|
osdir.com mailing list archive |
|
Subject: chmod, chgrp, chown - msg#00006List: linux.file-systems.cifsaddressing TODO's missing feature a) chmod/chgrp/chown, I found out how SFU/Interix manages these things. (I concentrated on chmod for now, though) Overview: - The normal rwx bits are mapped to Windows File Manager ACL permissions (and denies) - The Set bits (chmod 07000) are stored in an Extended Attribute When doing a chmod on Interix, always the following is done: - all ACLs are removed and replaced by 3 new ACLs, one for the windows file owner, one for the POSIX group of the file owner and one for Everyone (SSID: S-1-1-0) - the file's READ ONLY attribute is unset - other attributes (HIDDEN, SYSTEM, ARCHIVE) are not changed rwx bits -------- For storing the rwx attributes, explorer's detailed file permissions are used, they are (in the order they appear in the window): name mask value --------------------------------- (FULL) 0x001f01ff FILE_TRAVERSE 0x00000020 FILE_LIST_DIRECTORY 0x00000001 FILE_READ_ATTRIBUTES 0x00000080 FILE_READ_EA 0x00000008 FILE_ADD_FILE 0x00000002 FILE_ADD_SUBDIRECTORY 0x00000004 FILE_WRITE_ATTRIBUTES 0x00000100 FILE_WRITE_EA 0x00000010 FILE_DELETE_CHILD 0x00000040 DELETE 0x00010000 READ_CONTROL 0x00020000 WRITE_DAC 0x00040000 WRITE_OWNER 0x00080000 SYNCRONIZE 0x00100000 For each of the 3 ACLs (owner, group, everybody) the following mask is always set: 0x00120088 (SYNCRONIZE | READ_CONTROL | FILE_READ_EA | FILE_READ_ATTRIBUTES) To this value the bits for r,w,x are ORed as follows: r: 0x00000001 (FILE_LIST_DIRECTORY) w: 0x00000156 (FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY | | FILE_DELETE_CHILD | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES) x: 0x00000020 (FILE_TRAVERSE) When (group_rwx && ~owner_rwx != 0), e.g. the file has permission -r--rwx---, then an additional DENY ACL for the owner is created: deny_rwx = group_rwx && ~owner_rwx; // == -wx This is mapped to 0x00000156 + 0x00000020, and the created deny ACL for the owner is: owner deny: 0x00000176 The same is for Everyone, if everyone's permissions are not included in group's or owner's. For simplification, these DENY ACLs can always be set, if the resulting mask is 0, then Windows removes the entry. (At least it does so when using the Explorer.) set bits -------- If one of the set bits are to be set, an Extended Attribute is created/updated: Name: SETFILEBITS data: uint32 chmod 01000 gets 0x00020000 chmod 02000 gets 0x00040000 chmod 04000 gets 0x00080000 readíng permissions ------------------- When reading the permissions for a file, the READ ONLY attribute is also taken into account: the mask values from the 3 ACLs above are tried to read, and the file permissions calculated accordingly. If file's READ ONLY attribute is set, then all w bits are cleared from the calculation. I think this should be implementable for linux-cifs in the same way, when a Windows NT or above server is contacted. Setting the permissins like that might default to the mount option "noperm", as the checking can be done by the server. Martin Thread at a glance:
Previous Message by Date: click to view message previewspecial files on Services for Unix (SFU) / InterixHello Steve, >> Have you done any tests of Windows SFU -> Windows SFU over the network, >> presumably these Interix special files are handled to Windows the same >> as they would to Samba since they are not utilizing protocol extensions >> to CIFS (obscure Windows NTFS trans2 infolevels) to accomplish them. > don't fully sure what exactly I should test. > However, I did the following: > > On Linux, I created some special files with the attached > perl script. These files I put into a samba share with > "map system = yes". > This share I conected to a Win 2000 client and did in > Interix: > > bash-2.05b$ ls -ln > total 1 > drw-rwxrw- 1 3002 3003 0 Jun 3 02:30 testblock > drw-rwxrw- 1 3002 3003 0 Jun 3 02:30 testchar > drw-rwxrw- 1 3002 3003 0 Jun 3 02:30 testfifo > drw-rwxrw- 1 3002 3003 30 Jun 3 02:30 testlink > > same dir with attrib: > G:\>attrib > S G:\testblock > S G:\testchar > S G:\testfifo > S G:\testlink > > This doesn't work correctly, but it works a bit, as testblock > and testchar aren't 0 bytes in reality, and are no dirs. But this seems > to be a samba problem. this has nothing to do with special files on samba: bash-2.05b$ ls -ln total 2 drw-r--r-- 1 3002 3003 6 Jun 3 23:56 hello_world drw-rwxrw- 1 3002 3003 0 Jun 3 23:56 testblock drw-rwxrw- 1 3002 3003 0 Jun 3 23:56 testchar drw-rwxrw- 1 3002 3003 0 Jun 3 23:56 testfifo drw-rwxrw- 1 3002 3003 30 Jun 3 23:56 testlink bash-2.05b$ ls -ln * -rw-r--r-- 1 3002 3003 6 Jun 3 23:56 hello_world brw-rwxrw- 1 3002 3003 44, 45 Jun 3 02:25 testblock crw-rwxrw- 1 3002 3003 42, 43 Jun 3 02:25 testchar prw-rwxrw- 1 3002 3003 0 Jun 3 02:25 testfifo lrw-rwxrw- 1 3002 3003 11 Jun 3 02:25 testlink -> hello_world bash-2.05b$ hello_world is a normal plain text file and is shown as directory also. However, when doing "ls -ln *", all is ok. I see this "directorisation" on all files and all shares coming from my samba server, not only those with special files. Martin Next Message by Date: click to view message previewRe: Fwd: Re: latest cifs.ko module for debianthe howto is ok (although I don't think that the kernel has to be built from scratch... just the modules e.g. make modules) The 2.6.10 kernel has indeed errors fs/cifs/connect.c: In function `cifs_mount': fs/cifs/connect.c:1737: error: structure has no member named `s_time_gran' make[2]: *** [fs/cifs/connect.o] Error 1 make[1]: *** [fs/cifs] Error 2 make: *** [fs] Error 2 and I'm afraid I can't use the 2.6.11 kernel because of inotify bugs. Anyway... it seems that I'll have to wait until a new kernel is released. thanks again Rene Stefanos Rene Tapia wrote: > > > I built it for Debian Sarge, however I had to use 2.6.11 sources (from unstable). 