2009/184 SMB/CIFS Share Exec Properties
Jordan Brown
Jordan.Brown at sun.com
Fri Mar 20 15:43:37 PDT 2009
I am sponsoring the following for fast track approval.
The timer expires 27 March 2009.
1. Introduction
1.1. Project/Component Working Name:
SMB/CIFS share exec properties
1.2. Name of Document Author/Supplier:
Author: Hoa Nguyen
1.3 Date of This Document:
20 March, 2009
A patch binding is requested for this change.
This is a Committed interface.
4. Technical Description
This fast-track proposes new service properties to support the
execution of a command or script when connecting or disconnecting
CIFS shares. These properties are configurable with sharectl(1M)
and will be applied to all shares. The command may be used to
perform automated administrative tasks each time a share is mapped
or disconnected, for example, to create home directories or monitor
resources. The command will be executed using the credentials of
the smbd daemon, which, by default, is root/sys. The command
will be executed using one of the exec() functions. The content
of the environment is not specified.
See also 6766364 Add scripting support to Autohome.
In order to configure properties using sharectl(1M), a user must
be the superuser or assume an equivalent role to obtain the
solaris.smf.value.smb and solaris.smf.manage.smb RBAC
authorizations, or use the SMB Management RBAC profile, which
is part of the File System Management profile.
Additional privileges are required to allow the smbd process to
fork a child process and execute the commands. The privileges
will be enabled in the effective set and inheritable set when
needed for command execution. Otherwise, they will be disabled.
The following privileges are enabled for the exec'd process:
PRIV_FILE_CHOWN, PRIV_FILE_CHOWN_SELF, PRIV_FILE_DAC_EXECUTE,
PRIV_FILE_DAC_READ, PRIV_FILE_DAC_SEARCH, PRIV_FILE_DAC_WRITE,
PRIV_FILE_LINK_ANY, PRIV_FILE_OWNER, PRIV_FILE_SETID,
PRIV_PROC_EXEC, PRIV_PROC_FORK, PRIV_PROC_INFO, PRIV_PROC_OWNER,
PRIV_PROC_SESSION, PRIV_PROC_SETID, PRIV_SYS_CONFIG,
PRIV_SYS_LINKDIR, and PRIV_SYS_MOUNT.
The service property names and values are as follows:
map The value is a command to be executed when connecting
to the share. The command can take the following
arguments, which will be substituted when the command
is exec'd as described below.
%U - Windows username.
%D - Name of the domain or workgroup of %U.
%h - The server hostname.
%M - The client hostname, or "" if not available.
%L - The server NetBIOS name.
%m - The client NetBIOS name, or "" if not available.
This option is only valid for NetBIOS connections
(port 139).
%I - The IP address of the client machine.
%i - The local IP address to which the client is
connected.
%S - The name of the share.
%P - The root directory of the share.
%u - The UID of the Unix user.
unmap The value is a command to be executed when
disconnecting the share. The command can take the
same substitutions listed on the map property.
disposition A value that controls whether to disconnect the share
or proceed if the map command fails. The disposition
property only has meaning when the map property has
been set. Otherwise it will have no effect.
disposition = [ continue | terminate ]
continue Proceed with share connection if the
map command fails. This is the default
in the event that disposition is not
specified.
terminate Disconnect the share if the map
command fails.
Examples of setting these properties with sharectl(1M):
sharectl set -p map="/tmp/map_script %U" smb
sharectl set -p unmap=/tmp/unmap_script smb
sharectl set -p disposition=terminate smb
For example,
sharectl set -p map="/tmp/map_script %U" smb
would be invoked with arguments of the form:
arg0 = /tmp/map_script
arg1 = <Windows username>
arg2 = NULL
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
More information about the opensolaris-arc
mailing list