From: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> Manpage contents for cifs mount option cifsacl Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@xxxxxxxxx> --- mount.cifs.8 | 33 +++++++++++++++++++++++++++++++++ 1 files changed, 33 insertions(+), 0 deletions(-) diff --git a/mount.cifs.8 b/mount.cifs.8 index 7e0f117..082adcd 100644 --- a/mount.cifs.8 +++ b/mount.cifs.8 @@ -272,6 +272,39 @@ Do not allow POSIX ACL operations even if server would support them\&. The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers version 3\&.0\&.10 and later\&. Setting POSIX ACLs requires enabling both XATTR and then POSIX support in the CIFS configuration options when building the cifs module\&. POSIX ACL support can be disabled on a per mount basis by specifying "noacl" on mount\&. .RE .PP +cifsacl +.RS 4 +This option is used to map CIFS/NTFS ACLs to/fro Linux permission bits, +map SIDs to/fro UIDs and GIDs, and get and set Security Descriptors\&. +.sp +This option is used to work with file objects which posses Security Descriptor +and CIFS/NTFS ACL as user authentication model instead of UID, GID, +file permission bits, and POSIX ACL as user authentication model on mounted +shares exported from servers such as Windows. + +A CIFS/NTFS ACL is mapped to file permission bits using an algorithm specified here +.br +\t\- http://technet.microsoft.com/en-us/library/bb463216.aspx + +Mapping SIDs to/fro UIDs and GIDs needs, +.br +\t\- a kenrel upcall to cifs.idmap utility set up via file /etc/request-key.conf +.br +\t\- winbind configured via files /etc/nsswitch.conf and smb.conf +Please refer to the respective manpages of cifs.idmap and winbind for usage. + +Security Descriptors for a file object can be get and set using +extended attribute named system.cifs_acl. + +Some of the things to consider while using this mount option: +.br +\t\- Increased latency when handling metadata due to additional requests to get and set security descriptors. +.br +\t\- During CIFS/NTFS ACL mapping to/fro Linux file permission bits, it is possible to loose finer granularity available in CIFS/NTFS ACL. +.br +\t\- If either upcall to cifs.idmap is not setup correctly or winbind is not configured and running, ID mapping will fail. In that case uid and gids will default to either values of uid and/or gid mount options if specified or credentials of the process that mounted the share. +.RE +.PP nocase .RS 4 Request case insensitive path name matching (case sensitive is the default if the server suports it)\&. -- 1.6.0.2 -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