2.6.10 gives > errors. > > Howto: > > GET CIFS SOURCES: > apt-get install debhelper modutils kernel-package libncurses5-dev > > > download "http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34.tar.gz > " to /root for example > cd /root > > tar xvfz cifs-1.34.tar.gz > > > > GET KERNEL SOURCES: > apt-get install kernel-source-2.6.11 > > cd /usr/src > > > > tar --bzip2 -xvf kernel-source-2.6.11.tar.bz2 > > > REPLACE CIFS WITH 1.34: > mv /usr/src/kernel-source-2.6.11/fs/cifs /usr/src/kernel-source-2.6.11/fs/cifs_old > mkdir /usr/src/kernel-source-2.6.11/fs/cifs > > cp -R /root/cifs-1.34/fs/cifs/* /usr/src/kernel-source-2.6.11/fs/cifs > > > CONFIG THE KERNEL: > I used the config file from 2.6.8: > > cp /boot/config-2.6.8-2-386 /usr/src/kernel-source-2.6.11/.config > > cd kernel-source-2.6.11 > > make menuconfig > > Include: > > File Systems --> Network File Systems --> CIFS support --> CIFS statistics > > > MAKE THE KERNEL: > make-kpkg clean; make-kpkg --initrd kernel_image > > > INSTALL THE KERNEL: > dpkg -i kernel-image-2.6.11_10.00.Custom_i386.deb > > > > -- ====================================================================== Stefanos Karasavvidis Electronic & Computer Engineer, M.Eng. e-mail : sk@xxxxxxxxxx Technical University of Crete, Campus Information Systems Center Address: Akrotiri, Chania, 73100 Tel.: (+30) 28210 37352, 37355 (central), 37766 (ENV.ENG. buildings) Fax: (+30) 28210 37571 Previous Message by Thread: click to view message previewCIFS client and DFS roadmapHi! I just need a confirmation. I want to access samba DFS shares from my GNU/Linux clients. I've been reading mails froms the list, surfing the web and doing tests and it seems that you still need to pass the "ip" parameter to the mount.cifs command in order to mount a DFS share. I've tested with latest versions and certainly, if you do "mount.cifs ... -o ip=x.y.z.t. ..." then you can reach the bottom share (where x.y.z.t is the IP address of the destination share). Of course, this lacks one of the DFS goodies : that the final destination is transparent for the client. By now you need to know the IP address of the destination UNC and this doesn't let me change the destination without having to change the client's /etc/fstab, autofs map or whatever. This is unacceptable in a production environment with thousands of clients. So, nowadays the only way to connect transparently to a DFS share from Linux is latest smbclient version. At least, 3.0.10 can't and 3.0.14a can. Is it ok? Am I wrong? More over, if that's ok then are there future plans to solve it? Of course that we can also do the work with Samba without DFS, but we're planning a huge SMB fileserver and this could lead us to take different decisions in this early stage. Thanks everybody in advance and congratulations for your hard work. Bye! Excerpt from a mail of Jerry at "samba" list: Gerald (Jerry) Carter wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Weiss wrote: | hello, | | maybe this is the wrong place, but according to | | http://us1.samba.org/samba/Linux_CIFS_client.html | | linux kernel cifs should be able to handle M$ dfs shares. | I looked at the installation and usage instructions | but it doesn't work. On the mount.cifs manpage I | found no hint about a special switch to activate dfs parsing. | | Can anybody put some light into this? It's not implemented last time I spoke with Steve. The cifs fs has its own list btw.....linux-cifs-client@xxxxxxxxx (you can subscribe from the mailman interface at http://lists.samba.org/) cheers, jerry -- Angel Galindo Muñoz University of Barcelona, Spain Next Message by Thread: click to view message previewRe: poor cifs write performance and high CPU load with large files (500MB+) compared to smbfsIn addition to the tests mentioned in http://lists.samba.org/archive/linux-cifs-client/2005-May/000841.html I now tested the following on a real machine (not VM), connected via Gigabit-Ethernet: kernel cifs mount-opt speed cpu-usage ------------------------------------------------------------------- Debian-2.6.11 1.28 - 4 MB/s decreasing to 1 MB/s 85% Debian-2.6.11 1.28 direct 5 MB/s -> 1 MB/s 85% Debian-2.6.11 1.34 - 4 MB/s -> 1 MB/s 85% Debian-2.6.11 1.34 direct 10 MB/s constantly 40% vanilla-2.6.9 1.34RHEL4 - 4 MB/s -> 1 MB/s 85% vanilla-2.6.9 1.34RHEL4 direct 10 MB/s constantly 40% Martin Loading Comments...
|
|
