2009/164 Support for guest access to CIFS/SMB shares
Jordan Brown
Jordan.Brown at Sun.COM
Mon Mar 9 11:37:55 PDT 2009
[ Sorry if this is a duplicate. sac_nextcase appears to have eaten the
first attempt, but maybe it's in some queue. ]
I am sponsoring the following for fast track approval. The timer
expires 16 March 2009.
Template Version: @(#)onepager.txt 1.35 07/11/07 SMI
Copyright 2009 Sun Microsystems
Sun Proprietary/Confidential: Internal Use Only: Engineering Need-to-Know
1. Introduction
1.1. Project/Component Working Name:
Support for guest access to CIFS/SMB shares
1.2. Name of Document Author/Supplier:
Author: Afshin Salek
1.3. Date of This Document:
03/06/09
1.4. Name of Major Document Customer(s)/Consumer(s):
PSARC
CIFS team
1.5. Email Aliases:
1.5.1. Responsible Manager: Barry.Greenberg at Sun.COM
1.5.2. Responsible Engineer: Afshin.Ardakani at Sun.COM
1.5.3. Marketing Manager:
1.5.4. Interest List: cifs-team at sun.com
A patch binding is requested for this change.
4. Technical Description:
4.1. Details:
This fast track proposes a new share property to support guest
access to CIFS/SMB shares, as requested in RFE 6775827.
A new share property, guestok, will be added to control whether
or not guest access is allowed on the share. If guestok is set
to true, guest access will be allowed on the specified share.
If the guestok share property is not defined or is set to
false, guest access will not be permitted on that share. By
default, the guestok property is not defined, i.e. guest access
is disabled by default.
When a user attempts to connect to an SMB server, the request
is interpreted as a guest connection if an account name is not
specified or the specified user account does not exist. Guest
connections are not authenticated except when the guest account
has a password (more details below). Windows systems typically
use a predefined local account called Guest to represent guest
connections, although this account can be renamed. On Solaris,
the system administrator can define an idmap name-based rule to
map Guest to any local Solaris username, such as guest or
nobody. For example:
# idmap add winname:Guest unixuser:guest
If the local account has a password in /var/smb/smbpasswd the
guest connection will be authenticated against that password.
Any connection made using an account that maps to the local
guest account will be designated as a guest connection.
4.2. Bug/RFE Number(s):
6775827
4.5. Interface Stability:
Committed
4.6. Doc Impact:
Solaris CIFS Administration Guide
Modifications to sharemgr(1M) man page:
-------------------------------------------------------------------
The general properties supported for SMB are:
+ guestok=boolean
+
+ Set the guest access policy for the share.
+ When set to true guest access is allowed on this share.
+ When set to false or not defined guest access is not
+ not allowed on this share. This property is not defined
+ by default.
+
+ An idmap name-based rule can be used to map guest to any
+ local username, such as guest or nobody. If the local
+ account has a password in /var/smb/smbpasswd the guest
+ connection will be authenticated against that password. Any
+ connection made using an account that maps to the local
+ guest account will be treated as a guest connection.
+
+ Example name-based rule:
+
+ # idmap add winname:Guest unixuser:guest
6. Resources and Schedule:
6.4. Product Approval Committee requested information:
6.4.1. Consolidation or Component Name:
ON
6.5. ARC review type:
FastTrack
More information about the opensolaris-arc
mailing list