mount.cifs.rst: add reference for sssd and update xattr/acl section
Resolves: RHEL-41059 Signed-off-by: Paulo Alcantara <paalcant@redhat.com>
This commit is contained in:
Paulo Alcantara
parent
8e9d45eb87
commit
275f9bee77
@ -3,7 +3,7 @@
|
||||
|
||||
Name: cifs-utils
|
||||
Version: 7.0
|
||||
Release: 1%{pre_release}%{?dist}
|
||||
Release: 2%{pre_release}%{?dist}
|
||||
Summary: Utilities for mounting and managing CIFS mounts
|
||||
|
||||
Group: System Environment/Daemons
|
||||
@ -19,6 +19,8 @@ Requires(preun): /usr/sbin/alternatives
|
||||
|
||||
Source0: https://download.samba.org/pub/linux-cifs/cifs-utils/%{name}-%{version}.tar.bz2
|
||||
Patch1: 0001-Use-explicit-usr-bin-python3.patch
|
||||
Patch2: mount.cifs.rst-add-missing-reference-for-sssd.patch
|
||||
Patch3: mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
|
||||
|
||||
%description
|
||||
The SMB/CIFS protocol is a standard file sharing protocol widely deployed
|
||||
@ -54,6 +56,8 @@ provide these credentials to the kernel automatically at login.
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}%{pre_release}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
autoreconf -i
|
||||
@ -113,6 +117,11 @@ fi
|
||||
%{_mandir}/man8/pam_cifscreds.8.gz
|
||||
|
||||
%changelog
|
||||
* Thu Jun 13 2024 Paulo Alcantara <paalcant@redhat.com> - 7.0-2
|
||||
- mount.cifs.rst: add missing reference for sssd
|
||||
- mount.cifs.rst: update section about xattr/acl support
|
||||
- Resolves: RHEL-41059
|
||||
|
||||
* Mon Jan 30 2023 Pavel Filipenský <pfilipen@redhat.com> - 7.0-1
|
||||
- Update to cifs-utils-7.0
|
||||
- Resolves: rhbz#2163373
|
||||
|
||||
49
mount.cifs.rst-add-missing-reference-for-sssd.patch
Normal file
49
mount.cifs.rst-add-missing-reference-for-sssd.patch
Normal file
@ -0,0 +1,49 @@
|
||||
From e7ec0032898d855be144c0cdc9d9e3f78ae01bf2 Mon Sep 17 00:00:00 2001
|
||||
From: Paulo Alcantara <pc@manguebit.com>
|
||||
Date: Sun, 10 Mar 2024 22:24:24 -0300
|
||||
Subject: [PATCH 1/2] mount.cifs.rst: add missing reference for sssd
|
||||
|
||||
Reference sssd in mount.cifs(8) as it can be used instead of winbind
|
||||
via cifs.idmap utility. It's also enabled by default in most systems.
|
||||
|
||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
|
||||
---
|
||||
mount.cifs.rst | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/mount.cifs.rst b/mount.cifs.rst
|
||||
index 3becf200e038..64127b23cf17 100644
|
||||
--- a/mount.cifs.rst
|
||||
+++ b/mount.cifs.rst
|
||||
@@ -773,10 +773,10 @@ specified in the following Microsoft TechNet document:
|
||||
In order to map SIDs to/from UIDs and GIDs, the following is required:
|
||||
|
||||
- a kernel upcall to the ``cifs.idmap`` utility set up via request-key.conf(5)
|
||||
-- winbind support configured via nsswitch.conf(5) and smb.conf(5)
|
||||
+- winbind or sssd support configured via nsswitch.conf(5)
|
||||
|
||||
-Please refer to the respective manpages of cifs.idmap(8) and
|
||||
-winbindd(8) for more information.
|
||||
+Please refer to the respective manpages of cifs.idmap(8), winbindd(8)
|
||||
+and sssd(8) for more information.
|
||||
|
||||
Security descriptors for a file object can be retrieved and set
|
||||
directly using extended attribute named ``system.cifs_acl``. The
|
||||
@@ -792,10 +792,10 @@ Some of the things to consider while using this mount option:
|
||||
- The mapping between a CIFS/NTFS ACL and POSIX file permission bits
|
||||
is imperfect and some ACL information may be lost in the
|
||||
translation.
