1 .\"
2 .\" This file and its contents are supplied under the terms of the
3 .\" Common Development and Distribution License ("CDDL"), version 1.0.
4 .\" You may only use this file in accordance with the terms of version
5 .\" 1.0 of the CDDL.
6 .\"
7 .\" A full copy of the text of the CDDL should have accompanied this
8 .\" source. A copy of the CDDL is also available via the Internet at
9 .\" http://www.illumos.org/license/CDDL.
10 .\"
11 .\"
12 .\" Copyright 2017 Nexenta Systems, Inc.
13 .\"
14 .Dd November 22, 2017
15 .Dt SHARESMB 5
16 .Os
17 .Sh NAME
18 .Nm sharesmb
19 .Nd SMB share options
20 .Sh DESCRIPTION
21 The following options are supported:
22 .Bl -tag -width Ds
23 .It Cm abe Ns = Ns Cm true Ns | Ns Cm false
24 Set the access-based enumeration
25 .Pq ABE
26 policy for the share.
27 When set to
28 .Cm true ,
29 ABE filtering is enabled on the share and directory entries to which the
30 requesting user has no access will be omitted from directory listings
31 returned to the client.
32 When set to
33 .Cm false
34 or not defined, ABE filtering will not be performed on this share.
35 This property is not defined by default.
36 .It Cm ad-container
37 Specifies the AD container in which to publish shares.
38 .Pp
39 The AD container is specified as a comma-separated list of attribute name-value
40 pairs using the LDAP distinguished name
41 .Pq DN
42 or relative distinguished name
43 .Pq RDN
44 format.
45 The DN or RDN must be specified in LDAP format using the
46 .Cm cn Ns = ,
47 .Cm ou Ns = ,
48 and
49 .Cm dc Ns =
50 prefixes:
51 .Bl -tag -compact -width "cn"
52 .It Cm cn
53 represents the common name
54 .It Cm ou
55 represents the organizational unit
56 .It Cm dc
57 represents the domain component
58 .El
59 .Pp
60 .Cm cn Ns = ,
61 .Cm ou Ns = ,
62 and
63 .Cm dc Ns =
64 are attribute types.
65 The attribute type used to describe an object's RDN is called the naming
66 attribute, which, for ADS, includes the following object classes:
67 .Bl -tag -compact -width "cn"
68 .It Cm cn
69 .Em user
70 object class
71 .It Cm ou
72 organizational unit
73 .Pq OU
74 object class
75 .It Cm dc
76 .Em domainDns
77 object class
78 .El
79 .It Cm ca Ns = Ns Cm true Ns | Ns Cm false
80 Enable "Continuous Availability" (CA) for the share.
81 CA shares may have persistent handles, which can be
82 reclaimed by an SMB client after a server restart or
83 cluster fail-over.
84 The default is ca=false.
85 .It Cm catia Ns = Ns Cm true Ns | Ns Cm false
86 CATIA V4 uses characters in file names that are considered to be invalid by
87 Windows.
88 CATIA V5 is available on Windows.
89 A CATIA V4 file could be inaccessible to Windows clients if the file name
90 contains any of the characters that are considered illegal in Windows.
91 By default, CATIA character substitution is not performed.
92 .Pp
93 If the
94 .Cm catia
95 property is set to
96 .Cm true ,
97 the following character substitution is applied to file names:
98 .Bd -literal
99 CATIA CATIA
100 V4 UNIX V5 Windows
101 " \e250 0x00a8 Dieresis
102 * \e244 0x00a4 Currency Sign
103 / \e370 0x00f8 Latin Small Letter O with Stroke
104 : \e367 0x00f7 Division Sign
105 < \e253 0x00ab Left-Pointing Double Angle Quotation Mark
106 > \e273 0x00bb Right-Pointing Double Angle Quotation Mark
107 ? \e277 0x00bf Inverted Question Mark
108 \e \e377 0x00ff Latin Small Letter Y with Dieresis
109 | \e246 0x00a6 Broken Bar
110 .Ed
111 .It Cm cksum Ns = Ns Ar cksumlist
112 Set the share to attempt to use end-to-end checksums.
113 The value
114 .Ar cksumlist
115 specifies the checksum algorithms that should be used.
116 .It Cm csc Ns = Ns Cm manual Ns | Ns Cm auto Ns | Ns Cm vdo Ns | Ns Cm disabled
117 Set the client-side caching policy for a share.
118 Client-side caching is a client feature and offline files are managed entirely
119 by the clients.
