svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
share_smb(8)
System Administration Commands share_smb(8)
NAME
share_smb - make SMB shares available for mounting by remote systems
SYNOPSIS
share -F smb [-a [-o specific-options] [-d description]
pathname sharename | [-A]]
zfs set share.smb=on | off filesystem|filesystem%share
zfs share -o share.smb=on | off specific_options
filesystem|filesystem%share
DESCRIPTION
The share command defines and publishes a SMB share, which makes a
local file system available for mounting by remote systems.
You can modify the behavior of SMB shares by setting property values
with the share command, or with the zfs set or zfs
share commands. For more information, see the share(8) and
zfs(8) man pages.
The share command has the following options:
-F smb
Share SMB file sharing protocol.
-a
Publish all defined shares.
-o specific-options
Specify specific-options in a comma-separated list of keywords and
attribute-value-assertions for interpretation by the SMB protocol.
By default, a share is published with read-write access to all
clients, unless a specific option overrides the default access.
specific-options can be any combination of the properties supported
by a given file system.
-d description
Provide a comment that describes the file system to be shared.
-A
Display all defined shares.
Share Properties
The following SMB share properties are supported and can be set by the
zfs and share commands:
abe=boolean
Sets the access-based enumeration (ABE) policy for a share. When
set to true, ABE filtering is enabled on this share and directory
entries to which the requesting user has no read access will be
omitted from directory listings returned to the client. When set to
false or not defined, ABE filtering will not be performed on this
share. This property is not defined by default.
false
Disable ABE for this share.
true
Enable ABE for this share.
ad-container
Specifies the AD container in which to publish shares.
The AD container is specified as a comma-separated list of
attribute name-value pairs using the LDAP distinguished name (DN)
or relative distinguished name (RDN) format.
The following example uses the share command to specify the AD con‐
tainer:
$ share -F smb -o abe=true,ad-container=cn=sales,ou=mycompany,dc=com /export/home
The following example uses the zfs share command to specify the AD
container:
$ zfs share -o share.smb=on -o share.smb.ad-container=cn=sales,ou=mycompany,dc=com -o share.smb.abe=on rpool/export/home%share1
The DN or RDN must be specified in LDAP format using the cn=, ou=,
and dc= prefixes:
o cn represents the common name
o ou represents the organizational unit
o dc represents the domain component
cn=, ou= and dc= are attribute types. The attribute type used to
describe an object's RDN is called the naming attribute, which, for
ADS, includes the following object classes:
o cn for the user object class
o ou for the organizational unit (OU) object class
o dc for the domainDns object class
bypasstraverse=boolean
Bypass or not bypass traverse checking for the share. It is a bool‐
ean type property, with false being its default value, meaning that
we are following the UNIX semantics to always enforce the traversed
folders' permissions when navigating an object on this share. When
set to true, Windows semantics are used, traverse checking is
bypassed and access depends on the user's rights on the destination
file.
catia=boolean
Specifies whether to perform CATIA character substitution. CATIA V4
uses characters in file names that are considered to be invalid by
Windows. A CATIA V4 file could be inaccessible to Windows clients
if the file name contains any of the characters that are considered
illegal in Windows. By default, CATIA character substitution is not
performed. See Managing SMB File Sharing and Windows Interoperabil‐
ity in Oracle Solaris 11.4.
If the catia property is set to true, the following character sub‐
stitution is applied to file names.
CATIA CATIA
V4 UNIX V5 Windows
" \250 0x00a8 Dieresis
* \244 0x00a4 Currency Sign
/ \370 0x00f8 Latin Small Letter O with Stroke
: \367 0x00f7 Division Sign
< \253 0x00ab Left-Pointing Double Angle Quotation Mark
> \273 0x00bb Right-Pointing Double Angle Quotation Mark
? \277 0x00bf Inverted Question Mark
\ \377 0x00ff Latin Small Letter Y with Dieresis
| \246 0x00a6 Broken Bar
cont_avail=boolean
The new cont_avail property can take one of the following values:
true Enables continuous availability for this share
false Disables continuous availability for this share
The following command shows how to use the zfs share command to
specify the cont_avail property:
# zfs share -o share.smb=on -o share.smb.cont_avail=true tank/home%hsr
csc=value
Sets the client-side caching policy for a share. Client-side
caching is a client feature and offline files are managed entirely
by the clients.
The following are valid values for the csc property:
o manual - Clients are permitted to cache files from the
specified share for offline use as requested by users.
However, automatic file-by-file reintegration is not
permitted. manual is the default value.
o auto - Clients are permitted to automatically cache
files from the specified share for offline use and file-
by-file reintegration is permitted.
o vdo - Clients are permitted to automatically cache
files from the specified share for offline use, file-by-
file reintegration is permitted, and clients are permit‐
ted to work from their local cache even while offline.
o disabled - Client-side caching is not permitted for
this share.
dfsroot=boolean
Marks a share as a distributed file system (DFS) root share to dis‐
tinguish it from a regular share. By default, dfsroot is not
defined. If dfsroot is false or not defined, the share is not a DFS
root share.
encrypt=boolean
Configures SMB encryption at the share level. This is an SMB per-
share property. It is a boolean type property, with false being the
default value. When set to true, the SMB server requires the client
to encrypt all the requests for accessing the specific share.
Again, the enforcement can be bypassed if the server allows unen‐
crypted access. For more information, see the description about the
server_reject_unencypt property. Note that when server_encrypt_data
is true, encrypt will not have any effect.
guestok=boolean
Sets the guest access policy for the share. When set to true guest
access is allowed on this share. When set to false or not defined
guest access is not allowed on this share. This property is not
defined by default.
