[cifs-discuss] Is it possible to make an invisible share (for a home directory)?
Jim Klimov
jimklimov at cos.ru
Sun Sep 20 23:23:22 PDT 2009
Hello again, Alan, thanks for clarification.
> Do you see a need for share ACLs for smbautohome shares, i.e. do you see
> a need to have different protection on remote access versus local access
> for these shares?
It's a peculiar question :)
I don't have anything like a business case to request the functionality; however
there are a couple of reasons for saying "yes, transient shares should also have
ACLs".
1) If the functionality is already there for normal shares, it seems natural
to have it for any types of shares. So as to not have unpleasant surprises.
And I think it can be done as simple as not removing the .zfs/shares/name
file entry, and reusing it upon autosharing if it already exists.
(PS: having some configurability to en-/dis-able this, would also be convenient)
2) *IF* access to smbautohome shares can be changed during the share's short
lifetime, (that's a big "IF" :) ) then I think someone who edited the ACL would
expect it to persist. If not, I think directory ACLs may suffice for a long time...
--
In my earlier posts this summer I explained a scenario of sharing the same path
as two different shares (i.e. \\server\pub and \\server\pub$), with one share
being read-only for everyone including nominal owner and domain admins, and
another being read-write for a limited number of filesystem content managers.
Whoever you are, your activity can't affect the contents of CIFS share "pub".
This has proven useful to prevent accidents happening from under an admin's
account like inadvertent drag-and-dropping instead of clicking, rampaging
viruses on admin's desktop or whatever else.
It's an example of a scenario where directory ACLs alone do not suffice.
However, with the ability to share and access a home directory both as an
smbauto-share with directory ACLs only, and a manually created (perhaps
hidden) share with specific CIFS ACLs as well as directory ACLs, does indeed
solve any access-rights customization problem I can think of so far.
I might need to test this further, but the initial attempt of double-sharing my
homedir worked as I expected it to.
Thanks
//Jim
--
This message posted from opensolaris.org
More information about the cifs-discuss
mailing list