120 .Pp
121 The following are valid values for the
122 .Cm csc
123 property:
124 .Bl -tag -width "disabled"
125 .It Cm manual
126 Clients are permitted to cache files from the specified share for offline use as
127 requested by users.
128 However, automatic file-by-file reintegration is not permitted.
129 .Cm manual
130 is the default value.
131 .It Cm auto
132 Clients are permitted to automatically cache files from the specified share for
133 offline use and file-by-file reintegration is permitted.
134 .It Cm vdo
135 Clients are permitted to automatically cache files from the specified share for
136 offline use, file-by-file reintegration is permitted, and clients are permitted
137 to work from their local cache even while offline.
138 .It Cm disabled
139 Client-side caching is not permitted for this share.
140 .El
141 .It Cm fso Ns = Ns Cm true Ns | Ns Cm false
142 Set the "Force Shared Oplocks" (FSO) policy for the share.
143 By default (when FSO is false) the SMB server may grant either
144 exclusive oplocks (write cache delegations) or shared oplocks
145 (read cache delegations).
146 When the FSO policy is set on some share, the SMB server
147 never grants exclusive oplocks in that share.
148 .It Cm guestok Ns = Ns Cm true Ns | Ns Cm false
149 Set the guest access policy for the share.
150 When set to
151 .Cm true
152 guest access is allowed on this share.
153 When set to
154 .Cm false
155 or not defined guest access is not allowed on this share.
156 This property is not defined by default.
157 .Pp
158 An
159 .Xr idmap 1M
160 name-based rule can be used to map
161 .Em guest
162 to any local username, such as
163 .Em guest
164 or
165 .Em nobody .
166 If the local account has a password in
167 .Pa /var/smb/smbpasswd
168 the guest connection will be authenticated against that password.
169 Any connection made using an account that maps to the local guest account will
170 be treated as a guest connection.
171 .It Cm encrypt Ns = Ns Cm disabled Ns | Ns Cm enabled Ns | Ns Cm required
172 Controls SMB3 per-share encryption.
173 This is similar to the global
174 .Em smbd/encrypt
175 option.
176 For requests on a particular share, the server's behavior is controlled by the
177 stricter of this option and
178 .Em smbd/encrypt .
179 .Pp
180 When set to
181 .Cm disabled ,
182 the server will not ask clients to encrypt requests.
183 When set to
184 .Cm enabled ,
185 the server will ask clients to encrypt requests,
186 but will not require that they do so.
187 Any message than can be encrypted will be encrypted.
188 When set to
189 .Cm required ,
190 the server will deny access to or disconnect any client that does not support
191 encryption or fails to encrypt requests that they should.
192 .Pp
193 In other words, the
194 .Cm enabled
195 behavior is that any message that CAN be encrypted SHOULD be encrypted, while
196 the
197 .Cm required
198 behavior is that any message that CAN be encrypted MUST be encrypted.
199 .Pp
200 This property is not defined by default.
201 .It Cm none Ns = Ns Ar access-list
202 Access is not allowed to any client that matches the access list.
203 The exception is when the access list is an asterisk
204 .Pq Qq * ,
205 in which case
206 .Cm ro
207 or
208 .Cm rw
209 can override
210 .Cm none .
211 See
212 .Xr shareacl 5
213 for the description of
214 .Ar access-list .
215 .It Cm ro
216 Sharing is read-only to all clients.
217 .It Cm ro Ns = Ns Ar access-list
218 Sharing is read-only to the clients listed in
219 .Ar access-list ;
220 overrides the
221 .Cm rw
222 option for the clients specified.
223 See
224 .Xr shareacl 5
225 for the description of
226 .Ar access-list .
227 .It Cm rw
228 Sharing is read-write to all clients.
229 .It Cm rw Ns = Ns Ar access-list
230 Sharing is read-write to the clients listed in
231 .Ar access-list ;
232 overrides the
233 .Cm ro
234 option for the clients specified.
235 See
236 .Xr shareacl 5
237 for the description of
238 .Ar access-list .
239 .El
240 .Sh SEE ALSO
241 .Xr sharectl 1M ,
242 .Xr smbadm 1M ,
243 .Xr zfs 1M ,
244 .Xr smb 4 ,
245 .Xr shareacl 5