rpms/cifs-utils
5
0
Fork 0
Code Issues Pull Requests Releases Activity

mount.cifs.rst: add reference for sssd and update xattr/acl section

Browse Source 
Resolves: RHEL-22495

Signed-off-by: Paulo Alcantara <paalcant@redhat.com>
This commit is contained in:
Paulo Alcantara 2024-04-16 13:48:59 -03:00
parent c4e33cca26
commit 0f04ec127d
3 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
cifs-utils.spec
View File

@ -3,7 +3,7 @@
Name: cifs-utils Name: cifs-utils
Version: 7.0 Version: 7.0
Release: 3%{pre_release}%{?dist} Release: 4%{pre_release}%{?dist}
Summary: Utilities for mounting and managing CIFS mounts Summary: Utilities for mounting and managing CIFS mounts
License: GPLv3 License: GPLv3
@ -23,6 +23,8 @@ Recommends: %{name}-info%{?_isa} = %{version}-%{release}
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2 Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
Patch0: cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch Patch0: cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
Patch1: pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch Patch1: pam_cifscreds-fix-warning-on-NULL-arg-passed-to-s-in.patch
Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch
Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
%description %description
The SMB/CIFS protocol is a standard file sharing protocol widely deployed The SMB/CIFS protocol is a standard file sharing protocol widely deployed
@ -57,6 +59,8 @@ provide these credentials to the kernel automatically at login.
%setup -q -n %{name}-%{version}%{pre_release} %setup -q -n %{name}-%{version}%{pre_release}
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%patch3 -p1
%build %build
fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g' fgrep -r -l '/usr/bin/env python' | xargs -n1 sed -i 's@/usr/bin/env python.*@%python3@g'
@ -128,6 +132,11 @@ about CIFS mount.
%{_mandir}/man1/smbinfo.* %{_mandir}/man1/smbinfo.*
%changelog %changelog
* Tue Apr 16 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-4
- mount.cifs.rst: add missing reference for sssd
- mount.cifs.rst: update section about xattr/acl support
- Resolves: RHEL-22495
* Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-3 * Fri Apr 12 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-3
- pam_cifscreds: fix NULL arg warning passed to pam_syslog() - pam_cifscreds: fix NULL arg warning passed to pam_syslog()
- Resolves: RHEL-28050 - Resolves: RHEL-28050

49
mount.cifs.rst-add-missing-reference-for-sssd.patch Normal file
View File

@ -0,0 +1,49 @@
From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Sun, 10 Mar 2024 22:24:24 -0300
Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
Reference sssd in mount.cifs(8) as it can be used instead of winbind
via cifs.idmap utility. It's also enabled by default in most systems.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index 3becf200e038..64127b23cf17 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document:
In order to map SIDs to/from UIDs and GIDs, the following is required:
- a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
-- winbind support configured via nsswitch.conf(5) and smb.conf(5)
+- winbind or sssd support configured via nsswitch.conf(5)
-Please refer to the respective manpages of cifs.idmap(8) and
-winbindd(8) for more information.
+Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
+and sssd(8) for more information.
Security descriptors for a file object can be retrieved and set
directly using extended attribute named ``system.cifs_acl``. The
@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option:
- The mapping between a CIFS/NTFS ACL and POSIX file permission bits
is imperfect and some ACL information may be lost in the
translation.
-- If either upcall to cifs.idmap is not setup correctly or winbind is
- not configured and running, ID mapping will fail. In that case uid
- and gid will default to either to those values of the share or to
- the values of uid and/or gid mount options if specified.
+- If either upcall to cifs.idmap is not setup correctly or winbind or
+ sssd is not configured and running, ID mapping will fail. In that
+ case uid and gid will default to either to those values of the share
+ or to the values of uid and/or gid mount options if specified.
**********************************
ACCESSING FILES WITH BACKUP INTENT
--
2.44.0

59
mount.cifs.rst-update-section-about-xattr-acl-suppor.patch Normal file
View File

@ -0,0 +1,59 @@
From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001
From: Paulo Alcantara <pc@manguebit.com>
Date: Sun, 10 Mar 2024 22:24:25 -0300
Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
Update section about required xattr/acl support for UID/GID mapping.
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
---
mount.cifs.rst | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/mount.cifs.rst b/mount.cifs.rst
index 64127b23cf17..d82a13c932b3 100644
--- a/mount.cifs.rst
+++ b/mount.cifs.rst
@@ -321,11 +321,12 @@ soft
noacl
Do not allow POSIX ACL operations even if server would support them.
- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
- configuration options when building the cifs module. POSIX ACL support
- can be disabled on a per mount basis by specifying ``noacl`` on mount.
+ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
+ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
+ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
+ support in the CIFS configuration options when building the cifs
+ module. POSIX ACL support can be disabled on a per mount basis by
+ specifying ``noacl`` on mount.
cifsacl
This option is used to map CIFS/NTFS ACLs to/from Linux permission
@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most
common authentication model for CIFS servers and is the one used by
Windows.
-Support for this requires both CIFS_XATTR and CIFS_ACL support in the
-CIFS configuration options when building the cifs module.
+Support for this requires cifs kernel module built with both
+``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
+Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
+ACL support is always built into cifs kernel module.
+
+Most distribution kernels will already have those options enabled by
+default, but you can still check if they are enabled with::
+
+ cat /lib/modules/$(uname -r)/build/.config
+
+Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
+
+ zcat /proc/config.gz
A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
specified in the following Microsoft TechNet document:
--
2.44.0