IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
This patch removes all of the files from the samba tree that should now
be provided by the cifs-utils package. It also drops a
"README.cifs-utils" into the topdir with a URL to the main cifs-utils
webpage. This is for people who don't want the lists and might be taken
by surprise by the change. That's optional, but I think it's a good idea
for a least a release or two.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Supports negated arguments in configuration like:
full_audit:success = all !readdir !telldir !closedir
Update the manpage accordingly.
Part of BSO#4025
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
Thanks to the Debian samba package maintainers
<pkg-samba-maint@lists.alioth.debian.org> for providing the patch!
Fix bug #7017 (Typos and spelling errors in manpages).
Karolin
Change since last post:
- fix build error due to superfluous </para> tag.
- ensure it builds fine.
Also add a section on INODE NUMBERS that discusses inode numbers more
thoroughly and add reference to it in "nounix" and "noserverino"
options.
Thanks to Jeff Layton for explaining those details.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
When something in the cluster blocks, it can happen that we wait indefinitely
long for ctdb, just adding to the blocking condition. In theory, nothing should
block, but as someone said "In practice the difference between theory and
practice is larger than in theory". This adds a timeout parameter in seconds,
after which we stop waiting for ctdb and panic.
This is necessary because MIT 1.5 can't deal with certain types (Tree Root) of
transitive AD trusts. The workaround is to add a [capaths] directive to
/etc/krb5.conf, which we don't automatically put into the krb5.conf winbind
creates.
The alternative would have been something like a "krb5 conf include", but I
think if someone has to mess with /etc/krb5.conf at this level, it should be
easy to add the site-local KDCs as well.
Next alternative is to correctly figure out the [capaths] parameter for all
trusted domains, but for that I don't have the time right now. Sorry :-)
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
cifs.upcall takes a "-c" flag that tells the upcall to get a principal
in the form of "cifs/hostname.example.com@REALM" instead of
"host/hostname.example.com@REALM". This has turned out to be a source of
great confusion for users.
Instead of requiring this flag, have the upcall try to get a "cifs/"
principal first. If that fails, fall back to getting a "host/"
principal.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Some recent versions of Inkscape (0.47 or around) have bug when export file name
is treated as relative against the directory of original .svg if it wasn't specified
as an absolute path. Fix it by always using absolute paths during conversion.
For some users who are used to smbclient, it is not clear that
mount.cifs never uses smb.conf for configuring client specific
parameters. So, let's add this information to mount.cifs man page.
Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de>