An idmap(8) name-based rule can be used to map guest to any local
user name, such as guest or nobody. If the local account has a
password in /var/smb/smbpasswd the guest connection will be authen‐
ticated against that password. Any connection made using an account
that maps to the local guest account will be treated as a guest
connection.
The following name-based rule maps the Windows Guest user to the
UNIX guest user:
# idmap add winname:Guest unixuser:guest
none=access-list
Specifies that access is not allowed to any client that matches the
access list. The exception is when the access list is an asterisk
(*), in which case ro or rw can override none.
oplocks=<empty> | disabled | enabled
Enables or disables oplocks for its corresponding share. The valid
values are <empty>, disabled,or enabled. Oplocks are enabled when
this share property is set to "enabled", and disabled when set to
"disabled". When this share property is not explicitly set or
deliberately cleared to <empty>, the global property is referred to
determine whether oplocks should be enabled for the share.
ro=access-list
Specifies that sharing is read-only to the clients listed in
access-list. Overrides the rw suboption for the clients specified.
See access-list.
rw=access-list
Specifies that sharing is read-write to the clients listed in
access-list. Overrides the ro suboption for the clients specified.
See access-list.
shortnames=boolean
Specifies whether shortnames, also known as 8.3 names, are gener‐
ated. Generating shortnames enables MS-DOS-based and Windows 3.x
based applications to recognize and load files that have long file
names. By default shortnames are not generated.
Access List Argument
The access-list argument is either the string "*" to represent all
hosts or a colon-separated list whose components may be any number of
the following:
hostname
Specifies the name of a host. hostname must be a fully qualified
DNS or LDAP name when the host specifies these naming schemes in
the hosts portion of the nsswitch.conf file.
netgroup
A netgroup contains a number of host names. Any hostname in a net‐
group must be a fully qualified DNS or LDAP name when the host
specifies these naming schemes in the hosts portion of the nss‐
witch.conf file.
If the explicit_netgroups setting is enabled, netgroup entries in
share access lists must be prefixed with the '%' character to dis‐
tinguish them from hostnames. See smb(5) for a description of the
explicit_netgroups setting.
domainname.suffix
To use domain membership, the server must use DNS or LDAP to
resolve host names to IP addresses. This means that the hosts entry
of the /etc/nsswitch.conf file must specify dns or ldap before nis.
You must do this because only DNS and LDAP return the full domain
name of the host.
Other naming services, such as NIS, cannot be used to resolve host
names on the server because these naming services do not return
domain information. For example, the following shows how NIS, DNS,
and LDAP return host name information for the 172.16.45.9 IP
address:
NIS Returns: myhost
DNS or LDAP Returns: myhost.mydomain.myexample.com
The domain name suffix is distinguished from host names and net‐
groups by a prefixed dot. For example, rw=.mydomain.myexample.com
matches all host names in mydomain.myexample.com.
The rw=. notation uses a single dot to match a host name that has
no suffix. This notation matches mydomain but not mydomain.myexam‐
ple.com. This feature can be used to match hosts that are resolved
by NIS rather than by DNS and LDAP.
network
The network or subnet component is preceded by an at-sign character
(@). It can be either a network name or a dotted address.
A network name is converted to a dotted address by using getnetby‐
name(3C). For example, =@mynet is equivalent to =@172.16 or
=@172.16.0.0.
The network prefix assumes an octet-aligned netmask. The netmask is
determined from the zeroth octet in the low-order part of the
address up to and including the high-order octet. If network pre‐
fixes are not byte-aligned, the syntax permits a mask length to be
explicitly specified following a slash delimiter (/). For example,
=@theothernet/17 or =@172.16.132/22 where the mask is the number of
leftmost contiguous significant bits in the corresponding IP
address.
When specifying individual IP addresses, use the same @ notation
described previously, but do not use a netmask specification. For
example, =@172.16.132.14.
You can use a colon character (:) to separate multiple, individual
IP addresses. For example, root=@172.16.132.20:@172.16.134.20.
A prefixed minus sign (−) denies access to that component of access-
list. The list is searched sequentially until a match is found that
either grants or denies access, or until the end of the list is
reached. For example, if host terra is in the engineering netgroup,
specifying rw=-terra:engineering denies access to terra. However, spec‐
ifying rw=engineering:-terra grants access to terra.
EXAMPLES
Example 1 Setting a Share Property
The following examples use the zfs share and share commands to create
and publish an SMB share.
o The following example shows how to use the zfs share command
to create and publish an SMB share that also enables guest
access:
# zfs share -o share.smb=on -o share.smb.guestok=on tank/home%hshare
o The following example shows how to use the share command to
enable guest access on a share:
# share -F smb -o guestok=true /tank/home
Example 2 Viewing the Share Properties
The following examples show how to use the zfs get command and the
/etc/dfs/sharetab file to view share properties:
o The zfs get command enables you to view share properties on
the tank/home dataset:
# zfs get share.smb tank/home%hshare
NAME PROPERTY VALUE SOURCE
tank/home%hshare share.smb on local
o The /etc/dfs/sharetab file shows all the active shares on
the system. The entry for each share shows the properties
set and their values:
# grep home /etc/dfs/sharetab
/tank/home hshare smb guestok
FILES
/etc/dfs/sharetab
System record of shared file systems
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/file-system/smb _ Interface Stabili‐
tyCommitted
SEE ALSO
getnetbyname(3C), netgroup(5), attributes(7), idmap(8), share(8),
zfs(8), zfs(8)
Oracle Solaris 11.4 6 Dec 2019 share_smb(8)