shares.
This procedure describes how to use the ZFS file system's share property to restrict access to a share based on a client's host address. This feature is known as host-based access control.
A client host is permitted to have only one of the following types of access to a share:
Read-only access
Read-write access
No access
For more information about the access control mechanisms that are used for shares, see Host-Based Access Control to SMB Shares.
This procedure shows how to use the zfs command to restrict client host access, but you can also use the share command for other file system types. See the share(1M) man page.
For information about access lists, see the share_smb(1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# zfs share -o share.smb=on -o share.smb.ro=hostname[:hostname] pool/dataset%share-name # zfs share -o share.smb=on -o share.smb.rw=hostname[:hostname] pool/dataset%share-name # zfs share -o share.smb=on -o share.smb.none="" pool/dataset%share-name
A host name, a netgroup, or an IP address
Name of the dataset and share being shared
You can specify the host access policy by combining the access settings in a single command.
The following command specifies how particular hosts can access the acme.sales.logs share. The mercury and venus hosts have read-write access, mars has read-only access, and neptune has no access.
# zfs share -o share.smb=on -o share.smb.rw=mercury:venus,ro=mars,none="*" \ tank/sales/logs%acme.sales.logs