|
||||
-- If either upcall to cifs.idmap is not setup correctly or winbind is
|
||||
- not configured and running, ID mapping will fail. In that case uid
|
||||
- and gid will default to either to those values of the share or to
|
||||
- the values of uid and/or gid mount options if specified.
|
||||
+- If either upcall to cifs.idmap is not setup correctly or winbind or
|
||||
+ sssd is not configured and running, ID mapping will fail. In that
|
||||
+ case uid and gid will default to either to those values of the share
|
||||
+ or to the values of uid and/or gid mount options if specified.
|
||||
|
||||
**********************************
|
||||
ACCESSING FILES WITH BACKUP INTENT
|
||||
--
|
||||
2.44.0
|
||||
|
||||
59
mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
Normal file
59
mount.cifs.rst-update-section-about-xattr-acl-suppor.patch
Normal file
@ -0,0 +1,59 @@
|
||||
From 4718e09e4b15b957bf9d729793bc3de7caad8134 Mon Sep 17 00:00:00 2001
|
||||
From: Paulo Alcantara <pc@manguebit.com>
|
||||
Date: Sun, 10 Mar 2024 22:24:25 -0300
|
||||
Subject: [PATCH 2/2] mount.cifs.rst: update section about xattr/acl support
|
||||
|
||||
Update section about required xattr/acl support for UID/GID mapping.
|
||||
|
||||
Signed-off-by: Paulo Alcantara (Red Hat) <pc@manguebit.com>
|
||||
---
|
||||
mount.cifs.rst | 26 +++++++++++++++++++-------
|
||||
1 file changed, 19 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/mount.cifs.rst b/mount.cifs.rst
|
||||
index 64127b23cf17..d82a13c932b3 100644
|
||||
--- a/mount.cifs.rst
|
||||
+++ b/mount.cifs.rst
|
||||
@@ -321,11 +321,12 @@ soft
|
||||
noacl
|
||||
Do not allow POSIX ACL operations even if server would support them.
|
||||
|
||||
- The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba
|
||||
- servers version 3.0.10 and later. Setting POSIX ACLs requires enabling
|
||||
- both ``CIFS_XATTR`` and then ``CIFS_POSIX`` support in the CIFS
|
||||
- configuration options when building the cifs module. POSIX ACL support
|
||||
- can be disabled on a per mount basis by specifying ``noacl`` on mount.
|
||||
+ The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to
|
||||
+ Samba servers version 3.0.10 and later. Setting POSIX ACLs requires
|
||||
+ enabling both ``CONFIG_CIFS_XATTR`` and then ``CONFIG_CIFS_POSIX``
|
||||
+ support in the CIFS configuration options when building the cifs
|
||||
+ module. POSIX ACL support can be disabled on a per mount basis by
|
||||
+ specifying ``noacl`` on mount.
|
||||
|
||||
cifsacl
|
||||
This option is used to map CIFS/NTFS ACLs to/from Linux permission
|
||||
@@ -762,8 +763,19 @@ bits, and POSIX ACL as user authentication model. This is the most
|
||||
common authentication model for CIFS servers and is the one used by
|
||||
Windows.
|
||||
|
||||
-Support for this requires both CIFS_XATTR and CIFS_ACL support in the
|
||||
-CIFS configuration options when building the cifs module.
|
||||
+Support for this requires cifs kernel module built with both
|
||||
+``CONFIG_CIFS_XATTR`` and ``CONFIG_CIFS_ACL`` options enabled. Since
|
||||
+Linux 5.3, ``CONFIG_CIFS_ACL`` option no longer exists as CIFS/NTFS
|
||||
+ACL support is always built into cifs kernel module.
|
||||
+
|
||||
+Most distribution kernels will already have those options enabled by
|
||||
+default, but you can still check if they are enabled with::
|
||||
+
|
||||
+ cat /lib/modules/$(uname -r)/build/.config
|
||||
+
|
||||
+Alternatively, if kernel is configured with ``CONFIG_IKCONFIG_PROC``::
|
||||
+
|
||||
+ zcat /proc/config.gz
|
||||
|
||||
A CIFS/NTFS ACL is mapped to file permission bits using an algorithm
|
||||
specified in the following Microsoft TechNet document:
|
||||
--
|
||||
2.44.0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user