Quantum| Understanding NAS share level access options |
Customer presenting Stonext File Systems over the SMB protocol often need to understand the share level access options.
To see what share level access options the customer has set you need to log into sysadmin user which starts the /usr/local/quantum/bin/run-panshell script.
##Showing the sysadmin login script
[root@upm660 shared]# cat /etc/passwd | grep sysadmin
sysadmin:x:497:0:SN-NAS Sysadmin Account:/sysadmin:/usr/local/quantum/bin/run-panshell
##Using 'su sysadmin' to start the script.
[root@upm660 shared]# su sysadmin
Welcome to Quantum M660 SN-NAS Console
--------------------------------------
*** Type 'help' for a list of commands.
M660:upm660>
Once you've started the panshell script you can run a 'share show' command to see the share access level assigned to users.
M660:upm660> share show
1 shares:
1: smbgw1 | smb | /stornext/gw1 | write list = jon,public = no,writable = yes
Here we see that user 'jon' has write list options. Dropping from the sysadmin script we can look at the smb.conf file.
bash-4.1# cat /etc/samba/smb.conf | grep -A 7 global
[global]
workgroup = WORKGROUP
server string = "Quantum SN-NAS"
netbios name = UPM660
template shell = /bin/bash
template homedir = /home/%%u
security = user
guest ok = no
bash-4.1# cat /etc/samba/smb.conf | grep -A 4 smbgw1
[smbgw1]
path = /stornext/gw1
write list = jon
public = no
writable = yes
Returning back to the shell we can use the share change command to modify the smb.conf file.
M660:upm660> share change smb smbgw1 admin users = bob ross
Share smbgw1 successfully changed
M660:upm660> share show
1 shares:
1: smbgw1 | smb | /stornext/gw1 | admin users = bob ross,public = no,writable = yes |
M660:upm660> shell-escape
bash-4.1# cat /etc/samba/smb.conf | grep -A 4 smbgw1
[smbgw1]
path = /stornext/gw1
admin users = bob ross
public = no
writable = yes
Here is a list of valid options to pass to the smb change command from smb.org (https://www.samba.org/samba/docs/using_samba/ch09.html)
|
Option |
Parameters |
Function |
Default |
Scope |
|---|---|---|---|---|
|
admin users |
string (list of usernames) |
Users who can perform operations as root |
None |
Share |
|
valid users |
string (list of usernames) |
Users who can connect to a share |
None |
Share |
|
invalid users |
string (list of usernames) |
Users who will be denied access to a share |
None |
Share |
|
read list |
string (list of usernames) |
Users who have read-only access to a writable share |
None |
Share |
|
write list |
string (list of usernames) |
Users who have read/write access to a read-only share |
None |
Share |
|
max connections |
numeric |
Maximum number of connections for a share at a given time |
0 |
Share |
|
guest only (only guest) |
Boolean |
If yes, allows only guest access |
no |
Share |
|
guest account |
string (name of account) |
Unix account that will be used for guest access |
nobody |
Share |
It's also important to note that you can also indicate group level access to a share by preceded by a @ symbol.
M660:upm660> share change smb smbgw1 admin users = @domain users
Share smbgw1 successfully changed
M660:upm660> share show
1 shares:
1: smbgw1 | smb | /stornext/gw1 | admin users = @domain users,public = no,writable = yes |
bash-4.1# cat /etc/samba/smb.conf | grep -A 4 smbgw1
[smbgw1]
path = /stornext/gw1
admin users = @domain users
public = no
writable = yes
Multiple users and groups can be added as well.
M660:upm660> share change smb smbgw1 admin users = bob ross @happy trees
Share smbgw1 successfully changed
M660:upm660> share show
1 shares:
1: smbgw1 | smb | /stornext/gw1 | admin users = bob ross @happy trees,public = no,writable = yes |
M660:upm660> shell-escape
bash-4.1# cat /etc/samba/smb.conf | grep -A 4 smbgw1
[smbgw1]
path = /stornext/gw1
admin users = bob ross @happy trees
public = no
writable = yes
Also currently at this code level, we limit how many charcters you can pass to the share change command.
M660:upm660> system show version
Quantum M660 SN-NAS 5.2.2-15925 1.1.0-4460
M660:upm660> share change smb gw1 admin users = bob ross @happy trees @Go out on a limb -- thats where the fruit is @we dont make mistakes we just have happy accidents
Error: DataError('value too long for type character varying(128)\n',) (E-1001)
However the share doesn't get updated.
[gw1]
path = /stornext/gw1
admin users = bob ross @happy trees @Go out on a limb -- thats where the fruit is
It is possible to manually edit the smb.conf file.
#Editing the gw1 share in smb.conf
[gw1]
path = /stornext/gw1
admin users = bob ross @happy trees @Go out on a limb -- thats where the fruit is @we dont make mistakes we just have happy accidents
public = no
writable = yes
ea support = 1
store dos attributes = 1
map archive = 0
map hidden = 0
map system = 0
inherit permissions = 1
inherit acls = 1
map acl inherit = 1
vfs objects = acl_xattr snfs
acl_xattr:ignore system acls = 1
snfs:managed = True
#Restarting services here
M660:upm660> system restart services all
Stopping all services . . .
smbd stop/waiting
console stop/waiting
snnas_controller stop/waiting
Starting all services . . .
snnas_controller start/running, process 22645
console start/running, process 22860
smbd start/running, process 22874
#Showing the smb.conf doesn't revert back
[gw1]
path = /stornext/gw1
admin users = bob ross @happy trees @Go out on a limb -- thats where the fruit is @we dont make mistakes we just have happy accidents
public = no
writable = yes
##Bug to track the 128 character issue
http://bo.quantum.com/bugzilla/show_bug.cgi?id=61267
This page was generated by the BrainKeeper Enterprise Wiki, © 2018 |