From 275f9bee7706034645946867b96b5a0fc4d01e01 Mon Sep 17 00:00:00 2001 From: Paulo Alcantara Date: Thu, 13 Jun 2024 22:55:49 -0300 Subject: [PATCH] mount.cifs.rst: add reference for sssd and update xattr/acl section Resolves: RHEL-41059 Signed-off-by: Paulo Alcantara --- cifs-utils.spec | 11 +++- ...s.rst-add-missing-reference-for-sssd.patch | 49 +++++++++++++++ ...pdate-section-about-xattr-acl-suppor.patch | 59 +++++++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 mount.cifs.rst-add-missing-reference-for-sssd.patch create mode 100644 mount.cifs.rst-update-section-about-xattr-acl-suppor.patch diff --git a/cifs-utils.spec b/cifs-utils.spec index 1b75181..1ebf1c5 100644 --- a/cifs-utils.spec +++ b/cifs-utils.spec @@ -3,7 +3,7 @@ Name: cifs-utils Version: 7.0 -Release: 1%{pre_release}%{?dist} +Release: 2%{pre_release}%{?dist} Summary: Utilities for mounting and managing CIFS mounts Group: System Environment/Daemons @@ -19,6 +19,8 @@ Requires(preun): /usr/sbin/alternatives Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2 Patch1: 0001-Use-explicit-usr-bin-python3.patch +Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch +Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch %description The SMB/CIFS protocol is a standard file sharing protocol widely deployed @@ -54,6 +56,8 @@ provide these credentials to the kernel automatically at login. %prep %setup -q -n %{name}-%{version}%{pre_release} %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build autoreconf -i @@ -113,6 +117,11 @@ fi %{_mandir}/man8/pam_cifscreds.8.gz %changelog +* Thu Jun 13 2024 Paulo Alcantara - 7.0-2 +- mount.cifs.rst: add missing reference for sssd +- mount.cifs.rst: update section about xattr/acl support +- Resolves: RHEL-41059 + * Mon Jan 30 2023 Pavel Filipenský - 7.0-1 - Update to cifs-utils-7.0 - Resolves: rhbz#2163373 diff --git a/mount.cifs.rst-add-missing-reference-for-sssd.patch b/mount.cifs.rst-add-missing-reference-for-sssd.patch new file mode 100644 index 0000000..f5dbe18 --- /dev/null +++ b/mount.cifs.rst-add-missing-reference-for-sssd.patch @@ -0,0 +1,49 @@ +From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara +Date: Sun, 10 Mar 2024 22:24:24 -0300 +Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd + +Reference sssd in mount.cifs(8) as it can be used instead of winbind +via cifs.idmap utility. It's also enabled by default in most systems. + +Signed-off-by: Paulo Alcantara (Red Hat) +--- + mount.cifs.rst | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 3becf200e038..64127b23cf17 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document: + In order to map SIDs to/from UIDs and GIDs, the following is required: + + - a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5) +-- winbind support configured via nsswitch.conf(5) and smb.conf(5) ++- winbind or sssd support configured via nsswitch.conf(5) + +-Please refer to the respective manpages of cifs.idmap(8) and +-winbindd(8) for more information. ++Please refer to the respective manpages of cifs.idmap(8), winbindd(8) ++and sssd(8) for more information. + + Security descriptors for a file object can be retrieved and set + directly using extended attribute named ``system.cifs_acl``. The +@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option: + - The mapping between a CIFS/NTFS ACL and POSIX file permission bits + is imperfect and some ACL information may be lost in the + translation. +-- If either upcall to cifs.idmap is not setup correctly or winbind is +- not configured and running, ID mapping will fail. In that case uid +- and gid will default to either to those values of the share or to +- the values of uid and/or gid mount options if specified. ++- If either upcall to cifs.idmap is not setup correctly or winbind or ++ sssd is not configured and running, ID mapping will fail. In that ++ case uid and gid will default to either to those values of the share ++ or to the values of uid and/or gid mount options if specified. + + ********************************** + ACCESSING FILES WITH BACKUP INTENT +-- +2.44.0 + diff --git a/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch b/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch new file mode 100644 index 0000000..8cb506c --- /dev/null +++ b/mount.cifs.rst-update-section-about-xattr-acl-suppor.patch @@ -0,0 +1,59 @@ +From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001 +From: Paulo Alcantara +Date: Sun, 10 Mar 2024 22:24:25 -0300 +Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support + +Update section about required xattr/acl support for UID/GID mapping. + +Signed-off-by: Paulo Alcantara (Red Hat) +--- + mount.cifs.rst | 26 +++++++++++++++++++------- + 1 file changed, 19 insertions(+), 7 deletions(-) + +diff --git a/mount.cifs.rst b/mount.cifs.rst +index 64127b23cf17..d82a13c932b3 100644 +--- a/mount.cifs.rst ++++ b/mount.cifs.rst +@@ -321,11 +321,12 @@ soft + noacl + Do not allow POSIX ACL operations even if server would support them. + +- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba +- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling +- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS +- configuration options when building the cifs module. POSIX ACL support +- can be disabled on a per mount basis by specifying ``noacl`` on mount. ++ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to ++ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires ++ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX`` ++ support in the CIFS configuration options when building the cifs ++ module. POSIX ACL support can be disabled on a per mount basis by ++ specifying ``noacl`` on mount. + + cifsacl + This option is used to map CIFS/NTFS ACLs to/from Linux permission +@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most + common authentication model for CIFS servers and is the one used by + Windows. + +-Support for this requires both CIFS_XATTR and CIFS_ACL support in the +-CIFS configuration options when building the cifs module. ++Support for this requires cifs kernel module built with both ++``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since ++Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS ++ACL support is always built into cifs kernel module. ++ ++Most distribution kernels will already have those options enabled by ++default, but you can still check if they are enabled with:: ++ ++ cat /lib/modules/$(uname -r)/build/.config ++ ++Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``:: ++ ++ zcat /proc/config.gz + + A CIFS/NTFS ACL is mapped to file permission bits using an algorithm + specified in the following Microsoft TechNet document: +-- +2.44.0 +